Problems Since Infected With Funmoods

[Jilly]

Hi, I am having so many different problems since Fun and Pupmoods attached themselves to my pc.  I managed to uninstall from the control panel but it was still in my browser, so I followed a removal procedure which seemed to work for a while but when I run my malware bytes scan it always detects a minimum of 15 threats which I remove, all either Fun or Pup.  I`m currently using Waterfox as my pc is 64bit but get new browsers pop up.  Internet Explorer has now attached itself but not in the programmes.  At least I can stop it from becoming my default browser from the prompt.

 

My main problems are I can`t use my Outlook mail or Photobucket as I keep getting script error (Continue or Stop) and hitting either button only causes them to freeze.  My Adobe flash is constantly crashing, although I keep updating.  I noticed 3 pc issue warnings and one said my protocol driver wasn`t working properly which couldn`t be fixed automatically or manually.

 

I`m constantly getting prompts that I am not the Administrator, therefore restricting me, sometimes with plugins and filters I want to download to my Paint Shop Pro.  I get pop ups saying I have system errors with certain dll`s.

 

There are more niggling issues and am sorry but can`t remember them all right now.  Will jot them down as I remember them, for future reference.

 

Thankyou in advance for your help, you came highly recommended to hijack computer issues.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by jilly at 9:46:57 on 2014-01-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3957.1920 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\jilly\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Waterfox\waterfox.exe
C:\Program Files\Waterfox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\jilly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jilly\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\jilly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{4AA58356-9951-4ECE-9021-9EE22B36DD59}\4656661657C647 : DHCPNameServer = 193.213.112.4 130.67.15.198
TCP: Interfaces\{714354D1-AE80-417B-8D89-24C0DBD76861} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{88DA433C-4AA3-44BE-B44F-34B73AFBCFED} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-10-5 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-5 202752]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-3 109352]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-5 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-5 2533400]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-2-18 303360]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-2-18 1256192]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-10-5 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-10-5 74280]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-2-18 7680512]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-5 1255736]
S4 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-2-18 25056]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-06 09:26:33    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38DD15EF-136E-435F-8D96-D5EAA71EB460}\mpengine.dll
2014-01-06 09:16:46    --------    d-----w-    C:\f29c2c39dca6f56bbee7cf
2014-01-05 07:39:48    --------    d-----w-    C:\a6761ac7b3b43ed3c3d8f87a075ca4
2014-01-04 10:19:18    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 14:03:44    --------    d-----w-    C:\Program Files\HitmanPro
2014-01-03 14:02:15    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-03 13:46:29    --------    d-----w-    C:\Users\jilly\AppData\Local\FileTypeAssistant
2014-01-03 13:38:26    --------    d-----w-    C:\AdwCleaner
2013-12-13 09:55:03    --------    d-----r-    C:\Users\jilly\Dropbox
2013-12-12 16:22:22    --------    d-----w-    C:\Windows\SysWow64\Snowflakes
2013-12-12 07:53:32    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 07:53:32    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 07:53:32    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 07:53:31    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 07:26:05    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-11 07:26:05    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-12-11 07:26:04    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-11 07:26:04    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 07:26:04    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-11 07:26:03    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 07:26:01    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 07:25:59    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 07:25:59    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 07:25:54    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 07:25:54    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 07:25:54    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 07:25:54    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 07:25:54    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-11 07:25:54    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-12-11 07:25:53    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 07:25:53    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 07:25:53    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 07:25:53    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
.
==================== Find3M  ====================
.
2013-12-31 13:51:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 13:51:28    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-27 14:16:58    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-11-27 07:58:59    86016    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-11 05:50:16    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH:  9:48:29.89 ===============

