Jump to content

PUPs & blocked IPs


Recommended Posts

A couple days ago, MBAM found a few PUPs (PUP.Optional.MultiPlug.A, PUP.Optional.MultiPlug, PUP.Optional.WebSearchInfo, PUP.Optional.InstalleRex) and removed a number of items. However, now a couple of IP addresses are being blocked with some frequency: 162.210.192.21 & a few in the 174.128.235.xxx range.

 

I subsequently ran MBAM in safe mode as well as MB anti-rootkit, but neither found any infections.

 

I seem to be unable to paste here, so I will try to attach dds.txt & attach.txt

 

dds.txt

attach.txt

Link to post
Share on other sites

Hello jay17 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 2

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan button. Wait until is finished.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
    Step 3
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Starter x86
Ran by Jeremy on Sun 01/05/2014 at  5:48:34.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\youtubeadblocker"
Successfully deleted: [Folder] "C:\Users\Jeremy\appdata\local\torch"
Successfully deleted: [Folder] "C:\Program Files\youtubeadblocker"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/05/2014 at  5:56:31.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

AdwCleaner[s0].txt:

 

# AdwCleaner v3.016 - Report created 05/01/2014 at 06:00:35
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Jeremy - WINDOWS-NETBOOK
# Running from : C:\Users\Jeremy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\Users\Jeremy\AppData\Roaming\SendSpace

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\NSIS_RMPrepUSB
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [1137 octets] - [05/01/2014 05:58:02]
AdwCleaner[s0].txt - [1079 octets] - [05/01/2014 06:00:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1139 octets] ##########

 

 

mbam-log-2014-01-05 (06-06-26).txt:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.05.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Jeremy :: WINDOWS-NETBOOK [administrator]

Protection: Enabled

1/5/2014 6:06:26 AM
mbam-log-2014-01-05 (06-06-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202764
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files\greatsaver (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
C:\ProgramData\greatsaver (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Program Files\greatsaver\uruXx_kaQz.tlb (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
C:\Program Files\greatsaver\uruXx_kaQz.dat (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
C:\ProgramData\greatsaver\zxlKuxAO4bE.dat (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.

(end)
 

 

Link to post
Share on other sites

Step 1

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
In your next reply, post the following log files:
  • ESET Online Scanner log
  • OTL log with Extras.txt
Link to post
Share on other sites

ESET log:

 

C:\Users\All Users\InstallMate\{B7188DD4-F0A5-43F0-A11B-B8876CFBAF22}\Custom.dll    Win32/InstalleRex.M application    
C:\Windows.old\Documents and Settings\Jmoney\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Documents and Settings\Jmoney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Documents and Settings\Jmoney\AppData\Local\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Documents and Settings\Jmoney\AppData\Local\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Documents and Settings\Jmoney\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Documents and Settings\Jmoney\Local Settings\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Documents and Settings\Jmoney\Local Settings\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Users\Jmoney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Users\Jmoney\AppData\Local\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Users\Jmoney\AppData\Local\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Users\Jmoney\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\Windows.old\Users\Jmoney\Local Settings\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Users\Jmoney\Local Settings\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    
C:\ProgramData\InstallMate\{B7188DD4-F0A5-43F0-A11B-B8876CFBAF22}\Custom.dll    Win32/InstalleRex.M application    cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O4TA1LN\XXcs11[1].exe    a variant of Win32/AdWare.MultiPlug.M application    cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O4TA1LN\YuZxTundpv[1].exe    a variant of Win32/AdWare.MultiPlug.M application    cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TCTB14Z\f6y1c9PIIu[1].exe    a variant of Win32/AdWare.MultiPlug.M application    cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TCTB14Z\wXT1JL[1].exe    a variant of Win32/AdWare.MultiPlug.M application    cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0TPJGZ4\duckegg[1].exe    Win32/Duckegg.A application    cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Temp\FastDownload.exe    Win32/Duckegg.A application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jmoney\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\YD77D08Y\PopularScreenSavers[1].exe    Win32/AdInstaller application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Jmoney\AppData\Local\Application Data\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
 

 

OCL.txt:

 

