Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with priCeochOp and cannot remove it


  • This topic is locked This topic is locked
11 replies to this topic

#1 desireeleigh

desireeleigh

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 July 2014 - 04:11 PM

Google chrome had ads and popups, all say "Ad by priCeochOp" and has not been detected or fixed by malwarebytes or avast.  User survey webpages also popup.  Searching via google brings up many "sponsored links"  all sponsored by priCeochOp as well.  Please help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Kyle at 14:02:20 on 2014-07-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4094.2097 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\D-Link\DWA-552 revA\wirelesscm.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mWinlogon: Userinit = userinit.exe,
BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - <orphaned>
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-552 revA\wirelesscm.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07DE028C-549E-4872-8FFB-2634497A973F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A300125C-9EDA-482D-B2E8-3A9BB4BB2F40} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-17 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-17 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-17 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-17 427360]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2014-1-21 26624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-17 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-17 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-17 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-17 50344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-18 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-18 860472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-1-29 245760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-18 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-18 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-1-28 520416]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe [2014-1-21 954368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-11 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-11 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-24 1255736]
.
=============== Created Last 30 ================
.
2014-07-18 16:44:58 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-18 16:43:45 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-18 16:43:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-18 16:43:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-18 16:43:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-18 16:43:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 16:43:19 -------- d-----w- C:\Users\Kyle\AppData\Local\Programs
2014-07-18 10:39:16 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55C61A56-387D-4A95-A14C-5D329260B9CD}\mpengine.dll
2014-07-18 06:34:18 -------- d-----w- C:\Users\Kyle\AppData\Roaming\AVAST Software
2014-07-18 06:33:32 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-07-18 06:33:32 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-18 06:33:32 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-07-18 06:33:31 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-18 06:33:31 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-18 06:33:31 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-18 06:33:30 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-18 06:33:27 43152 ----a-w- C:\Windows\avastSS.scr
2014-07-18 06:31:21 -------- d-----w- C:\Program Files\AVAST Software
2014-07-18 06:30:06 -------- d-----w- C:\ProgramData\AVAST Software
2014-07-11 16:09:43 -------- d-----w- C:\ProgramData\MySearch
2014-07-11 16:09:41 -------- d-----w- C:\Program Files (x86)\MySearch
2014-07-11 16:09:31 -------- d-----w- C:\ProgramData\StunningSoftware
2014-07-11 16:09:15 -------- d-----w- C:\ProgramData\Adblocker
2014-07-11 16:09:11 -------- d-----w- C:\Users\Kyle\AppData\Local\Packages
2014-07-11 16:09:09 -------- d-----w- C:\Users\Kyle\AppData\Local\Torch
2014-07-11 16:09:09 -------- d-----w- C:\Users\Kyle\AppData\Local\Chromatic Browser
2014-07-11 16:09:09 -------- d-----w- C:\ProgramData\7fc97d95671d280
2014-07-11 16:09:08 -------- d-----w- C:\Users\Kyle\AppData\Local\Comodo
2014-07-11 16:08:51 -------- d-----w- C:\ProgramData\InstallMate
2014-06-21 02:39:49 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Injustice
.
==================== Find3M  ====================
.
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-07 23:55:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 14:03:00.99 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:28 AM

Posted 18 July 2014 - 04:34 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#3 desireeleigh

desireeleigh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 July 2014 - 05:23 PM

OTL logfile created on: 18/07/2014 3:10:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kyle\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.17% Memory free
8.00 Gb Paging File | 5.92 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 282.49 Gb Free Space | 72.34% Space Free | Partition Type: NTFS
Drive D: | 540.89 Gb Total Space | 261.77 Gb Free Space | 48.40% Space Free | Partition Type: NTFS
 
