Nick

[Nick]

How is your mouse holding up ?

 

[Darol Wester]

I see more Funmood here.

# AdwCleaner v2.113 - Logfile created 02/24/2013 at 19:06:05
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Wester - OWNER-71B831874
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Wester\Desktop\aaa.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc
Stopped & Deleted : WajamUpdater
Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Deleted on reboot : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Deleted on reboot : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Deleted on reboot : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\searchplugins\babylon1.xml
File Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\searchplugins\funmoods.xml
File Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\searchplugins\my-web-search.xml
File Deleted : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Wester\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Delta
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Funmoods
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\39ffxtbr@MapsGalaxy_39.com
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\FCTB
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\jetpack
Folder Deleted : C:\Documents and Settings\Wester\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Wester\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Wester\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Wester\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Wester\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Wester\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Wester\Local Settings\Application Data\Zoom_Downloader
Folder Deleted : C:\Documents and Settings\Wester\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Documents and Settings\Wester\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\868ddcb135be17
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\FCTB000100297
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\RewardsArcade
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\868ddcb135be17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.FCTB000100297Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.FCTB000100297Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Key Deleted : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3007394
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\FCTB000100297
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119351&babsrc=NT_ss&mntrId=c0c559bf000000000000001aa094a4b3 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\prefs.js

C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1357004385);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1357004385");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1357004385");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Tue Jan 01 2013 11:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Tue Jan 08 2013 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1357068929");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221356061409%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221356061409%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22126016%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1357068928153");
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "46");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Tue Jan 01[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 10);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,64,72,4,1,21,[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 22);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 46);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13bf3c3ac77dd3776b34cd56addedb4f");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1357004385);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22617815);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22617816);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.enabledAddons", "39ffxtbr%40MapsGalaxy_39.com:2.50.0.51712,ffxtlbr%40funmoods.[...]
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "275F19DFB56B4DD69CF075AA313B4DC3");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "001AA094A4B359BF");
Deleted : user_pref("extensions.funmoods.instlDay", "15628");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:16:55");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:16:55");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:16:55");
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Funmoods");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://serp.freecause.com/?ourmark=3&sid=100297&q=")[...]
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Funmoods");
Deleted : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._39Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://m[...]
Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.ClearCacheDate", 1);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DNSCatch", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DisplayEULA", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.EBOMode", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.FirstLaunchShown", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.InstallDomain", "freecause.com");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.InstallType", "standard");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.LoadLayoutDate.100297", 1);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.ShowRecommendedOptions", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.StateReportDate", "1357004401252");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeInstallSaved", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeinstall.homepage", "chrome%3A//branding/l[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeinstall.search", "Google");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.customNewTab", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.helpUsImprove", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.hideOthers", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.partnerauth", false);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.processAddrBar", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.restoreSearch", false);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.searchHistory", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.session", "295EBEF661F264D2E9EF8EB31279FBDB3BE2[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.showFirstLaunchOptions", false);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.tb_lang", "en");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.tool_id", "100297");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_id", "122020266");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_key", "d8e9603f5b6391dbde70185fef60fbc6471[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_layouts", "100297");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_lnames", "SocialRibbons%20LP5");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=658B9B45[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Wester\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.25] : keyword = "search.conduit.com",
Deleted [l.28] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN12[...]
Deleted [l.646] : homepage = "hxxp://search.conduit.com/?CUI=UN12792764643024963&ctid=CT3279141&SearchSource=48",
Deleted [l.862] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN12792764643024963&ctid=CT327[...]

*************************

AdwCleaner[S1].txt - [37922 octets] - [24/02/2013 19:06:05]

########## EOF - C:\AdwCleaner[S1].txt - [37983 octets] ##########

 

[Darol Wester]

Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Wester on Sun 02/24/2013 at 19:20:31.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\searchengineprotection
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\Wester\Application Data\FCTB000100297
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Application Data\bargainmatch"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Application Data\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Application Data\televisionfanatic"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Wester\Local Settings\Application Data\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Program Files\privacysafeguard"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\privacy safeguard"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/24/2013 at 19:28:42.87
End of JRT log

 

[Darol Wester]

OTL produced only one report that I can see. I ran it twice to see if I missed something, but still only this report.