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/10/2012 23:18:41
System Uptime: 04/01/2014 11:14:47 (46 hours ago)
.
Motherboard: Dell Inc. |  | 0PJTXT
Processor: Intel® Pentium® CPU        P6200  @ 2.13GHz | U2E1 | 1194/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 251.002 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 4.392 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP266: 15/12/2013 07:53:27 - Windows Update
RP267: 16/12/2013 07:27:08 - Windows Update
RP268: 17/12/2013 08:13:37 - Windows Update
RP269: 18/12/2013 07:30:42 - Windows Update
RP270: 18/12/2013 07:59:20 - Installed Microsoft Fix it 50768
RP271: 19/12/2013 07:57:43 - Windows Update
RP272: 19/12/2013 08:05:54 - Installed Microsoft Fix it 50768
RP273: 20/12/2013 07:29:41 - Windows Update
RP274: 21/12/2013 08:08:47 - Windows Update
RP275: 22/12/2013 07:50:13 - Windows Update
RP276: 23/12/2013 08:07:42 - Windows Update
RP277: 24/12/2013 09:23:19 - Windows Update
RP278: 25/12/2013 08:42:21 - Windows Update
RP279: 26/12/2013 08:13:19 - Windows Update
RP280: 27/12/2013 08:19:23 - Windows Update
RP281: 28/12/2013 13:18:12 - Windows Update
RP282: 29/12/2013 08:17:36 - Windows Update
RP284: 31/12/2013 10:21:47 - Windows Update
RP285: 01/01/2014 08:32:30 - Windows Update
RP286: 02/01/2014 08:30:35 - Windows Update
RP287: 03/01/2014 07:42:01 - Windows Update
RP288: 04/01/2014 10:13:55 - Windows Update
RP289: 05/01/2014 07:39:07 - Windows Update
RP290: 06/01/2014 09:15:51 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe AIR Free Download Packages
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Alien Skin Xenofex 2.0
All Media Converter version 5.2.3
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
D3DX10
Dropbox
Eye Candy 4000
FastFontPreview v3.0.2 FREEWARE
File Type Assistant
Font Xplorer 1.2.2
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Jasc Paint Shop Pro 8
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SkyDrive Free Download Packages
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype Web Plugin
Skype™ 6.11
Synaptics Pointing Device Driver
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Updater
Waterfox 24.0 (x64 en-US)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
30/12/2013 17:05:12, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
30/12/2013 17:05:12, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
06/01/2014 09:19:40, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
03/01/2014 13:21:42, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
03/01/2014 12:54:45, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
03/01/2014 12:54:45, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
03/01/2014 12:51:45, Error: Service Control Manager [7000]  - The Browser Manager service failed to start due to the following error:  The system cannot find the path specified.
01/01/2014 08:32:18, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
01/01/2014 08:32:18, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
 

 

 

[Maniac]

Hello Jilly and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[Jilly]

Hiya Borislav, thank you for your assistance.  When I shut down my protection I found a quarantined trojan dropper I hadn`t noticed or removed and, as I wasn`t sure what to do, I left it.

 