Computer Name: PC-KARL | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/18 15:09:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Downloads\OTL.exe
PRC - [2014/07/17 23:33:26 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/17 23:33:26 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/15 19:28:18 | 000,542,912 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/07/15 19:28:16 | 001,753,280 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/06/05 06:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/09 22:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/14 13:24:24 | 000,517,440 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-552 revA\wirelesscm.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/17 23:33:26 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/17 23:33:26 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/15 19:28:28 | 002,139,328 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/07/15 19:28:18 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/07/11 17:53:26 | 001,116,672 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/07/11 17:53:26 | 000,438,784 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/07/11 17:53:26 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/07/11 17:53:26 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/07/08 08:18:04 | 014,663,856 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
MOD - [2014/06/26 15:40:28 | 000,764,416 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/06/05 06:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 06:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 06:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 06:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 06:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/01 16:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/28 17:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2014/01/20 11:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 11:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/09 22:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/09 22:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/10/07 14:58:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-552 revA\WlanDll.dll
MOD - [2009/09/08 16:04:32 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-552 revA\WLanWps.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/17 23:33:26 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/06/18 17:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/06 14:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/12/06 13:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/15 19:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/01/28 23:27:58 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/26 17:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/18 14:27:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/17 23:33:45 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/17 23:33:27 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/17 23:33:27 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/17 23:33:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/17 23:33:27 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/07/17 23:33:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/17 23:33:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/17 23:33:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/12/06 14:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/06 13:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/24 07:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/03/18 14:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 11:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/21 09:13:24 | 001,601,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/15 01:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV - [2014/01/21 07:44:43 | 000,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 3B 1D 84 B5 16 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/17 23:33:28 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Angry Birds = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjfcaidjgliiondlcphnpgeeiobljoh\3.9\
CHR - Extension: Google Wallet = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm File not found
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm File not found
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm File not found
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07DE028C-549E-4872-8FFB-2634497A973F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A300125C-9EDA-482D-B2E8-3A9BB4BB2F40}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/18 09:44:58 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/18 09:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/18 09:43:45 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/18 09:43:45 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/18 09:43:45 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/18 09:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/18 09:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/18 09:43:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Programs
[2014/07/17 23:34:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\AVAST Software
[2014/07/17 23:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/07/17 23:33:32 | 001,041,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/07/17 23:33:32 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/07/17 23:33:31 | 000,427,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/07/17 23:33:31 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/07/17 23:33:30 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/07/17 23:33:29 | 000,307,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/07/17 23:33:27 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/17 23:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/07/17 23:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/07/11 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MySearch
[2014/07/11 09:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySearch
[2014/07/11 09:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\StunningSoftware
[2014/07/11 09:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adblocker
[2014/07/11 09:09:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Packages
[2014/07/11 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Torch
[2014/07/11 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Chromatic Browser
[2014/07/11 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\7fc97d95671d280
[2014/07/11 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Comodo
[2014/07/11 09:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/06/22 18:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/06/22 18:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/06/20 19:39:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Injustice
[2014/06/20 19:38:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/18 15:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/18 14:27:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/18 14:02:27 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/18 14:02:27 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/18 14:01:18 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/18 14:01:18 | 000,666,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/18 14:01:18 | 000,125,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/18 13:55:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/18 13:55:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/18 13:54:56 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/17 23:33:48 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/07/17 23:33:45 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/07/17 23:33:27 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/07/17 23:33:27 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/07/17 23:33:27 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/07/17 23:33:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/07/17 23:33:27 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/07/17 23:33:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/07/17 23:33:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/07/17 23:33:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/17 23:33:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/07/17 21:39:36 | 000,000,000 | ---- | M] () -- C:\END
[2014/07/11 09:09:09 | 000,000,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/10 09:54:11 | 000,279,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/22 19:16:00 | 000,001,493 | ---- | M] () -- C:\Users\Kyle\Desktop\mods - Shortcut.lnk
[2014/06/21 20:47:31 | 000,000,222 | ---- | M] () -- C:\Users\Kyle\Desktop\Rocksmith 2014.url
 
