Inactive [A] Pop up ad issues

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Edwin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Edwin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Edwin\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Edwin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Tabs Join = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\binjiceocgbfooocmheaenmmcominbpe\2.1_0\
CHR - Extension: YouTube = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Simple Window Saver = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfmklldfnlcblofkhdeoohfppdoejdc\1.4_0\
CHR - Extension: Safe Money = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Flixster = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Content Blocker = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.6.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Google Maps = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Gmail = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Edwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/02/19 20:10:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O3:64bit: - HKU\S-1-5-21-1248549332-523462300-163367360-1001\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCWipeTM Startup] C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe (Jetico, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1248549332-523462300-163367360-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1248549332-523462300-163367360-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1248549332-523462300-163367360-1001..\Run: [Spotify Web Helper] C:\Users\Edwin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1248549332-523462300-163367360-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1248549332-523462300-163367360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbNailCache = 1
O7 - HKU\S-1-5-21-1248549332-523462300-163367360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D0C421-14E3-4CCB-9311-DE83E9135983}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A6C8CF-5521-4104-9B60-D50272A29740}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473B7BE-96BB-4768-AFA0-B670FFE4F8EC}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/19 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\adawarebp
[2013/02/19 20:47:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.exe
[2013/02/19 20:45:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/19 20:45:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/19 20:44:00 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Edwin\Desktop\JRT.exe
[2013/02/19 20:10:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/19 19:01:28 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\mbar
[2013/02/19 18:33:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Edwin\Desktop\dds.com
[2013/02/19 17:18:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/19 17:18:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/19 17:18:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/19 17:09:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/19 17:09:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/19 17:07:11 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Edwin\Desktop\ComboFix.exe
[2013/02/19 17:03:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/19 16:46:30 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\malware logs
[2013/02/19 16:34:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Edwin\Desktop\aswMBR.exe
[2013/02/19 16:22:59 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\RK_Quarantine
[2013/02/19 16:13:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Edwin\Desktop\tdsskiller.exe
[2013/02/19 11:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/15 16:40:12 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Lenovo
[2013/02/15 16:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2013/02/15 16:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo
[2013/02/15 16:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/14 16:43:17 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Malwarebytes
[2013/02/14 16:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/14 16:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/14 16:42:34 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/14 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/13 17:55:07 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\LavasoftStatistics
[2013/02/13 17:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/02/13 17:52:17 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Downloaded Installations
[2013/02/13 17:52:03 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/13 17:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/13 17:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/02/13 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/13 16:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/02/07 19:22:06 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\{63DDEF3B-0856-44EF-9C6C-486CD22EA5A1}
[2013/01/30 16:50:01 | 000,000,000 | --SD | C] -- C:\Users\Edwin\Google Drive
[2013/01/30 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/01/30 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DC-Unlocker
[2013/01/30 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\MyLifeOrganized
[2013/01/30 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\MyLifeOrganized
[2013/01/30 15:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyLifeOrganized
[2013/01/30 15:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyLifeOrganized.net
[2013/01/29 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\ooVoo Details
[2013/01/29 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2013/01/29 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2013/01/25 15:45:57 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Documents\Custom Office Templates
[2013/01/25 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/01/25 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/25 14:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/01/25 14:41:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/25 14:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/01/25 13:54:12 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Download Manager
[2013/01/25 13:46:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013/01/25 13:44:37 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/25 13:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/01/25 13:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/01/25 12:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/01/21 15:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012