OTL logfile created on: 2/24/2013 7:33:36 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Wester\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.73% Memory free
3.84 Gb Paging File | 2.91 Gb Available in Paging File | 75.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 25.44 Gb Free Space | 34.17% Space Free | Partition Type: NTFS

Computer Name: OWNER-71B831874 | User Name: Wester | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/24 19:01:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wester\Desktop\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/30 14:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/09/26 15:12:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/11 18:40:30 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/01/12 18:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/24 13:35:02 | 002,063,360 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13022401\algo.dll
MOD - [2011/05/27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/01/12 17:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 17:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/11/12 08:23:44 | 000,330,584 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/11/09 18:45:18 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2009/04/22 13:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 15:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 14:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 14:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 14:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 14:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 14:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 14:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 14:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 14:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 14:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/03/09 12:31:04 | 000,561,152 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\Scanner\hpotscl.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/16 09:38:36 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/26 15:12:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003/03/09 12:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wester\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wester\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wester\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/10/30 14:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 14:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 14:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 14:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 14:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 14:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 14:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/08 13:35:59 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/08 13:35:59 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/01/03 20:04:42 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/11/09 18:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/09 18:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/07 16:26:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/08/25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/08/25 14:45:28 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/05/02 15:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sisqtel.net/
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{30CFB165-2CF1-7712-E58F-3A8DBE9E3CFA}: "URL" = http://www.incredimail-start.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-428-0-2mvZP
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{4C88943D-6D33-44E1-A4AA-8513CDF0FD70}: "URL" = http://www.amazon.com/gp/bit/amazonserp/ref=bit_f_abba_serp_ie_us_display?ie=UTF8&ie=UTF8&tag=abba-serp-us-ie-20&tagbase=abba&query={searchTerms}
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{8AAAD4E0-BC8D-4D5D-9BB1-84FFA75BE92F}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{A7074310-4059-46BB-976E-7A06E7573070}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GZAZ_en
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{D591FBDA-7BFF-4C48-85EF-4189AC549A0C}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GZAZ_en
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2010/11/06 12:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Extensions
[2010/01/09 06:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/02/24 19:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions
[2013/02/21 19:43:31 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/02/16 09:37:41 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/02/16 09:37:28 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\getsavin@jetpack
[2011/12/26 20:19:26 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/02/21 19:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\chrome
[2013/02/21 19:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\defaults
[2013/02/21 19:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\locale
[2013/02/21 19:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\skin
[2013/02/21 19:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\chrome\content\extensionCode
[2012/12/31 17:46:08 | 000,216,743 | ---- | M] () (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/01/01 11:35:14 | 000,555,412 | ---- | M] () (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\{3fe6b000-fd7d-a4e4-edda-ef3dc5c7f32c}.xpi
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\39FFXTBR@MAPSGALAXY_39.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========