========== Files Created - No Company Name ==========
 
[2014/07/17 23:33:48 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/07/17 23:33:32 | 000,224,896 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/07/17 23:33:31 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/07/17 23:33:31 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/07/17 21:39:36 | 000,000,000 | ---- | C] () -- C:\END
[2014/07/11 09:09:09 | 000,000,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/06/22 19:16:00 | 000,001,493 | ---- | C] () -- C:\Users\Kyle\Desktop\mods - Shortcut.lnk
[2014/06/21 20:47:31 | 000,000,222 | ---- | C] () -- C:\Users\Kyle\Desktop\Rocksmith 2014.url
[2014/01/24 10:29:18 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2014/01/21 07:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/01/21 07:44:07 | 000,765,656 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/06 14:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/12/06 14:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 14:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 13:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 13:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/17 17:01:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\.minecraft
[2014/07/17 23:34:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVAST Software
[2014/05/15 23:15:30 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\BitComet
[2014/02/22 15:29:09 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Doublefine
[2014/06/20 19:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Injustice
[2014/05/16 18:30:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\TuxPaint
 
========== Purity Check ==========
 
 
 
< End of report >
OTL Extras logfile created on: 18/07/2014 3:10:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kyle\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.17% Memory free
8.00 Gb Paging File | 5.92 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 282.49 Gb Free Space | 72.34% Space Free | Partition Type: NTFS
Drive D: | 540.89 Gb Total Space | 261.77 Gb Free Space | 48.40% Space Free | Partition Type: NTFS
 
