TechSpot

[A] Pop up ad issues

Inactive
By echow
Feb 19, 2013
  1. echow

    echow TS Rookie Topic Starter Posts: 24

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
    CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
    CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
    CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Edwin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Edwin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Edwin\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Edwin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: Tabs Join = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\binjiceocgbfooocmheaenmmcominbpe\2.1_0\
    CHR - Extension: YouTube = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Kaspersky URL Advisor = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
    CHR - Extension: Simple Window Saver = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfmklldfnlcblofkhdeoohfppdoejdc\1.4_0\
    CHR - Extension: Safe Money = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
    CHR - Extension: Flixster = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
    CHR - Extension: Content Blocker = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
    CHR - Extension: Virtual Keyboard = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
    CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.6.2_0\
    CHR - Extension: Skype Click to Call = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
    CHR - Extension: Google Maps = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
    CHR - Extension: Gmail = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Anti-Banner = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

    O1 HOSTS File: ([2013/02/19 20:10:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
    O3:64bit: - HKU\S-1-5-21-1248549332-523462300-163367360-1001\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe File not found
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [BCWipeTM Startup] C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe (Jetico, Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKU\S-1-5-21-1248549332-523462300-163367360-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1248549332-523462300-163367360-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-1248549332-523462300-163367360-1001..\Run: [Spotify Web Helper] C:\Users\Edwin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1248549332-523462300-163367360-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1248549332-523462300-163367360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbNailCache = 1
    O7 - HKU\S-1-5-21-1248549332-523462300-163367360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.13.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D0C421-14E3-4CCB-9311-DE83E9135983}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A6C8CF-5521-4104-9B60-D50272A29740}: DhcpNameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473B7BE-96BB-4768-AFA0-B670FFE4F8EC}: DhcpNameServer = 10.0.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/19 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\adawarebp
    [2013/02/19 20:47:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.exe
    [2013/02/19 20:45:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/19 20:45:07 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/19 20:44:00 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Edwin\Desktop\JRT.exe
    [2013/02/19 20:10:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/02/19 19:01:28 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\mbar
    [2013/02/19 18:33:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Edwin\Desktop\dds.com
    [2013/02/19 17:18:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/02/19 17:18:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/02/19 17:18:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/02/19 17:09:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/19 17:09:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/19 17:07:11 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Edwin\Desktop\ComboFix.exe
    [2013/02/19 17:03:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/02/19 16:46:30 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\malware logs
    [2013/02/19 16:34:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Edwin\Desktop\aswMBR.exe
    [2013/02/19 16:22:59 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\RK_Quarantine
    [2013/02/19 16:13:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Edwin\Desktop\tdsskiller.exe
    [2013/02/19 11:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/02/15 16:40:12 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Lenovo
    [2013/02/15 16:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
    [2013/02/15 16:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo
    [2013/02/15 16:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2013/02/14 16:43:17 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Malwarebytes
    [2013/02/14 16:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/14 16:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/14 16:42:34 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/02/14 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/02/13 17:55:07 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\LavasoftStatistics
    [2013/02/13 17:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2013/02/13 17:52:17 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Downloaded Installations
    [2013/02/13 17:52:03 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/13 17:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2013/02/13 17:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2013/02/13 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/13 16:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/02/07 19:22:06 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\{63DDEF3B-0856-44EF-9C6C-486CD22EA5A1}
    [2013/01/30 16:50:01 | 000,000,000 | --SD | C] -- C:\Users\Edwin\Google Drive
    [2013/01/30 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2013/01/30 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DC-Unlocker
    [2013/01/30 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\MyLifeOrganized
    [2013/01/30 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\MyLifeOrganized
    [2013/01/30 15:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyLifeOrganized
    [2013/01/30 15:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyLifeOrganized.net
    [2013/01/29 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\ooVoo Details
    [2013/01/29 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
    [2013/01/29 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
    [2013/01/25 15:45:57 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Documents\Custom Office Templates
    [2013/01/25 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2013/01/25 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2013/01/25 14:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
    [2013/01/25 14:41:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2013/01/25 14:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2013/01/25 13:54:12 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Download Manager
    [2013/01/25 13:46:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
    [2013/01/25 13:44:37 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2013/01/25 13:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2013/01/25 13:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2013/01/25 12:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
    [2013/01/21 15:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012