O1 HOSTS File: ([2013/02/24 07:05:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (SocialRibbons LP5) - {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files\SocialRibbons LP5\Toolbar.dll ()
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004..\Run: [GoogleChromeAutoLaunch_68C5A8428529928452A60A8F37F8FE9D] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1352645896906 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB5D392-0969-4012-A619-931FF8F7F152}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wester\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wester\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 18:38:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/24 19:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/24 19:19:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/24 19:18:50 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Wester\Desktop\JRT.exe
[2013/02/24 19:18:39 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Wester\Desktop\JRTasd.exe
[2013/02/24 18:52:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wester\Desktop\OTLaaa.exe
[2013/02/24 12:41:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/24 11:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/02/24 06:48:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wester\Recent
[2013/02/23 21:03:36 | 000,000,000 | ---D | C] -- C:\found.000
[2013/02/23 20:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Start Menu\Programs\Revo Uninstaller
[2013/02/23 19:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Start Menu\Programs\HiJackThis
[2013/02/23 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2013/02/23 19:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Max Uninstaller
[2013/02/23 19:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Max Uninstaller
[2013/02/23 08:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Application Data\ElevatedDiagnostics
[2013/02/23 08:07:20 | 000,000,000 | ---D | C] -- C:\MATS
[2013/02/23 08:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/23 08:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/02/23 06:55:37 | 005,034,320 | R--- | C] (Swearware) -- C:\Documents and Settings\Wester\Desktop\ComboFix.exe
[2013/02/22 22:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\ Online Backup
[2013/02/22 18:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Application Data\PriceGong(2)
[2013/02/22 10:00:09 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/02/21 19:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2013/02/21 19:25:08 | 000,000,000 | ---D | C] -- C:\avast! sandbox(2)
[2013/02/21 05:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\My Documents\mbar
[2013/02/17 19:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Local Settings\Application Data\ESET
[2013/02/17 19:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/02/16 09:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Local Settings\Application Data\getsavin

========== Files - Modified Within 30 Days ==========

[2013/02/24 19:18:53 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Wester\Desktop\JRT.exe
[2013/02/24 19:18:41 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Wester\Desktop\JRTasd.exe
[2013/02/24 19:07:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/24 19:07:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/02/24 19:05:18 | 000,594,019 | ---- | M] () -- C:\Documents and Settings\Wester\Desktop\aaa.exe
[2013/02/24 19:01:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wester\Desktop\OTL.exe
[2013/02/24 18:52:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wester\Desktop\OTLaaa.exe
[2013/02/24 18:48:14 | 000,000,326 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2013/02/24 18:38:49 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2013/02/24 18:37:25 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Wester\Desktop\Microsoft Office Word 2007 (2).lnk
[2013/02/24 17:32:52 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/02/24 17:31:19 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/02/24 07:05:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/23 20:12:14 | 000,694,288 | ---- | M] () -- C:\Documents and Settings\Wester\Desktop\HiJackThis.zip
[2013/02/23 06:56:45 | 005,034,320 | R--- | M] (Swearware) -- C:\Documents and Settings\Wester\Desktop\ComboFix.exe
[2013/02/22 22:20:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/22 20:04:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/21 19:48:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/21 19:48:58 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/17 18:00:09 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Wester\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/16 09:38:37 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/13 17:55:10 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 07:28:12 | 000,436,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 07:28:12 | 000,069,116 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/11 11:56:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce0891d19a575a.job
[2013/02/02 19:51:34 | 001,101,824 | ---- | M] () -- C:\Documents and Settings\Wester\My Documents\RECIPES11.accdb
[2013/02/02 19:51:10 | 001,101,824 | ---- | M] () -- C:\Documents and Settings\Wester\My Documents\RECIPES12.accdb