Here are the results of step 1.  Now moving on to adwCleaner

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by jilly on 06/01/2014 at 19:36:51.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3154375046-2013276623-2211640544-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\jilly\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Users\jilly\appdata\local\solid savings"
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{03F7799F-2248-4B09-BD74-6235344B3F70}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{04AF8A7A-D532-46BC-8156-21826DB7A1C5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{04F77498-BAE2-480C-ADF3-73F45402945F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{05D736C3-EDB7-487C-BDE8-3FCA32E8DF60}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{060CB19F-6C4D-42D8-A1AB-83B7B1684E96}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0706548B-77AF-4A53-BBDD-5A2E71B1A784}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{073B8857-33FF-4934-AB5A-84D60CF01A90}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{079C2D1F-5EF2-4637-BAAB-FFD679CF8C82}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0BADAE0F-7B97-4407-97F3-FF98C156E468}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0CB043E8-A597-4A80-BB41-EFA13457E75F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0D6F160F-EB3E-4FE2-A051-9F7D1E319EDF}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0DCD219D-4446-437D-A88C-8DEB595D9DDE}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0E513822-7B32-4EE1-9A63-0DB19F06CA95}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0F1C9C88-728F-42C2-9758-C3926BD08123}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0FB60E3A-C65A-4AC4-955D-58F6C6164022}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{0FCAC37E-BB7A-4162-BE0D-FEDD611617BC}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{10F63CD5-A09E-475A-9B51-84C1125DAACD}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{11A37F00-0FC6-4550-9D88-8393597133BD}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{16A3E207-2090-4AA5-ACC8-E3913EFB5285}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1852BA4E-9C57-4FC3-8F20-AF93E4F68624}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1989948B-5FFE-4EC6-88A0-00634E1A968F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1990F489-BA30-489B-963F-4E0C8C07A801}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{19BD42DF-86CD-4BBD-A2CE-B26F08A3A2BF}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1A7E83FD-1EED-4535-B5E1-ACEEF19965BC}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1B575361-257B-4925-AF9A-399D5064F9A4}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1BAA563A-4B5B-4508-9F6D-7454175E3C7A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1DD521B5-D4C5-4E65-8A99-1EBBFDDB4270}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1E4602C7-DA54-424C-9AC0-984CEA750E3F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1F70AE72-997D-43DA-A12E-9FB549A9C12F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{1FE5D1E9-5DD6-4081-9BFD-DF95DD255DEC}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{2345A76E-CC4C-4A83-9FF3-C45BEC471135}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{23F5E28F-3058-48D1-8B05-ADF0ED04975E}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{26BCB4FD-2F7D-4EB8-A4E9-8396AE776441}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{26BDD3CC-24B5-4D63-B7F4-748B93BAD443}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{27DAA8E4-6224-434B-9E01-F0BA0EB455A5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{2DCE729B-8E92-4AF3-88EB-C65DA1E3D7ED}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{2E422DEF-2742-4F8C-A602-79A5EA28F501}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{30D1DC45-95A4-4C9A-A013-44D2150C83F0}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{31C30417-917F-4027-9DD1-8EC45733EBFF}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{327E07E5-0C55-4404-BFDE-A0BC03215246}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{357982EE-70DC-406E-A083-F07847BFC922}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{3AD98B06-E7D6-401C-A6D2-09BD28CD584D}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{3AFCC7EE-3D70-40A6-896F-89EC09360E44}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{3EB9B1EB-0D19-4BA9-86FB-7A0286D81B93}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{3FA5DCAB-2D40-47D4-8380-96BDACB6B49B}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{4294DF7B-D5F2-41AF-9064-20ED49C16512}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{43B6264F-017F-486A-8F1C-879C47F20910}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{48299EAD-C33B-4F3E-B601-DE4CBA081659}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{488F4BFC-392B-4D7E-82F3-BECB999C98A6}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{48D5C903-E578-46B3-AB88-2CC0E054E58A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{49BC4F73-7306-4BFA-AED5-7B603CB074B5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{4DE56654-186C-423D-ABB1-CDE19CF18033}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{4F7FA751-6080-44B1-B31A-BFB09351149C}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{51D5C00F-9FC9-4298-9843-67476425052F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{524BAD70-4269-4E00-B74B-30127ADB5789}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{550431AE-AF79-4978-8DC5-CC496482D725}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{55D0A3E1-C100-4E7C-A3D9-68D8036AE3E5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{55FD662C-E3EC-4F92-9F73-8D3C2661722D}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{58A7899F-C60C-4D39-832F-321D3FCFBF81}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{592FB69E-59EB-4997-B6F9-82FA2FFDFA52}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{5A1E338B-E65C-4585-B39C-7A01AC234266}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{5A208D1A-E0AB-4C67-9A74-6C59B83E3905}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{5A9A7C3E-6DEE-486F-B17A-806FD357EFC8}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{5EB08B96-3265-4A5D-8BCD-738B47329EC2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{5FA12A5F-6ACB-4E21-9405-35D596136854}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{5FBB3D8E-AEAB-48EF-B077-F263E26EF839}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6039BC41-C41E-41B6-AED4-496597B96CE0}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{61C4E3B7-C653-481A-9066-07C6B141FA72}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{65292404-5D20-4896-BED2-8E40CB7DF1F3}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{65B8632E-EF1C-4008-8EE2-6C3B70410FC2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6809973C-9F19-4545-80B7-6EBA2053A341}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6989ADEE-6A7E-4D1D-9FD2-4D4D1D1C3DE5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6A2B4FA2-C2E7-46B9-BCA8-EA38B90CF309}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6A2CC828-2D46-4C03-906A-25B0133CCBFA}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6CA6C444-2AE4-4D0A-987B-C0668E52B01C}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6E2F323E-3354-4DB6-BDD6-C2EC0FCFE9E2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6F379E84-E854-4C1F-9BE2-973F1AD861E3}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6F700E46-AA76-4D0C-91CF-854DBA4B436B}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{6FC87843-5EC3-451C-AF8B-B245006A2C62}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{70DEED72-DB62-483A-AD5E-E6FD54CDBEAA}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{73396909-E8FD-43E2-8C32-3C841B749999}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{73538181-19CA-4E1A-B0D4-BAB4C532A5DD}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{74711FFE-9D29-4397-8FA0-22136E4A5739}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{773B0C4B-34E5-4734-88C8-EC20D4EEA5D0}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{79602615-3151-4BCE-AE55-971777B34BE7}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{79F773C2-2743-429A-9500-0DDDED740203}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{7CC05404-03A1-4CE1-8199-5F633D6E0C4B}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{7FA867AD-3190-47FE-B19E-17AB36EC6EDE}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{803F673B-E3B6-4A6E-81C5-797ADF9E5FF3}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{80AF3B52-E9E1-448D-8EF7-C104EE299142}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{813B1E95-8506-4B2E-A388-678C33639690}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