Computer Name: PC-KARL | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EFE5B6-05BB-4C62-92C4-7C96CB736D59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08DE13AB-3A40-4774-B4C8-9C7AA3F16726}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0DDB135D-F73A-4901-9D5A-993E265E58FE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{11379482-E90A-4903-9CCB-925094AF3B4D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{18534537-F4D6-4B06-BDA4-7EA5F09435CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{197CBBC5-4427-4754-B1F2-2F993345A844}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24BF6230-A7E3-4DA3-B939-C2F340F47A90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2871B361-AEAD-4384-A9F2-776A61C253CC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B2A86DE-69C9-4D3E-AAAB-5818FCE9ED96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2B5DFCA1-0F98-40FC-B476-409D6BF50A23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D347835-4210-45D5-8D7A-F287A1E82D1D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34A012BB-5B55-4A6F-86E6-121F9863B7E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{401BA04D-B303-4AE3-907F-0406DE88A325}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4140ED56-65E0-48AC-A11B-089291BAF1E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{44943077-6113-49F5-9C36-A11F8FBFB71A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D0DCC1E-D6EA-46DF-B3C6-48894EDF2651}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{56A79772-71E3-4FB1-806C-DD8ADB703504}" = lport=139 | protocol=6 | dir=in | app=system | 
"{59FC3937-ED41-41B5-8EA1-2A860B52510F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60CBBEC7-F88C-4DC2-972C-234D3F80F1C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D96FBDD-FF95-4654-AFD9-5D4F802BCC33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EFC0850-72F4-4E4E-88F1-CC947A84E575}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6FB14F43-C2E8-4947-8167-2DE7F9166214}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{741AE86D-101D-4148-AD10-9971A23C00CE}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{74E9E662-C051-4701-9726-6C12C4C9E813}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{7731CB87-96B8-41A4-892C-2EBBB132B9C4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7CD1CFF4-5115-45BB-9AA3-314C14AF5D2C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8812CBA2-32B9-4293-83B6-2C6B643D534D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9091D0A3-B6EC-438B-86A4-79E044BFF038}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9411FF21-B6EE-44C0-BE4F-D8A675806793}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{99D29EB9-9EEC-4A37-A9AB-F29FC4061DF3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9C737905-FCD9-4416-839D-9F7ECF7C57D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D2E6626-F514-4411-898F-6F105B119E7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9DCAC61D-1CA2-4081-BFD8-DEF118C42FB3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{A12BA8C3-A9FB-4921-98A3-56BC1115140A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A6509705-78FB-4660-9D78-4BCF8A75EEAC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{AD980FA1-3F79-4B62-9987-742700BD83F6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ADAE7A9F-D619-4095-8B82-9976738D9948}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CA2A50B5-F96B-457A-9936-6E38F7FE8145}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CB984547-4467-4482-8FAA-6E7F6433FCD2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CD735C31-48BE-4701-B1DA-8DF9BDD0D1D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CDC126F2-1722-4EE6-8429-B217FA9D1E04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D60754AE-1D17-4E98-9444-AFCD671472D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D939CE08-0F33-464C-A735-9DCFD16C9A7C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{DF840BE5-7EF0-4897-A110-4354F213A023}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DFDE9F91-4EFF-494A-908B-112C52CE829A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EAE3C749-D441-4AA6-BF4D-C0FDD3CAC0EB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F659F80D-5C2B-4478-9D5E-CC11FF4CB985}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0621DA52-C940-4D39-A6C1-A7A5B700AD1D}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
"{08638E20-3158-46B6-9BD2-E96663C4D14C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{0AB328EF-30DB-45A0-8BB2-14537F5CDFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\injusticegodsamongus_ultimateedition\disccontentpcg\injusticelauncher.exe | 
"{0B2B50CC-1068-4D61-AF04-DD56D90D5940}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0EE653E4-4F6E-44DB-9253-3E71721C264A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{10403C4C-1334-470D-B6E8-26CA9D3BE4D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{111F32F8-5A89-4900-A5C3-9A0120C1C51B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{17DD2670-60A7-4447-B15C-DE2F2BDB18B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A381B25-88FB-47DB-9FE7-1B10A3EB1D76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1C010EE7-1173-44F7-B5D1-15AD297592A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\3dmark vantage\3dmarkvantagelauncher.exe | 
"{206D9C47-0AF2-4070-81D9-877E60794258}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\the walking dead season two\thewalkingdead2.exe | 
"{2DB09405-C1D9-4965-8548-0FFEF8A2E785}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\i am alive\src\system\iamalive_game.exe | 