========== Files Created - No Company Name ==========

[2013/02/24 19:05:18 | 000,594,019 | ---- | C] () -- C:\Documents and Settings\Wester\Desktop\aaa.exe
[2013/02/23 20:12:12 | 000,694,288 | ---- | C] () -- C:\Documents and Settings\Wester\Desktop\HiJackThis.zip
[2013/02/12 14:25:33 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/11 11:56:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce0891d19a575a.job
[2012/12/26 10:43:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2012/12/26 10:33:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Core Data Application
[2012/12/26 10:33:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Configure Folder Actions
[2012/12/26 10:33:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2012/12/26 10:33:49 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectoryService
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\CustomDataViews
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contextual Menu Items
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Console
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Conditionals
[2012/12/26 10:32:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2012/12/26 10:32:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2012/12/26 10:32:49 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2012/12/26 10:32:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Devices
[2012/12/26 10:32:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2012/12/26 10:32:20 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Flange Saw
[2012/12/26 10:32:20 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Digital Light
[2011/12/10 17:17:38 | 000,001,170 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2011/12/10 17:17:32 | 000,001,170 | ---- | C] () -- C:\WINDOWS\dhstatus.dat
[2011/12/10 17:13:07 | 000,000,894 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2011/10/20 18:59:37 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/10/20 18:59:37 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/09 18:59:04 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Wester\Application Data\.backup.dm
[2011/09/09 06:53:43 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/08/04 14:37:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/13 17:20:36 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Wester\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 07:36:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/19 14:40:25 | 000,004,986 | ---- | C] () -- C:\Documents and Settings\Wester\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2010/10/05 12:47:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/25 12:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/10/19 05:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/24 16:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/14 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/12/26 10:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2013/02/17 19:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/12/13 20:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/11/15 17:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/11/15 17:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/11/09 20:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2011/01/03 20:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medtronic
[2012/12/26 13:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2013/01/12 16:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/11/25 15:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon
[2010/03/27 13:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/22 16:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2010/06/16 18:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/11/10 10:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2011/04/10 14:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC
[2012/12/26 10:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/02/28 19:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/08/15 20:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/01/01 15:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/19 18:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\AMICAS
[2011/08/04 14:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\CheckPoint
[2013/02/23 08:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\ElevatedDiagnostics
[2011/08/19 19:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\GlarySoft
[2009/11/11 15:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\ieSpell
[2011/03/13 16:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Leadertech
[2012/12/26 10:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Nikon
[2013/01/12 16:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Oberon Media
[2013/02/22 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\PriceGong(2)
[2011/03/23 12:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Sierra
[2012/12/12 16:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Simple Adblock
[2009/12/19 14:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Template
[2010/01/09 06:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\Thunderbird
[2013/01/12 15:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\VideoBuzz
[2010/10/05 12:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\WeatherBug
[2010/02/13 13:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\WildTangent

========== Purity Check ==========



< End of report >

 

[Nick]

Run OTL
• Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wester\LOCALS~1\Temp\cpuz134\cpuz134_x 32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wester\LOCALS~1\Temp\cpuz132\cpuz132_x 32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wester\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
IE - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\SearchScopes\{8AAAD4E0-BC8D-4D5D-9BB1-84FFA75BE92F}: "URL" = http://www.mysearchr...q={searchTerms}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXT ENSIONS\39FFXTBR@MAPSGALAXY_39.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXT ENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXT ENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXT ENSIONS\[email protected]
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O15 - HKU\S-1-5-21-1960408961-1801674531-725345543-1004\..Trusted Domains: netflix.com ([]* in Trusted sites)
[2013/02/22 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wester\Application Data\PriceGong(2)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans....

Download Security Check from here http://screen317.changelog.fr/SecurityCheck.exe and save it to your Desktop.
• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


Please download Farbar Service Scanner (FSS) http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
• Make sure the following options are checked:
o Internet Services
o Windows Firewall
o System Restore
o Security Center
o Windows Update
o Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassoci...T-Tools/TFC.exe
• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner http://www.eset.com/onlinescan/
• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Darol Wester]

My mouse is fine. I'm worried about my butt. Lotsa sittin.





All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File C:\DOCUME~1\Wester\LOCALS~1\Temp\cpuz134\cpuz134_x 32.sys not found.
Service cpuz132 stopped successfully!
Service cpuz132 deleted successfully!
File C:\DOCUME~1\Wester\LOCALS~1\Temp\cpuz132\cpuz132_x 32.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Wester\LOCALS~1\Temp\catchme.sys not found.
Service AFGMp50 stopped successfully!
Service AFGMp50 deleted successfully!
File System32\Drivers\AFGMp50.sys not found.
Registry key HKEY_USERS\S-1-5-21-1960408961-1801674531-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8AAAD4E0-BC8D-4D5D-9BB1-84FFA75BE92F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AAAD4E0-BC8D-4D5D-9BB1-84FFA75BE92F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1960408961-1801674531-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry key HKEY_USERS\S-1-5-21-1960408961-1801674531-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netflix.com\ deleted successfully.
C:\Documents and Settings\Wester\Application Data\PriceGong(2)\Data(2) folder moved successfully.
C:\Documents and Settings\Wester\Application Data\PriceGong(2) folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 58264 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wester
->Temp folder emptied: 11641471 bytes
->Temporary Internet Files folder emptied: 42891670 bytes
->Java cache emptied: 1002625 bytes
->FireFox cache emptied: 59832083 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 1955 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51968 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 109744412 bytes