{84E80E25-390B-4264-A971-E48235CB11BF}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{852CC6D9-6E9C-4A77-B4F5-2A9C2D625FB1}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8556DCD5-5C58-468E-A58F-6670FD43EF02}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8684C6A5-80C0-4B71-A7BC-6BCDF212047A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{875B4850-1F37-4B28-B8B6-455915C44554}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8A21D84E-8483-4229-95C2-7331DA10FA41}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8B18BB21-45EE-4B15-923B-A21B8F110B6A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8BBD535B-13BF-4A2F-9109-2006D04100D1}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8D065F38-082E-408D-8149-8BEB7769BB2D}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8E089D4C-9791-4EAF-BBEB-2230432B2496}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{8F8AA082-9508-4891-8AEB-99376EFCF776}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{900BC5E4-DC03-4AF4-B349-95462EE0C1CA}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{928DC544-40FD-4B4E-A3A9-60EF775BE44E}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{93CB05B6-26D8-43B0-95E2-EEA9914C7417}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{983DD2CA-DF0F-495B-A68A-83F7F5C4877A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9846ADF6-7A95-4680-AB3F-84D9635D6A9F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{98F6EFA7-9BC4-4732-91D5-2C19C8250043}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{99651F17-F50B-4B3F-A0E1-827B3BA821F0}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{99862BDE-244E-4A42-B84D-B458C5102EF1}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{99D0E576-6C37-46FB-88C9-EC6B6B79E08F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{99E446E7-14C2-4B9B-90A5-F41B3E1C4AC8}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9B9D9921-F18C-412D-A11B-553AD9362AE5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9BD549B3-25F5-40AF-8B33-6624A10DC6FA}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9C5F3840-7245-44A5-832E-7827402382BD}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9EE40093-0F48-4B2E-B362-8DBA01EBAC44}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9EF6710E-0F8C-466B-9AF6-CC7F2521501F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{9F31FFC3-A704-4521-8333-E2032F29E80C}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A1C366C6-9FDD-4A89-8E1D-D4E03B7E7EC3}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A215A552-F8C6-48FA-BCAF-2E7A3EFD5014}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A236185F-F953-4912-825F-EA7282AA8533}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A2DB7A46-5B53-4C50-B1DB-10A0E1975B61}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A48350B2-4802-42BA-8596-9A26D362577D}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A4F8F26A-B2A7-4D8F-9544-9134E3A44168}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A563D8B2-6EA6-46DE-9C09-5D104C363EEE}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{A5AA5606-565B-4EC1-892A-A622E42E8283}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{ADB27F1E-E760-4157-AD71-1691A66F39EF}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{AFED71EE-B217-48F8-8878-50FD2BEA30CB}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{B160C62E-5892-4FFD-942B-9E11BA87816A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{B217EA29-7A86-4BE8-BDBC-BA6E35B7E5A2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{B70242AF-5531-44F0-BE2F-E9A43BCBF1EC}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{B7C8C20D-90DC-46E3-A023-2147F605CEA1}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{B8A555E8-3E15-4C83-B15C-C69D82BA0256}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{BBCD4353-87F6-4287-A95F-4B86B6054DFC}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{BC864EAA-1C16-47AF-8140-E4631B176D12}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{BF39413E-5364-4C2A-8665-AED599FEF782}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C0ACC2D2-3610-49B6-BAB1-72C5EEE2CA68}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C0EFA189-49E9-4FA2-B802-DBD687E69F44}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C1716227-4C3D-4599-B152-661CC455229A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C20B0C3E-770A-4F09-A22A-B1BFBB4D07C2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C27BC4C6-186E-4784-A5DC-D80D23C30323}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C43B7641-BB59-4F93-A042-CC2F3C52EBD5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C5CDA278-BC4F-42BF-AB1F-E12874816BEC}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{C6C0949F-B609-411E-9CCD-F380346EF85A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{CC3BF0EE-7823-49D1-A1DB-90A1B74690A9}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{CD13AE11-D9DE-4802-9416-1CC36FC81800}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{CEEFB5BB-0A9C-434E-A46E-A0F2096B59D2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D1160B6D-BFE3-434C-BEFD-EE270CCB7E9A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D15D60DA-D62C-4082-9EC6-03AF7C95B678}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D2483600-5063-4471-B53B-F82A9F5CD2AD}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D325356C-6FF5-451F-8815-E0F6551E96A1}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D4063198-0151-459A-BC6F-C6848BEF6A2C}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D48423C8-6A98-441A-8461-56BFDF8B75C5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D4F06DC8-0C23-4380-A0FB-4CDF6D132218}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{D7F2E619-D287-4A4E-8360-CB65B9D97CCB}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{DB25A7F9-1F6D-4B38-96F1-BA242B9A6288}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{DB7AF3D0-4606-4ADA-904A-66B4AF878AA2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{DDC19CBA-2535-409D-9855-A7ECCDDE6934}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E0205485-35D0-4E95-BCE9-AA1882776202}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E116E212-9D78-4D6B-988A-607A898DB10A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E25F4E5C-693D-4F83-BD59-64073741D2C6}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E942E655-4759-41DD-83DA-2A2AE1488D1F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E9798F63-3A4B-4B79-8CF5-0C524C8932C1}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E97C19D3-3370-471B-8F0F-CD2A09C02DF5}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E98F22A2-3D97-4A09-9773-9698CE9DDC84}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{E9A37D24-20E2-49FA-824C-4AAECBA96233}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EA97D4C9-9467-4419-8EE9-1BADE928915F}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EB4919FE-A972-4ACE-9EAF-41365CD318BF}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EB7EB0C2-FBA4-475B-A9A3-A60D5D3EAA7A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EB937975-BFA6-42BB-ADF8-03779F8FBF7D}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EC72C39F-452C-4227-B966-EE53374C8A89}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EE3051E7-F575-47D2-A455-B3CEB1823AC2}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EEFDE07D-43D0-4550-9AA6-004ABBDD3C52}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{EF22423E-B8E0-4812-B6C5-278EDCDAD30B}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F12B516C-2E67-4EDE-97A0-96E85881DF7A}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F15B3EC6-04A5-4378-95DE-23EAB2498278}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F1C3E3C8-E46A-4AB7-A73B-9EECFCA66233}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F21C3588-E034-4058-B7A1-0A412A605994}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F235F37B-DF3F-493D-BB3B-7F6481879A72}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F384280E-9B2D-4ADB-8FC2-7923A6B6DE07}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F67E5337-7C21-4B2F-8384-171C28CA79FD}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F6D829EB-9997-43DA-BED6-0287A99373EA}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{F9DE6560-92A5-4022-952C-570137B7C3F6}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{FC4CB005-67A2-4DC9-95A7-AAA49BC01DF8}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{FDB3A734-1887-4BB8-B8DF-FF179EFA3647}
Successfully deleted: [Empty Folder] C:\Users\jilly\appdata\local\{FDEBB911-E656-4811-BCE5-89E1CE0EA3D4}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/01/2014 at 19:47:16.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[Jilly]