    ========== Files - Modified Within 30 Days ==========

    [2013/02/19 21:15:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/19 21:13:31 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/19 21:13:31 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/19 21:11:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/19 21:10:23 | 000,783,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/19 21:10:23 | 000,663,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/19 21:10:23 | 000,122,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/19 21:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/19 20:47:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.exe
    [2013/02/19 20:44:58 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Edwin\Desktop\JRT.exe
    [2013/02/19 20:37:40 | 000,587,671 | ---- | M] () -- C:\Users\Edwin\Desktop\adwcleaner0.exe
    [2013/02/19 20:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/19 20:10:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/02/19 19:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248549332-523462300-163367360-1001UA.job
    [2013/02/19 18:33:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Edwin\Desktop\dds.com
    [2013/02/19 17:17:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/02/19 17:08:39 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Edwin\Desktop\ComboFix.exe
    [2013/02/19 16:36:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Edwin\Desktop\aswMBR.exe
    [2013/02/19 16:22:08 | 000,798,208 | ---- | M] () -- C:\Users\Edwin\Desktop\RogueKiller.exe
    [2013/02/19 10:04:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248549332-523462300-163367360-1001Core.job
    [2013/02/14 16:42:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/14 16:40:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Edwin\Desktop\tdsskiller.exe
    [2013/02/13 17:52:03 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/13 09:55:06 | 000,516,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/12 00:57:26 | 000,002,227 | ---- | M] () -- C:\Users\Edwin\Desktop\Kindle.lnk
    [2013/02/02 15:55:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\MLO.lnk
    [2013/01/31 23:48:53 | 000,002,366 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/31 23:48:53 | 000,002,364 | ---- | M] () -- C:\Users\Edwin\Desktop\Google Chrome.lnk
    [2013/01/30 16:50:02 | 000,001,695 | ---- | M] () -- C:\Users\Edwin\Desktop\Google Drive.lnk
    [2013/01/29 23:47:32 | 000,141,073 | ---- | M] () -- C:\Users\Edwin\Documents\jsc close account.pdf
    [2013/01/29 14:58:06 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
    [2013/01/25 14:42:10 | 000,002,837 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2013.lnk
    [2013/01/25 14:42:10 | 000,002,807 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerPoint 2013.lnk
    [2013/01/25 14:42:09 | 000,002,789 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2013.lnk
    [2013/01/25 13:44:37 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2013/01/25 13:40:48 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2013/01/25 11:16:12 | 000,216,832 | ---- | M] () -- C:\Users\Edwin\Desktop\Print_Image_287250081111_20130107_1329878472_308372.pdf
    [2013/01/21 15:52:50 | 000,000,629 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2013/01/21 15:51:49 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk

    ========== Files Created - No Company Name ==========

    [2013/02/19 20:37:33 | 000,587,671 | ---- | C] () -- C:\Users\Edwin\Desktop\adwcleaner0.exe
    [2013/02/19 17:18:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/02/19 17:18:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/02/19 17:18:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/02/19 17:18:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/02/19 17:18:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/02/19 17:15:10 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
    [2013/02/19 16:20:41 | 000,798,208 | ---- | C] () -- C:\Users\Edwin\Desktop\RogueKiller.exe
    [2013/02/19 11:46:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2013/02/14 16:42:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/30 16:50:02 | 000,001,695 | ---- | C] () -- C:\Users\Edwin\Desktop\Google Drive.lnk
    [2013/01/30 15:57:24 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\MLO.lnk
    [2013/01/29 23:47:32 | 000,141,073 | ---- | C] () -- C:\Users\Edwin\Documents\jsc close account.pdf
    [2013/01/29 14:58:06 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
    [2013/01/25 14:45:03 | 000,002,807 | ---- | C] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerPoint 2013.lnk
    [2013/01/25 14:44:56 | 000,002,789 | ---- | C] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2013.lnk
    [2013/01/25 14:42:50 | 000,002,837 | ---- | C] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2013.lnk
    [2013/01/25 13:40:48 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2013/01/25 11:16:12 | 000,216,832 | ---- | C] () -- C:\Users\Edwin\Desktop\Print_Image_287250081111_20130107_1329878472_308372.pdf
    [2013/01/21 15:51:49 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/01/12 00:57:49 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/01/12 00:57:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2012/04/10 21:27:07 | 000,017,408 | ---- | C] () -- C:\Users\Edwin\AppData\Local\WebpageIcons.db
    [2012/04/10 15:03:45 | 000,000,017 | ---- | C] () -- C:\Users\Edwin\AppData\Local\resmon.resmoncfg
    [2012/04/09 15:38:12 | 000,000,079 | ---- | C] () -- C:\Users\Edwin\AppData\Local\CrystalDiskMark30.ini
    [2012/04/01 20:44:03 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/03/28 20:40:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/03/28 20:40:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/09/25 08:58:29 | 000,038,474 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/09/25 08:56:09 | 000,023,426 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2011/09/17 20:53:45 | 000,777,590 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
    [2011/06/24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
    [2011/04/23 20:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/04/22 22:17:21 | 000,003,584 | ---- | C] () -- C:\Users\Edwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/25 21:22:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/24 20:15:40 | 326,303,744 | ---- | C] () -- C:\Users\Edwin\Endnote X2.iso