"{2E49ED11-019C-4752-8816-123C20175E54}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2F0216E3-E3FF-42E4-AD67-E11B6BDB41EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3257C97C-7D53-4704-B635-2BD5E545F66B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{32A477C3-132A-4A82-A001-0F4F85E91C7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{352BEAE2-369E-463F-8B8C-4873D5439B6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{392E8E12-1006-4A3C-8944-DE09E47B811E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{397D2325-3FDD-4597-BA9D-A36B622E2021}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{4947D974-DDE6-48F7-B01A-2A55FC82923E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{49827950-08DF-4AE3-AA2B-ACD8D417C90C}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe | 
"{49AC837D-9D3D-4DBC-819B-3D8F88496B34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{543C5CFC-49C6-45DE-9454-10B9E61FFD28}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe | 
"{59184DBE-1726-483E-A013-B5A13DD01807}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5E5884B2-B07B-4B05-9C27-F98A5624FB26}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{6094842C-7BD6-4465-A073-345BBD6ED18C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{60E894D3-4180-46A1-8B67-A2E7A409B805}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\thecave\cave.exe | 
"{6A2737A4-2CE9-4560-A31F-51527776193E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{6A7A4C94-D98D-45C3-B304-A1BB32608B39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\injusticegodsamongus_ultimateedition\disccontentpcg\injustice.exe | 
"{6AAA1C3C-50C3-41DA-BD8C-CA369C5C2FA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C28C9F0-D206-40F5-A52A-5FAE6225C402}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\thecave\cave.exe | 
"{6DFC7452-8C04-42F9-810A-A8D173AAAA2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F4424E4-458F-4E51-A841-22A6F256E6A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77E10161-0CF5-4538-A0C1-6D3E28EEEFFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{81992482-9F5C-4C4A-BC7B-00E30F289FAD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{9CF4DC03-0C7D-4C32-89F3-286AE119F954}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\rocksmith2014\rocksmith2014.exe | 
"{9D980D8C-2491-4BB6-87F1-08D8E435341B}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\i am alive\src\system\iamalive_game.exe | 
"{A23542A8-168F-4859-A419-88BE25362F46}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{A37ECD80-8ACC-4512-B28A-1655CD3B9A94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A68A4A89-0808-465C-A5E3-F1E7CFDF953C}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{AADA9730-014C-4C78-B778-63DC8FFDE9C3}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{AED4043D-BA90-4CDB-ACC7-43C8A7CCB672}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AEE75848-4828-433B-86E2-BC3931122D61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\3dmark vantage\3dmarkvantagelauncher.exe | 
"{B46D0BE1-27B1-4E63-BCB4-21393C618FF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B59393D0-756F-40E4-AA17-6B07677BA29D}" = protocol=6 | dir=out | app=system | 
"{B59AB067-2FAC-4D13-855C-8ABB6401C619}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BBB1DFD0-BF6E-46A0-9778-23231E652B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\injusticegodsamongus_ultimateedition\disccontentpcg\injustice.exe | 
"{BE8E28F3-380E-4786-87EC-B43B96F14857}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\injusticegodsamongus_ultimateedition\disccontentpcg\injusticelauncher.exe | 
"{C26ADBE9-3DC3-4E61-B3A4-FB6CD2428612}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C68901AC-DA31-40C5-AE57-26E2F989B05E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC45DB1C-5381-4B47-86A9-7F98C4BDA7DE}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CDD1878F-EC0F-475C-9B67-55C8A29CB83A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DB5A72F6-3D22-429D-8D9A-D0334B6572F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DEBC7939-DA33-43BC-B842-BC1AB9A2AEEF}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{E26F1F24-A811-461A-A702-51133D425506}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{E5F281CE-2FDA-43CB-A988-38C0F2562032}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE9FAB5D-7860-4FCB-B100-757E3C245A25}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
"{F385646B-ACB3-43DC-8AF3-7F77C50F2740}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{F79AC72C-6825-4540-89E3-136BE85F221B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F9229830-FDBB-45BA-9AF2-AD45BDE3688E}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\the walking dead season two\thewalkingdead2.exe | 
"{FA53BFE6-6F73-437F-8FC6-6FF04DA18C2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FB28E4A7-5051-418D-9DCA-0D755A093D0A}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\rocksmith2014\rocksmith2014.exe | 
"TCP Query User{08979629-05CC-4FCC-80B5-FCE87CFA440F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{8B762BE7-A701-4ACA-8BD3-039D3A706571}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{678A75C7-5953-B109-57EE-46C7BA4C29C1}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9D20916D-C1E9-4E39-9723-13D200D87C40}" = iTunes
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032DC00A-51D1-4D28-BFB7-1D0E85291E11}" = Futuremark SystemInfo
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-552
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"Avast" = avast! Free Antivirus
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Steam" = Steam
"Steam App 205250" = 3DMark Vantage
"Steam App 214250" = I Am Alive
"Steam App 220160" = Trials Evolution Gold Edition
"Steam App 221680" = Rocksmith 2014
"Steam App 221810" = The Cave
"Steam App 242700" = Injustice: Gods Among Us Ultimate Edition
"Steam App 261030" = The Walking Dead: Season Two
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay 
"Tux Paint_is1" = Tux Paint 0.9.21c
"Uplay" = Uplay
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/04/2014 6:19:03 AM | Computer Name = PC-Karl | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall
 