# AdwCleaner v3.016 - Report created 06/01/2014 at 20:04:06
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jilly - JILLY-PC
# Running from : C:\Users\jilly\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Shortcuts ] *****


***** [ Registry ] *****
Sorry for doing this a step at a time but as my pc freezes, at least this way, I don`t lose anything. Malware scan now in progress

 

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20495 octets] - [03/01/2014 13:39:14]
AdwCleaner[R1].txt - [1134 octets] - [06/01/2014 20:01:28]
AdwCleaner[s0].txt - [20721 octets] - [03/01/2014 13:42:02]
AdwCleaner[s1].txt - [1058 octets] - [06/01/2014 20:04:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1118 octets] ##########

[Jilly]

Malware Scan results

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
jilly :: JILLY-PC [administrator]

06/01/2014 20:12:05
mbam-log-2014-01-06 (20-12-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236740
Time elapsed: 26 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Jilly]

Good morning Borislav, I`m still unprotected here, should I have re-enabled my antivirus?

[Maniac]

Yes, when you finish the following step turn it on:

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Jilly]

Finally, here it is I can`t believe the amount of threats detected........  Awesome work thank you Borislav.  Look forward to your reply.

 

C:\Users\All Users\Updater\Uninstall.exe    a variant of Win32/ExFriendAlert.B application    
C:\Windows.old\Documents and Settings\jilly\Application Data\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    
C:\Windows.old\Users\jilly\AppData\LocalLow\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    
C:\Windows.old\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\Application Data\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\Desktop\disk-defrag-setup.zip    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Users\jilly\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application    
C:\Windows.old\Users\jilly\Downloads\pinuptoons_tubes_downloader_352a.exe    a variant of Win32/YourFileDownloader application    
C:\Windows.old\Users\jilly\Downloads\SweetImSetup.exe    a variant of Win32/SweetIM.C application    
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R2OPZVC.crx    multiple threats    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RE0DFAA.tmp    Win32/Toolbar.Perion.D application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RECMUGD.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RFHZV4D.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RHTH5VM.exe    Win32/MyPCBackup.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RJWEOG2.dll    a variant of Win32/Toolbar.Babylon.P application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RPAS34O.crx    multiple threats    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RS3X8GT.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RSXE56F.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RYF2M40.exe    Win32/Somoto.D application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RYQU367.exe    a variant of Win32/Toolbar.Babylon.I application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\MyBabylonTB.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R5UVATA\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll    probably a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R5UVATA\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe    a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\MyBabylonTB.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RI29THO\BunndleOfferManager.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OApps\SelectionLinks.dll.vir    Win32/AdWare.Facetheme.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir    multiple threats    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jilly\AppData\Roaming\Yontoo\YontooDesktop.exe.vir    a variant of MSIL/WebCake.B application    cleaned by deleting - quarantined
C:\Config.Msi\11d80e04.rbf    a variant of Win32/Toolbar.Widgi.A application    cleaned by deleting - quarantined
C:\ProgramData\Updater\Uninstall.exe    a variant of Win32/ExFriendAlert.B application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\Flaming Pear Super Blade Pro 1.4 + lots additions!!.zip    a variant of Win32/Keygen.BP application    deleted - quarantined
C:\Users\jilly\AppData\Local\Temp\is1852162411\467627_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\is1852162411\99875422_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{15050271-5065-43DB-B8E1-CF3E67405939}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{27AD39F3-B8D2-4DA8-8CF6-F5FB69312D87}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{7FAEFBDF-EF3C-41C7-BBD3-D9332941E6C9}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe AIR Free Download Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N\Microsoft SkyDrive Free Download Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\allmediaconverter_installer.exe    Win32/Adware.RK.AO.Gen application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\ARO2013_bt.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\cbsidlm-tr1_8-Sqirlz_Water_Reflections-ORG2-10395165.exe    Win32/DownloadAdmin.E application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\FlashPlayer(1).exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\FlashPlayer.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\izarc-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\sqirlzwaterreflections-setup(1).exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\sqirlzwaterreflections-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\LocalLow\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Desktop\disk-defrag-setup.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\pinuptoons_tubes_downloader_352a.exe    a variant of Win32/YourFileDownloader application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\SweetImSetup.exe    a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\IObit Toolbar\WidgiHelper.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\IObit Toolbar\IE\6.3\iobitToolbarIE.dll    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Windows\Installer\119a072c.msi    multiple threats    deleted - quarantined
C:\Windows.old\Windows\Installer\252d4635.msi    a variant of Win32/SweetIM.F application    deleted - quarantined
 