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/04/23 20:50:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EndNote
    [2011/04/23 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PwrMgr
    [2011/06/05 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\acccore
    [2011/02/10 15:30:50 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Acronis
    [2011/06/02 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Amazon
    [2011/07/16 00:13:25 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Ashampoo
    [2011/11/07 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\calibre
    [2013/01/12 01:01:06 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\ControlCenter4
    [2013/01/30 09:56:58 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\DAEMON Tools Lite
    [2013/01/11 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Dropbox
    [2013/01/25 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\EndNote
    [2013/02/15 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\EurekaLog
    [2011/03/29 22:18:15 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\eXPert PDF 6
    [2011/06/10 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\GARMIN
    [2011/01/27 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\InterVideo
    [2011/01/25 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Leadertech
    [2011/05/20 21:17:37 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\magellangps.com
    [2013/01/30 16:11:19 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\MyLifeOrganized
    [2013/01/11 23:02:01 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Octoshape
    [2013/01/29 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\ooVoo Details
    [2011/08/31 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Opera
    [2011/05/25 12:13:41 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\passport_photo
    [2011/10/05 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\PCDr
    [2011/02/24 11:23:59 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\PwrMgr
    [2013/02/15 09:14:42 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Spotify
    [2011/04/28 12:58:11 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\TeamViewer
    [2011/04/22 23:07:43 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\uTorrent
    [2011/02/02 13:18:15 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Wi-Fi Sync

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB0AACC9

    < End of report >
     
  2. echow

    echow TS Rookie Topic Starter Posts: 24

    It seems to be running ok right now. no pop ups. I'll continue to monitor. Thanks!
     
  3. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Cool :)

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\osf - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB0AACC9
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  4. echow

    echow TS Rookie Topic Starter Posts: 24

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AcWin7Hlpr deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
    File Protocol\Handler\osf - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
    File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5011 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 52878141 bytes
    ->Flash cache emptied: 919 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Edwin
    ->Temp folder emptied: 75232227 bytes
    ->Temporary Internet Files folder emptied: 257005916 bytes
    ->Java cache emptied: 1006335 bytes
    ->FireFox cache emptied: 104624141 bytes
    ->Google Chrome cache emptied: 92386154 bytes
    ->Flash cache emptied: 3086656 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 57584 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 45452 bytes

    Total Files Cleaned = 559.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Edwin
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Edwin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02192013_232403

    Files\Folders moved on Reboot...
    C:\Users\Edwin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\FireFly(20130219210618B30).log moved successfully.
    C:\Windows\temp\integratedoffice.exe_c2rdll(20130219210618B30).log moved successfully.
    C:\Windows\temp\integratedoffice.exe_c2ruidll(20130219210618B30).log moved successfully.
    C:\Windows\temp\integratedoffice.exe_streamserver(20130219210618B30).log moved successfully.
    File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  5. echow

    echow TS Rookie Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.58
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Kaspersky Internet Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 38
    Java 7 Update 13
    Java(TM) SE Development Kit 6 Update 25
    Adobe Flash Player 11.5.502.149 Flash Player out of Date!
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Mozilla Firefox 5.0 Firefox out of Date!
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
    Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  6. echow

    echow TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 20-02-2013
    Ran by Edwin (administrator) on 19-02-2013 at 23:41:08
    Running from "C:\Users\Edwin\Desktop"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  7. echow

    echow TS Rookie Topic Starter Posts: 24

    Nope, random popups still there on chrome
     
  8. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Complete Eset scan first.
     
  9. echow

    echow TS Rookie Topic Starter Posts: 24

    I did. eset found no threats
     
  10. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    [​IMG] We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    [​IMG] Uninstall Chrome.

    1. Close all Chrome windows and tabs.
    2. Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
    3. Click Programs and Features.
    4. Double-click Google Chrome.
    5. Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
    Install fresh copy.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Still with me?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.