OTL logfile created on: 1/9/2014 5:17:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jeremy\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.36% Memory free
3.98 Gb Paging File | 3.24 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.00 Gb Total Space | 31.17 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS-NETBOOK | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/09 17:15:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Downloads\OTL.exe
PRC - [2013/06/21 15:23:23 | 003,108,864 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/27 09:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/04 23:22:46 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/21 15:23:23 | 003,108,864 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2006/08/12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/13 02:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/13 02:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/20 21:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/20 21:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/12/20 21:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/11/20 13:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 13:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/07/13 14:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2064223679-3572074257-727751468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2064223679-3572074257-727751468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2064223679-3572074257-727751468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F C6 12 D1 C4 09 CF 01  [binary data]
IE - HKU\S-1-5-21-2064223679-3572074257-727751468-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2064223679-3572074257-727751468-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2064223679-3572074257-727751468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKU\S-1-5-21-2064223679-3572074257-727751468-1000..\Run: [Amazon Cloud Player] C:\Users\Jeremy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/skillgam/skillgam.cab (SkillGam Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab (WWHearts Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99928C89-1222-4183-8EEF-421EC9327D55}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA93F117-9737-42DA-BEE6-443DFCBD225F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/09 14:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/05 05:57:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/05 05:48:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/02 15:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/02 15:53:24 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/02 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\mbar
[2014/01/01 11:47:47 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Comodo
[2014/01/01 11:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\bbd2e7b13ef04842
[2014/01/01 11:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/12/12 14:20:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/09 17:17:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 14:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 09:07:37 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 09:07:37 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 09:04:55 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/09 09:04:55 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/09 09:00:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 09:00:52 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\GS.Enabler-S-4560858878.job
[2014/01/09 09:00:22 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 05:44:40 | 001,233,962 | ---- | M] () -- C:\Users\Jeremy\Desktop\AdwCleaner.exe
[2014/01/02 16:09:19 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/01 11:48:09 | 003,041,792 | ---- | M] () -- C:\Program Files\GS.Enabler
[2014/01/01 11:48:09 | 000,146,768 | ---- | M] () -- C:\Program Files\GSSvc.dll
[2013/12/20 11:22:33 | 000,306,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/01/05 05:44:40 | 001,233,962 | ---- | C] () -- C:\Users\Jeremy\Desktop\AdwCleaner.exe
[2014/01/01 11:48:16 | 000,000,446 | -H-- | C] () -- C:\Windows\tasks\GS.Enabler-S-4560858878.job
[2014/01/01 11:48:09 | 003,041,792 | ---- | C] () -- C:\Program Files\GS.Enabler
[2014/01/01 11:48:09 | 000,146,768 | ---- | C] () -- C:\Program Files\GSSvc.dll
[2013/04/29 07:09:08 | 000,007,605 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/11 20:59:27 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\CloneSpy
[2013/05/14 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LibreOffice
[2013/07/02 11:56:46 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\thriXXX
 
========== Purity Check ==========
 
 

< End of report >
 

 

Extras.txt:

 

OTL Extras logfile created on: 1/9/2014 5:17:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jeremy\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.36% Memory free
3.98 Gb Paging File | 3.24 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.00 Gb Total Space | 31.17 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS-NETBOOK | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{553210A1-D4CE-40B5-AFE5-33F201C6772B}" = protocol=17 | dir=in | app=c:\program files\midten media\comic collector live\ccl.exe |
"{57974485-C103-46BA-9318-24906AF77DE7}" = protocol=6 | dir=in | app=c:\program files\midten media\comic collector live\ccl.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}" = GS.Supporter 1.80
"{9211177A-A4B0-4F10-B304-4753E2B61CEA}" = Comic Collector Live
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EF790F1C-CB0C-4B95-8C54-60783F3B6661}" = LibreOffice 3.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CloneSpy" = CloneSpy 3.03
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PinkVisual-150.002" = thriXXX PinkVisual-150.002
"RMPrepUSB" = RMPrepUSB
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2064223679-3572074257-727751468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Cloud Player" = Amazon Cloud Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/7/2014 7:16:23 PM | Computer Name = Windows-Netbook | Source = WinMgmt | ID = 10
Description =
 
Error - 1/8/2014 12:51:47 PM | Computer Name = Windows-Netbook | Source = WinMgmt | ID = 10
Description =
 
Error - 1/8/2014 2:18:14 PM | Computer Name = Windows-Netbook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\easy
 display manager\RunGfxUI64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/8/2014 6:15:56 PM | Computer Name = Windows-Netbook | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: Flash32_11_9_900_170.ocx, version:
11.9.900.170, time stamp: 0x529b7962  Exception code: 0xc0000005  Fault offset: 0x005a8b29
Faulting
 process id: 0xd98  Faulting application start time: 0x01cf0c91bc77156c  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_11_9_900_170.ocx
Report
 Id: 7188b3c8-78b2-11e3-9da7-e811325efb35
 
Error - 1/8/2014 6:49:00 PM | Computer Name = Windows-Netbook | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: MFC42.DLL, version: 6.6.8064.0, time
 stamp: 0x4d79b238  Exception code: 0xc0000005  Fault offset: 0x00025133  Faulting process
 id: 0xdc4  Faulting application start time: 0x01cf0cbf6704cca8  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MFC42.DLL
Report
 Id: 10398e42-78b7-11e3-9da7-e811325efb35
 