[Jilly]

I did notice the SweetIM application on the list which is what started all my problems

[Maniac]

SweetIM was just a part of the problem.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[Jilly]

OTL.Txt

 

C:\Users\All Users\Updater\Uninstall.exe    a variant of Win32/ExFriendAlert.B application    
C:\Windows.old\Documents and Settings\jilly\Application Data\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    
C:\Windows.old\Users\jilly\AppData\LocalLow\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    
C:\Windows.old\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\Application Data\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\Desktop\disk-defrag-setup.zip    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Users\jilly\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application    
C:\Windows.old\Users\jilly\Downloads\pinuptoons_tubes_downloader_352a.exe    a variant of Win32/YourFileDownloader application    
C:\Windows.old\Users\jilly\Downloads\SweetImSetup.exe    a variant of Win32/SweetIM.C application    
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R2OPZVC.crx    multiple threats    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RE0DFAA.tmp    Win32/Toolbar.Perion.D application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RECMUGD.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RFHZV4D.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RHTH5VM.exe    Win32/MyPCBackup.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RJWEOG2.dll    a variant of Win32/Toolbar.Babylon.P application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RPAS34O.crx    multiple threats    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RS3X8GT.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RSXE56F.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RYF2M40.exe    Win32/Somoto.D application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RYQU367.exe    a variant of Win32/Toolbar.Babylon.I application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\MyBabylonTB.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R5UVATA\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll    probably a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R5UVATA\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe    a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\MyBabylonTB.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RI29THO\BunndleOfferManager.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OApps\SelectionLinks.dll.vir    Win32/AdWare.Facetheme.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir    multiple threats    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jilly\AppData\Roaming\Yontoo\YontooDesktop.exe.vir    a variant of MSIL/WebCake.B application    cleaned by deleting - quarantined
C:\Config.Msi\11d80e04.rbf    a variant of Win32/Toolbar.Widgi.A application    cleaned by deleting - quarantined
C:\ProgramData\Updater\Uninstall.exe    a variant of Win32/ExFriendAlert.B application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\Flaming Pear Super Blade Pro 1.4 + lots additions!!.zip    a variant of Win32/Keygen.BP application    deleted - quarantined
C:\Users\jilly\AppData\Local\Temp\is1852162411\467627_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\is1852162411\99875422_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{15050271-5065-43DB-B8E1-CF3E67405939}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{27AD39F3-B8D2-4DA8-8CF6-F5FB69312D87}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{7FAEFBDF-EF3C-41C7-BBD3-D9332941E6C9}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe AIR Free Download Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N\Microsoft SkyDrive Free Download Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\allmediaconverter_installer.exe    Win32/Adware.RK.AO.Gen application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\ARO2013_bt.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\cbsidlm-tr1_8-Sqirlz_Water_Reflections-ORG2-10395165.exe    Win32/DownloadAdmin.E application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\FlashPlayer(1).exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\FlashPlayer.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\izarc-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\sqirlzwaterreflections-setup(1).exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\sqirlzwaterreflections-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\LocalLow\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Desktop\disk-defrag-setup.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\pinuptoons_tubes_downloader_352a.exe    a variant of Win32/YourFileDownloader application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\SweetImSetup.exe    a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\IObit Toolbar\WidgiHelper.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\IObit Toolbar\IE\6.3\iobitToolbarIE.dll    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Windows\Installer\119a072c.msi    multiple threats    deleted - quarantined
C:\Windows.old\Windows\Installer\252d4635.msi    a variant of Win32/SweetIM.F application    deleted - quarantined

 

Extras.Txt

 