========== Files - Modified Within 30 Days ==========

[2013/02/19 21:15:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/19 21:13:31 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 21:13:31 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 21:11:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/19 21:10:23 | 000,783,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/19 21:10:23 | 000,663,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/19 21:10:23 | 000,122,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/19 21:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/19 20:47:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.exe
[2013/02/19 20:44:58 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Edwin\Desktop\JRT.exe
[2013/02/19 20:37:40 | 000,587,671 | ---- | M] () -- C:\Users\Edwin\Desktop\adwcleaner0.exe
[2013/02/19 20:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/19 20:10:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/19 19:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248549332-523462300-163367360-1001UA.job
[2013/02/19 18:33:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Edwin\Desktop\dds.com
[2013/02/19 17:17:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/19 17:08:39 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Edwin\Desktop\ComboFix.exe
[2013/02/19 16:36:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Edwin\Desktop\aswMBR.exe
[2013/02/19 16:22:08 | 000,798,208 | ---- | M] () -- C:\Users\Edwin\Desktop\RogueKiller.exe
[2013/02/19 10:04:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248549332-523462300-163367360-1001Core.job
[2013/02/14 16:42:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/14 16:40:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Edwin\Desktop\tdsskiller.exe
[2013/02/13 17:52:03 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/13 09:55:06 | 000,516,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 00:57:26 | 000,002,227 | ---- | M] () -- C:\Users\Edwin\Desktop\Kindle.lnk
[2013/02/02 15:55:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\MLO.lnk
[2013/01/31 23:48:53 | 000,002,366 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/31 23:48:53 | 000,002,364 | ---- | M] () -- C:\Users\Edwin\Desktop\Google Chrome.lnk
[2013/01/30 16:50:02 | 000,001,695 | ---- | M] () -- C:\Users\Edwin\Desktop\Google Drive.lnk
[2013/01/29 23:47:32 | 000,141,073 | ---- | M] () -- C:\Users\Edwin\Documents\jsc close account.pdf
[2013/01/29 14:58:06 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013/01/25 14:42:10 | 000,002,837 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2013.lnk
[2013/01/25 14:42:10 | 000,002,807 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerPoint 2013.lnk
[2013/01/25 14:42:09 | 000,002,789 | ---- | M] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2013.lnk
[2013/01/25 13:44:37 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/25 13:40:48 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/01/25 11:16:12 | 000,216,832 | ---- | M] () -- C:\Users\Edwin\Desktop\Print_Image_287250081111_20130107_1329878472_308372.pdf
[2013/01/21 15:52:50 | 000,000,629 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/21 15:51:49 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk

========== Files Created - No Company Name ==========

[2013/02/19 20:37:33 | 000,587,671 | ---- | C] () -- C:\Users\Edwin\Desktop\adwcleaner0.exe
[2013/02/19 17:18:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/19 17:18:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/19 17:18:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/19 17:18:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/19 17:18:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/19 17:15:10 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
[2013/02/19 16:20:41 | 000,798,208 | ---- | C] () -- C:\Users\Edwin\Desktop\RogueKiller.exe
[2013/02/19 11:46:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/14 16:42:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/30 16:50:02 | 000,001,695 | ---- | C] () -- C:\Users\Edwin\Desktop\Google Drive.lnk
[2013/01/30 15:57:24 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\MLO.lnk
[2013/01/29 23:47:32 | 000,141,073 | ---- | C] () -- C:\Users\Edwin\Documents\jsc close account.pdf
[2013/01/29 14:58:06 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013/01/25 14:45:03 | 000,002,807 | ---- | C] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerPoint 2013.lnk
[2013/01/25 14:44:56 | 000,002,789 | ---- | C] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2013.lnk
[2013/01/25 14:42:50 | 000,002,837 | ---- | C] () -- C:\Users\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2013.lnk
[2013/01/25 13:40:48 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/01/25 11:16:12 | 000,216,832 | ---- | C] () -- C:\Users\Edwin\Desktop\Print_Image_287250081111_20130107_1329878472_308372.pdf
[2013/01/21 15:51:49 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013/01/12 00:57:49 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/01/12 00:57:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/04/10 21:27:07 | 000,017,408 | ---- | C] () -- C:\Users\Edwin\AppData\Local\WebpageIcons.db
[2012/04/10 15:03:45 | 000,000,017 | ---- | C] () -- C:\Users\Edwin\AppData\Local\resmon.resmoncfg
[2012/04/09 15:38:12 | 000,000,079 | ---- | C] () -- C:\Users\Edwin\AppData\Local\CrystalDiskMark30.ini
[2012/04/01 20:44:03 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/28 20:40:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/28 20:40:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/25 08:58:29 | 000,038,474 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/25 08:56:09 | 000,023,426 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/09/17 20:53:45 | 000,777,590 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/06/24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2011/04/23 20:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/22 22:17:21 | 000,003,584 | ---- | C] () -- C:\Users\Edwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/25 21:22:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/24 20:15:40 | 326,303,744 | ---- | C] () -- C:\Users\Edwin\Endnote X2.iso