Error - 22/04/2014 6:19:35 AM | Computer Name = PC-Karl | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall
 
Error - 27/04/2014 11:20:52 PM | Computer Name = PC-Karl | Source = Application Error | ID = 1000
Description = Faulting application name: TheWalkingDead2.exe, version: 2014.1.13.27106,
 time stamp: 0x52d46a4e  Faulting module name: TheWalkingDead2.exe, version: 2014.1.13.27106,
 time stamp: 0x52d46a4e  Exception code: 0xc0000005  Fault offset: 0x00436d94  Faulting
 process id: 0xa30  Faulting application start time: 0x01cf626ddcbace7a  Faulting application
 path: D:\SteamLibrary\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
Faulting
 module path: D:\SteamLibrary\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
Report
 Id: 19c1fd7f-ce84-11e3-930f-f128aa08a73b
 
Error - 15/05/2014 8:04:33 PM | Computer Name = PC-Karl | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 16/05/2014 8:05:33 PM | Computer Name = PC-Karl | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 21/05/2014 7:24:40 PM | Computer Name = PC-Karl | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 25/05/2014 3:11:53 PM | Computer Name = PC-Karl | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 02/06/2014 11:35:18 PM | Computer Name = PC-Karl | Source = Application Hang | ID = 1002
Description = The program 3DMarkVantage.exe version 1.1.0.0 stopped interacting 
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 23b4    Start
 Time: 01cf7edccf8e7072    Termination Time: 14    Application Path: C:\Program Files (x86)\Steam\steamapps\common\3DMark
 Vantage\3DMarkVantage.exe    Report Id: 1229c5a2-ead0-11e3-999f-d9014e8fd00c  
 
Error - 28/06/2014 1:33:25 PM | Computer Name = PC-Karl | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 7.0.600.19, time stamp:
 0x536a95c6  Faulting module name: glass.dll, version: 0.0.0.0, time stamp: 0x536aac1f
Exception
 code: 0xc0000005  Fault offset: 0x00001035  Faulting process id: 0x13d8  Faulting application
 start time: 0x01cf92f4b76a340c  Faulting application path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Faulting
 module path: C:\Program Files (x86)\Java\jre7\bin\glass.dll  Report Id: 4e8a9b39-feea-11e3-b346-e575d683853d
 
Error - 18/07/2014 12:40:08 AM | Computer Name = PC-Karl | Source = Application Hang | ID = 1002
Description = The program Player_Setup.exe version 0.0.0.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 118c    Start
 Time: 01cfa2424043035e    Termination Time: 0    Application Path: C:\Users\Kyle\Downloads\Player_Setup.exe
 
Report
 Id:   
 
[ Media Center Events ]
Error - 31/01/2014 11:03:28 PM | Computer Name = PC-Karl | Source = MCUpdate | ID = 0
Description = 7:03:28 PM - Error connecting to the internet.  7:03:28 PM -     Unable
 to contact server..  
 
Error - 31/01/2014 11:03:35 PM | Computer Name = PC-Karl | Source = MCUpdate | ID = 0
Description = 7:03:33 PM - Error connecting to the internet.  7:03:33 PM -     Unable
 to contact server..  
 
Error - 02/02/2014 12:14:28 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:14:33 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:14:38 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:14:46 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:14:54 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:15:00 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:15:06 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 02/02/2014 12:15:15 AM | Computer Name = PC-Karl | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
[ System Events ]
Error - 14/07/2014 12:16:41 PM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 14/07/2014 9:17:41 PM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 15/07/2014 1:01:10 PM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 16/07/2014 7:42:22 PM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 18/07/2014 4:19:05 AM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 18/07/2014 4:19:05 AM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 18/07/2014 4:20:26 AM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 18/07/2014 1:17:57 PM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 18/07/2014 4:17:46 PM | Computer Name = PC-Karl | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 18/07/2014 4:57:22 PM | Computer Name = PC-Karl | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
 
< End of report >


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:28 AM

Posted 19 July 2014 - 01:29 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click the I Agree button to continue.
  • Click on Scan and, once complete, click on Report and let me have the contents of the text that opens.
  • A copy of the text file will also be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.


So long, and thanks for all the fish.