C:\Users\All Users\Updater\Uninstall.exe    a variant of Win32/ExFriendAlert.B application    
C:\Windows.old\Documents and Settings\jilly\Application Data\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    
C:\Windows.old\Users\jilly\AppData\LocalLow\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    
C:\Windows.old\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\Application Data\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    
C:\Windows.old\Users\jilly\Desktop\disk-defrag-setup.zip    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows.old\Users\jilly\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application    
C:\Windows.old\Users\jilly\Downloads\pinuptoons_tubes_downloader_352a.exe    a variant of Win32/YourFileDownloader application    
C:\Windows.old\Users\jilly\Downloads\SweetImSetup.exe    a variant of Win32/SweetIM.C application    
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R2OPZVC.crx    multiple threats    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RE0DFAA.tmp    Win32/Toolbar.Perion.D application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RECMUGD.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RFHZV4D.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RHTH5VM.exe    Win32/MyPCBackup.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RJWEOG2.dll    a variant of Win32/Toolbar.Babylon.P application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RPAS34O.crx    multiple threats    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RS3X8GT.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RSXE56F.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RYF2M40.exe    Win32/Somoto.D application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RYQU367.exe    a variant of Win32/Toolbar.Babylon.I application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\MyBabylonTB.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R0TFGG7\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R5UVATA\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll    probably a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$R5UVATA\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe    a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\MyBabylonTB.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RH1ZNGA\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3154375046-2013276623-2211640544-1000\$RI29THO\BunndleOfferManager.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OApps\SelectionLinks.dll.vir    Win32/AdWare.Facetheme.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir    multiple threats    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jilly\AppData\Roaming\Yontoo\YontooDesktop.exe.vir    a variant of MSIL/WebCake.B application    cleaned by deleting - quarantined
C:\Config.Msi\11d80e04.rbf    a variant of Win32/Toolbar.Widgi.A application    cleaned by deleting - quarantined
C:\ProgramData\Updater\Uninstall.exe    a variant of Win32/ExFriendAlert.B application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\Flaming Pear Super Blade Pro 1.4 + lots additions!!.zip    a variant of Win32/Keygen.BP application    deleted - quarantined
C:\Users\jilly\AppData\Local\Temp\is1852162411\467627_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\is1852162411\99875422_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{15050271-5065-43DB-B8E1-CF3E67405939}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{27AD39F3-B8D2-4DA8-8CF6-F5FB69312D87}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Local\Temp\{7FAEFBDF-EF3C-41C7-BBD3-D9332941E6C9}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe AIR Free Download Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N\Microsoft SkyDrive Free Download Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\jilly\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\allmediaconverter_installer.exe    Win32/Adware.RK.AO.Gen application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\ARO2013_bt.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\cbsidlm-tr1_8-Sqirlz_Water_Reflections-ORG2-10395165.exe    Win32/DownloadAdmin.E application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\FlashPlayer(1).exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\FlashPlayer.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\izarc-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\sqirlzwaterreflections-setup(1).exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\jilly\Downloads\sqirlzwaterreflections-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\LocalLow\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\0jqo6dym.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Desktop\disk-defrag-setup.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\pinuptoons_tubes_downloader_352a.exe    a variant of Win32/YourFileDownloader application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\jilly\Downloads\SweetImSetup.exe    a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\IObit Toolbar\WidgiHelper.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\IObit Toolbar\IE\6.3\iobitToolbarIE.dll    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Windows.old\Program Files (x86)\Soft32\tbSoft.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Windows.old\Windows\Installer\119a072c.msi    multiple threats    deleted - quarantined
C:\Windows.old\Windows\Installer\252d4635.msi    a variant of Win32/SweetIM.F application    deleted - quarantined


 

[Maniac]

This is the log file from ESET Online Scanner. Take a carefully look to my last instructions.

[Jilly]

Sorry Borislav, I have no idea what happened there, I ran the scan again to be sure and only the OTL opened, not the extra

 

OTL logfile created on: 10/01/2014 12:42:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jilly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.86 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 38.49% Memory free
7.73 Gb Paging File | 4.92 Gb Available in Paging File | 63.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 250.63 Gb Free Space | 55.57% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 4.39 Gb Free Space | 29.98% Space Free | Partition Type: NTFS
 
Computer Name: JILLY-PC | User Name: jilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/10 12:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jilly\Downloads\OTL(1).exe
PRC - [2014/01/09 12:07:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jilly\Downloads\OTL.exe
PRC - [2013/12/18 01:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\jilly\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/25 03:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/07/01 11:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 11:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/18 01:01:12 | 003,558,400 | ---- | M] () -- C:\Users\jilly\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 21:10:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/18 21:10:09 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/18 21:10:04 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/14 06:56:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/23 19:01:44 | 025,100,288 | ---- | M] () -- C:\Users\jilly\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/15 16:08:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 15:32:05 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 15:31:40 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 15:31:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/14 12:13:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 03:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2011/12/14 10:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/01/03 14:03:45 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/05 09:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 09:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 09:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/01/22 09:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/12/31 13:51:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/07/01 11:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 11:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/07 10:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/08 03:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/18 06:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 08:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.org/en-US/firefox/central/
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A E0 18 4A DD A2 CD 01  [binary data]
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.48
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype Technologies S.A..com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@Skype.com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 24.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 24.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
 