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/04/23 20:50:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EndNote
[2011/04/23 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PwrMgr
[2011/06/05 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\acccore
[2011/02/10 15:30:50 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Acronis
[2011/06/02 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Amazon
[2011/07/16 00:13:25 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Ashampoo
[2011/11/07 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\calibre
[2013/01/12 01:01:06 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\ControlCenter4
[2013/01/30 09:56:58 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\DAEMON Tools Lite
[2013/01/11 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Dropbox
[2013/01/25 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\EndNote
[2013/02/15 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\EurekaLog
[2011/03/29 22:18:15 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\eXPert PDF 6
[2011/06/10 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\GARMIN
[2011/01/27 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\InterVideo
[2011/01/25 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Leadertech
[2011/05/20 21:17:37 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\magellangps.com
[2013/01/30 16:11:19 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\MyLifeOrganized
[2013/01/11 23:02:01 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Octoshape
[2013/01/29 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\ooVoo Details
[2011/08/31 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Opera
[2011/05/25 12:13:41 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\passport_photo
[2011/10/05 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\PCDr
[2011/02/24 11:23:59 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\PwrMgr
[2013/02/15 09:14:42 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Spotify
[2011/04/28 12:58:11 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\TeamViewer
[2011/04/22 23:07:43 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\uTorrent
[2011/02/02 13:18:15 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\Wi-Fi Sync

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
 
Cool :)

redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AcWin7Hlpr deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52878141 bytes
->Flash cache emptied: 919 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Edwin
->Temp folder emptied: 75232227 bytes
->Temporary Internet Files folder emptied: 257005916 bytes
->Java cache emptied: 1006335 bytes
->FireFox cache emptied: 104624141 bytes
->Google Chrome cache emptied: 92386154 bytes
->Flash cache emptied: 3086656 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57584 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 45452 bytes

Total Files Cleaned = 559.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Edwin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Edwin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02192013_232403

Files\Folders moved on Reboot...
C:\Users\Edwin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20130219210618B30).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(20130219210618B30).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20130219210618B30).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20130219210618B30).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.58
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 38
Java 7 Update 13
Java(TM) SE Development Kit 6 Update 25
Adobe Flash Player 11.5.502.149 Flash Player out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox 5.0 Firefox out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 20-02-2013
Ran by Edwin (administrator) on 19-02-2013 at 23:41:08
Running from "C:\Users\Edwin\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

redtarget.gif
We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

redtarget.gif
Uninstall Chrome.

  1. Close all Chrome windows and tabs.
  2. Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  3. Click Programs and Features.
  4. Double-click Google Chrome.
  5. Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 

Similar threads

Cal Jeffrey
Jeep's annoying pop-up nags you to buy an extended warranty at every stop sign
Replies
13
Views
271
Tinderbox
Tinderbox
Cal Jeffrey
Users challenge distracting Google Maps pop-up ads that suggest "quick detours"
Replies
9
Views
549
PurpaFur
PurpaFur
S
Safari's new Distraction Control feature will let you hide annoying cookie banners, sign-up pop-ups, and autoplay videos
Replies
6
Views
400
Demote6060
D

Latest posts

Back