 

 


#5 desireeleigh

desireeleigh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 19 July 2014 - 04:34 PM

Thank you so much for your time and help.  There is a great deal it is asking me to remove, I have not done anything except copy the contents of the txt file.

 

# AdwCleaner v3.216 - Report created 19/07/2014 at 14:30:10
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kyle - PC-KARL
# Running from : C:\Users\Kyle\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
File Found : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\MySearch
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\MySearch
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjfcaidjgliiondlcphnpgeeiobljoh
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjfcaidjgliiondlcphnpgeeiobljoh
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjfcaidjgliiondlcphnpgeeiobljoh
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Kyle\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjfcaidjgliiondlcphnpgeeiobljoh
Folder Found : C:\Users\Kyle\AppData\Local\torch
Folder Found : C:\Users\Mcx1-PC-KARL\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Mcx1-PC-KARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjfcaidjgliiondlcphnpgeeiobljoh
Folder Found : C:\Users\Mcx1-PC-KARL\AppData\Local\torch
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : ljjfcaidjgliiondlcphnpgeeiobljoh
 
*************************
 
AdwCleaner[R0].txt - [3559 octets] - [19/07/2014 14:30:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3619 octets] ##########


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:28 AM

Posted 19 July 2014 - 04:59 PM

Let it remove what it finds and then tell me if that has resolved the issue.


So long, and thanks for all the fish.

 

 


#7 desireeleigh

desireeleigh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 19 July 2014 - 05:23 PM

Yes, that appears to have resolved the problem. Thank you so much!



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:28 AM

Posted 20 July 2014 - 01:42 PM

Good evening. :)

A little housekeeping and you should be good to go.

 

 

You are running an old version of Sun Java which needs updating:

  • Go here and click on the appropriate link, either Windows Offline (32-bit) or Windows Offline (64-bit) depending on your operating system, in the Windows section near the top.
  • Save the file somewhere accessible and, once downloaded, double click the file to install the latest version of Java.
  • I suggest that you save the installation file, as long as you have the disc space, as it will save you downloading it again should you need to reinstall for some reason. You can also use it on any other computers you have to save bandwidth.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL
    O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
    O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No CLSID value found.
    O8:64bit: - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm File not found
    O8:64bit: - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm File not found
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm File not found
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm File not found
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

 

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.

Note: Copies of the logs can be found in the  C:\_OTL\MovedFiles folder - open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

 

 


So long, and thanks for all the fish.

 

 


#9 desireeleigh

desireeleigh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 20 July 2014 - 10:52 PM

Thank you again.  I did the Java update but I'm not sure it worked, it seemed to just keep telling me it was out of date and I needed to install it.

 

Here are the contents of the OTL log.

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kyle\Downloads\cmd.bat deleted successfully.
C:\Users\Kyle\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
 
User: HomeGroupUser$
 
User: Kyle
->Temp folder emptied: 85494566 bytes
->Temporary Internet Files folder emptied: 193797441 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 446439819 bytes
->Flash cache emptied: 456 bytes
 
User: Mcx1-PC-KARL
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 78063 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 221497212 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43276585 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 945.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guest
 
User: HomeGroupUser$
 
User: Kyle
->Flash cache emptied: 0 bytes
 
User: Mcx1-PC-KARL
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07202014_204634
 
Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:28 AM

Posted 21 July 2014 - 12:32 PM

Good evening. :)

Pay a visit to this page for a tutorial and download link for JavaRa. This will completely remove Java from your system. Then run the installer again and see if that settles things down.


So long, and thanks for all the fish.

 

 


#11 desireeleigh

desireeleigh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 21 July 2014 - 01:33 PM

After complaining to you, it seemed to finally work.  I have run the tool that detects what version I am running and it says I am up to date, and old versions have been uninstalled.  Thank you again for your help!



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:28 AM

Posted 21 July 2014 - 02:25 PM

After complaining to you, it seemed to finally work.

 

It's a mystery how I do it, you know. As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users