Total Files Cleaned = 216.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Wester
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Wester
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02252013_155749

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Darol Wester]

Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 9
Adobe Reader XI
Google Chrome 24.0.1312.57
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

 

[Darol Wester]

Farbar Service Scanner Version: 20-02-2013
Ran by Wester (administrator) on 25-02-2013 at 16:14:58
Running from "C:\Documents and Settings\Wester\Local Settings\Temporary Internet Files\Content.IE5\UH2BI9FM"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================

 

[Nick]

Did Eset find anything ?
Almost there Darol , Confuser running better ?
I'll look over these logs and post back .
Nick

 

[Darol Wester]

ESET did find one thing and I saved it to Desktop. When I went there to send it on, it wasn't there anymore. It took close to 2 hours to run. Wife needs the pc tonight. If we need to run it again, let me know and I'll run it again tomorrow. If you can think of someplace else it might have went, I'll take a look.

Confusers running much better.

 

[Nick]

Run again tomorrow . That is the best virus scanner out there .

 

[Nick]

FSS log is incomplete though.
Please redo/repost.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it. http://download.thewebatom.net/4eeb2b43dbb4b/JavaRa-1.16-16-12-11.zip

Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

 

[Darol Wester]

Farbar Service Scanner Version: 20-02-2013
Ran by Wester (administrator) on 25-02-2013 at 20:04:21
Running from "C:\Documents and Settings\Wester\Local Settings\Temporary Internet Files\Content.IE5\6HUNVY3Y"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2009-10-08 18:36] - [2008-04-13 16:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2009-10-09 02:24] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[Darol Wester]

I ran everything else you asked for. I'll have the ESET log in the morning.

 

[Darol Wester]

ESET found nothing Nick.

 

[Nick]

Good . Have a few more thing to do then were done .
Will post when i get back .

 

[Nick]

Your computer is clean .

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:


:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]


Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.


2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.


If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla....US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...nning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingc...er-safe-online/

14. Please, let me know, how your computer is doing.

 

[Darol Wester]

OTL logfile created on: 2/26/2013 4:56:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Wester\Desktop\Confuser
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.62% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 23.28 Gb Free Space | 31.26% Space Free | Partition Type: NTFS

Computer Name: OWNER-71B831874 | User Name: Wester | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/25 20:19:05 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/24 19:01:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wester\Desktop\Confuser\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/30 14:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/09/26 15:12:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/11 18:40:30 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/16 20:02:25 | 000,366,536 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2012/06/16 20:02:25 | 000,264,136 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2011/05/27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/07/06 07:45:42 | 000,427,008 | ---- | M] (Mirek Wojtowicz) -- C:\Program Files\MWSnap\MWSnap.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/25 23:20:49 | 002,064,896 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13022600\algo.dll
MOD - [2012/06/16 20:02:27 | 000,071,624 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/06/16 20:02:25 | 000,268,232 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/06/16 20:02:25 | 000,133,064 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/06/16 20:02:25 | 000,079,816 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/06/16 20:02:25 | 000,032,648 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MOD - [2011/05/27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/01/25 23:59:46 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
MOD - [2010/11/12 08:23:44 | 000,330,584 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2003/03/09 12:31:04 | 000,561,152 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\Scanner\hpotscl.dll