Error - 1/8/2014 7:11:15 PM | Computer Name = Windows-Netbook | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: MFC42.DLL, version: 6.6.8064.0, time
 stamp: 0x4d79b238  Exception code: 0xc0000005  Fault offset: 0x00025133  Faulting process
 id: 0x1080  Faulting application start time: 0x01cf0cc3d86fca6f  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MFC42.DLL
Report
 Id: 2bcc597b-78ba-11e3-9da7-e811325efb35
 
Error - 1/8/2014 7:38:50 PM | Computer Name = Windows-Netbook | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: MFC42.DLL, version: 6.6.8064.0, time
 stamp: 0x4d79b238  Exception code: 0xc0000005  Fault offset: 0x00025133  Faulting process
 id: 0x1a18  Faulting application start time: 0x01cf0cc72e2e365a  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MFC42.DLL
Report
 Id: 06409a7f-78be-11e3-9da7-e811325efb35
 
Error - 1/9/2014 1:02:18 PM | Computer Name = Windows-Netbook | Source = WinMgmt | ID = 10
Description =
 
Error - 1/9/2014 4:50:08 PM | Computer Name = Windows-Netbook | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: MFC42.DLL, version: 6.6.8064.0, time
 stamp: 0x4d79b238  Exception code: 0xc0000005  Fault offset: 0x00025133  Faulting process
 id: 0x1048  Faulting application start time: 0x01cf0d63603935ba  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MFC42.DLL
Report
 Id: 9f9708b0-796f-11e3-b895-e811325efb35
 
Error - 1/9/2014 7:52:02 PM | Computer Name = Windows-Netbook | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
 time stamp: 0x525b664c  Faulting module name: MFC42.DLL, version: 6.6.8064.0, time
 stamp: 0x4d79b238  Exception code: 0xc0000005  Fault offset: 0x00025133  Faulting process
 id: 0x19e0  Faulting application start time: 0x01cf0d7c66a87b9b  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MFC42.DLL
Report
 Id: 08c7a47f-7989-11e3-b895-e811325efb35
 
[ System Events ]
Error - 1/5/2014 1:23:51 PM | Computer Name = Windows-Netbook | Source = DCOM | ID = 10010
Description =
 
Error - 1/6/2014 12:17:21 AM | Computer Name = Windows-Netbook | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 1/6/2014 12:17:21 AM | Computer Name = Windows-Netbook | Source = DCOM | ID = 10010
Description =
 
Error - 1/6/2014 1:06:21 PM | Computer Name = Windows-Netbook | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 1/6/2014 1:06:22 PM | Computer Name = Windows-Netbook | Source = DCOM | ID = 10010
Description =
 
Error - 1/7/2014 12:12:53 AM | Computer Name = Windows-Netbook | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 1/7/2014 10:45:53 PM | Computer Name = Windows-Netbook | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 1/7/2014 11:27:53 PM | Computer Name = Windows-Netbook | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 1/8/2014 3:57:15 PM | Computer Name = Windows-Netbook | Source = DCOM | ID = 10010
Description =
 
Error - 1/9/2014 5:10:06 PM | Computer Name = Windows-Netbook | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
 
< End of report >
 

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    [2014/01/01 11:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

    [2014/01/01 11:48:16 | 000,000,446 | -H-- | C] () -- C:\Windows\tasks\GS.Enabler-S-4560858878.job

    [2014/01/01 11:48:09 | 003,041,792 | ---- | C] () -- C:\Program Files\GS.Enabler

    [2014/01/01 11:48:09 | 000,146,768 | ---- | C] () -- C:\Program Files\GSSvc.dll

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

 

All processes killed

========== OTL ==========

C:\ProgramData\InstallMate\{B7188DD4-F0A5-43F0-A11B-B8876CFBAF22} folder moved successfully.

C:\ProgramData\InstallMate\128E191B folder moved successfully.

C:\ProgramData\InstallMate folder moved successfully.

C:\Windows\Tasks\GS.Enabler-S-4560858878.job moved successfully.

C:\Program Files\GS.Enabler moved successfully.

File move failed. C:\Program Files\GSSvc.dll scheduled to be moved on reboot.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Jeremy\Downloads\cmd.bat deleted successfully.

C:\Users\Jeremy\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

 

User: Jeremy

->Temp folder emptied: 12327687 bytes

->Temporary Internet Files folder emptied: 819464994 bytes

->Flash cache emptied: 150917 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 130611273 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 918.00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 01102014_054818

Files\Folders moved on Reboot...

File move failed. C:\Program Files\GSSvc.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Glad I could help! :)

Step 1

Please run OTL and click on CleanUp button.

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.