========== Services (SafeList) ==========

SRV - [2013/02/25 20:19:05 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/25 20:10:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/26 15:12:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003/03/09 12:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/10/30 14:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 14:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 14:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 14:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 14:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 14:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 14:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/08 13:35:59 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/08 13:35:59 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/01/03 20:04:42 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/11/09 18:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/09 18:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/07 16:26:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/08/25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/08/25 14:45:28 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/05/02 15:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sisqtel.net/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{30CFB165-2CF1-7712-E58F-3A8DBE9E3CFA}: "URL" = http://www.incredimail-start.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-428-0-2mvZP
IE - HKCU\..\SearchScopes\{4C88943D-6D33-44E1-A4AA-8513CDF0FD70}: "URL" = http://www.amazon.com/gp/bit/amazonserp/ref=bit_f_abba_serp_ie_us_display?ie=UTF8&ie=UTF8&tag=abba-serp-us-ie-20&tagbase=abba&query={searchTerms}
IE - HKCU\..\SearchScopes\{A7074310-4059-46BB-976E-7A06E7573070}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GZAZ_en
IE - HKCU\..\SearchScopes\{D591FBDA-7BFF-4C48-85EF-4189AC549A0C}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GZAZ_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2010/11/06 12:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Extensions
[2010/01/09 06:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/02/24 19:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions
[2013/02/21 19:43:31 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/02/16 09:37:41 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/02/16 09:37:28 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\getsavin@jetpack
[2011/12/26 20:19:26 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/02/21 19:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\chrome
[2013/02/21 19:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\defaults
[2013/02/21 19:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\locale
[2013/02/21 19:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\skin
[2013/02/21 19:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]\chrome\content\extensionCode
[2012/12/31 17:46:08 | 000,216,743 | ---- | M] () (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\[email protected]
[2013/01/01 11:35:14 | 000,555,412 | ---- | M] () (No name found) -- C:\Documents and Settings\Wester\Application Data\Mozilla\Firefox\Profiles\lotgrs3i.default\extensions\{3fe6b000-fd7d-a4e4-edda-ef3dc5c7f32c}.xpi
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\39FFXTBR@MAPSGALAXY_39.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WESTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LOTGRS3I.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========


O1 HOSTS File: ([2013/02/24 07:05:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (SocialRibbons LP5) - {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files\SocialRibbons LP5\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_68C5A8428529928452A60A8F37F8FE9D] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1352645896906 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB5D392-0969-4012-A619-931FF8F7F152}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wester\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wester\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 18:38:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[CLEARALLRESTOREPOINTS]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/25 20:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/25 20:19:29 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/25 20:19:28 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/25 20:19:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/25 20:19:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/25 20:19:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/25 20:19:23 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/25 20:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2013/02/25 20:01:42 | 000,000,000 | ---D | C] -- C:\rei
[2013/02/25 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/02/25 16:41:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/02/25 16:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/25 16:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Application Data\addpcs
[2013/02/25 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner
[2013/02/24 19:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/24 19:19:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/24 12:41:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/24 11:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/02/24 06:48:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wester\Recent
[2013/02/23 21:03:36 | 000,000,000 | ---D | C] -- C:\found.000
[2013/02/23 20:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Start Menu\Programs\Revo Uninstaller
[2013/02/23 19:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Start Menu\Programs\HiJackThis
[2013/02/23 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2013/02/23 19:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Max Uninstaller
[2013/02/23 19:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Max Uninstaller
[2013/02/23 08:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Application Data\ElevatedDiagnostics
[2013/02/23 08:07:20 | 000,000,000 | ---D | C] -- C:\MATS
[2013/02/23 08:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/23 08:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/02/23 06:55:37 | 005,034,320 | R--- | C] (Swearware) -- C:\Documents and Settings\Wester\Desktop\ComboFix.exe
[2013/02/22 22:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\ Online Backup
[2013/02/22 10:00:09 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/02/21 19:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2013/02/21 19:25:08 | 000,000,000 | ---D | C] -- C:\avast! sandbox(2)
[2013/02/21 05:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\My Documents\mbar
[2013/02/17 19:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Local Settings\Application Data\ESET
[2013/02/17 19:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/02/16 09:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wester\Local Settings\Application Data\getsavin

========== Files - Modified Within 30 Days ==========

[2013/02/26 16:54:28 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2013/02/26 16:54:08 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Wester\Desktop\Microsoft Office Word 2007 (2).lnk
[2013/02/26 12:28:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/02/26 07:52:44 | 000,476,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/26 07:52:44 | 000,077,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/26 06:34:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Wester\Desktop\Noname.bmp
[2013/02/25 20:19:10 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/25 20:19:03 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/25 20:19:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/25 20:19:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/25 20:19:03 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/25 20:19:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/25 20:19:01 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/25 20:10:27 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/25 20:10:26 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/25 20:10:26 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/25 20:02:22 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/02/25 20:02:20 | 000,000,326 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2013/02/25 20:01:51 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/02/25 15:59:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/25 14:31:07 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/02/25 14:30:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/02/24 07:05:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/23 06:56:45 | 005,034,320 | R--- | M] (Swearware) -- C:\Documents and Settings\Wester\Desktop\ComboFix.exe
[2013/02/22 22:20:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/22 20:04:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/21 19:48:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/21 19:48:58 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/17 18:00:09 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Wester\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/13 17:55:10 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/11 11:56:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce0891d19a575a.job
[2013/02/02 19:51:34 | 001,101,824 | ---- | M] () -- C:\Documents and Settings\Wester\My Documents\RECIPES11.accdb
[2013/02/02 19:51:10 | 001,101,824 | ---- | M] () -- C:\Documents and Settings\Wester\My Documents\RECIPES12.accdb

========== Files Created - No Company Name ==========

[2013/02/26 06:34:35 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Wester\Desktop\Noname.bmp
[2013/02/25 20:02:22 | 000,000,228 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/02/25 20:01:51 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/02/25 16:28:35 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Wester\Start Menu\Programs\Temp File Cleaner.lnk
[2013/02/12 14:25:33 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/11 11:56:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce0891d19a575a.job
[2012/12/26 10:43:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2012/12/26 10:33:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Core Data Application
[2012/12/26 10:33:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Configure Folder Actions
[2012/12/26 10:33:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2012/12/26 10:33:49 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectoryService
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\CustomDataViews
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contextual Menu Items
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Console
[2012/12/26 10:32:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Conditionals
[2012/12/26 10:32:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2012/12/26 10:32:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2012/12/26 10:32:49 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2012/12/26 10:32:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Wester\Application Data\Devices
[2012/12/26 10:32:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2012/12/26 10:32:20 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Flange Saw
[2012/12/26 10:32:20 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Digital Light
[2011/12/10 17:17:38 | 000,001,170 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2011/12/10 17:17:32 | 000,001,170 | ---- | C] () -- C:\WINDOWS\dhstatus.dat
[2011/12/10 17:13:07 | 000,000,894 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2011/10/20 18:59:37 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/10/20 18:59:37 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/09 18:59:04 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Wester\Application Data\.backup.dm
[2011/09/09 06:53:43 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/08/04 14:37:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/13 17:20:36 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Wester\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 07:36:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/19 14:40:25 | 000,004,986 | ---- | C] () -- C:\Documents and Settings\Wester\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2010/10/05 12:47:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :OTL >

< :Commands >

< [purity] >

< [emptytemp] >

< [EMPTYFLASH] >

< [emptyjava] >

< [Reboot] >

< >

< >

< End of report >

 

[Nick]

Did you paste Under the Custom Scans/Fixes box at the bottom? should see CLEARALLRESTOREPOINTS in there .


:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]


[Reboot] No need to post any more logs Darol . Confuser is clean . How is it running ?

 

[Darol Wester]

Did you paste Under the Custom Scans/Fixes box at the bottom? should see CLEARALLRESTOREPOINTS in there .


?

That I did. I saw it running the 'clear all restore points', so it was done.

This thing is working great again. I really apreciate all your help Nick. This may be the cleanest it's been since it was new.

Many, many thanks my friend!!