[2012/10/09 06:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jilly\AppData\Roaming\Mozilla\Extensions
[2013/11/29 08:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions
[2013/11/19 16:32:07 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions\support@tubedimmerapp.com
[2013/11/24 11:53:19 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/11/15 19:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 19:55:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\jilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2012/10/05 13:44:20 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15262 more lines...
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3154375046-2013276623-2211640544-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\jilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jilly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\jilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714354D1-AE80-417B-8D89-24C0DBD76861}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88DA433C-4AA3-44BE-B44F-34B73AFBCFED}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 23:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{55b4fab0-0e51-11e2-9d5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55b4fab0-0e51-11e2-9d5a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/10 07:41:21 | 000,000,000 | ---D | C] -- C:\7f5e7e9b69e4a975b373c9f000565529
[2014/01/09 08:43:58 | 000,000,000 | ---D | C] -- C:\f6afb9c66b6cfc7774d035433dd267
[2014/01/08 09:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/08 08:34:47 | 000,000,000 | ---D | C] -- C:\8a607290b45c29e3cc6082
[2014/01/07 07:58:04 | 000,000,000 | ---D | C] -- C:\47a6ab0fa5443cdc59f2c1a917430d8f
[2014/01/06 20:05:58 | 000,000,000 | ---D | C] -- C:\Users\jilly\AppData\Local\FileTypeAssistant
[2014/01/06 19:36:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/03 14:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/01/03 14:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/01/03 14:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/03 13:38:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/13 10:00:24 | 000,000,000 | ---D | C] -- C:\Users\jilly\Documents\Files Zipped
[2013/12/13 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\jilly\Documents\DROP BOX
[2013/12/13 09:55:03 | 000,000,000 | R--D | C] -- C:\Users\jilly\Dropbox
[2013/12/13 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\jilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/12/12 16:22:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Snowflakes
[2013/12/11 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\jilly\Documents\My Readings By Persia
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/10 12:31:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf0885820801d0.job
[2014/01/10 12:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/10 09:08:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 07:42:02 | 000,002,148 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/09 13:31:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf088580b2a601.job
[2014/01/06 20:41:13 | 000,001,466 | ---- | M] () -- C:\Users\jilly\Documents\Hijack This Malware Scan.rtf
[2014/01/06 20:13:49 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 20:13:49 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 20:10:11 | 000,001,588 | ---- | M] () -- C:\Users\jilly\Documents\Highjack This AdwCleaner.rtf
[2014/01/06 20:05:20 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 19:58:30 | 000,022,937 | ---- | M] () -- C:\Users\jilly\Documents\Hijack This JRT.rtf
[2014/01/03 14:03:45 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/22 15:29:55 | 000,001,013 | ---- | M] () -- C:\Users\jilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/22 15:29:45 | 000,000,981 | ---- | M] () -- C:\Users\jilly\Desktop\Dropbox.lnk
[2013/12/19 13:32:46 | 000,787,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/19 13:32:46 | 000,669,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/19 13:32:46 | 000,129,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/18 13:13:12 | 000,001,143 | ---- | M] () -- C:\Users\jilly\Desktop\Continue Skype Free Download Installation.lnk
[2013/12/18 13:02:32 | 626,798,890 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/16 11:14:15 | 000,539,490 | ---- | M] () -- C:\Users\jilly\Documents\BabysFirstXmas1.jpg
[2013/12/14 15:18:56 | 001,006,587 | ---- | M] () -- C:\Users\jilly\Documents\Emma.png
[2013/12/13 12:35:32 | 020,247,771 | ---- | M] () -- C:\Users\jilly\Documents\Green eyes.psd
[2013/12/13 12:35:32 | 000,491,948 | ---- | M] () -- C:\Users\jilly\Documents\preview-3.jpg
[2013/12/13 12:35:32 | 000,464,539 | ---- | M] () -- C:\Users\jilly\Documents\preview-2.jpg
[2013/12/13 12:35:32 | 000,451,647 | ---- | M] () -- C:\Users\jilly\Documents\preview-1.jpg
[2013/12/13 12:35:32 | 000,121,584 | ---- | M] () -- C:\Users\jilly\Documents\close-up.jpg
[2013/12/13 11:56:40 | 013,412,790 | ---- | M] () -- C:\Users\jilly\Documents\Green Eyes.rar
[2013/12/12 17:20:59 | 000,270,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/01/06 20:41:12 | 000,001,466 | ---- | C] () -- C:\Users\jilly\Documents\Hijack This Malware Scan.rtf
[2014/01/06 20:10:11 | 000,001,588 | ---- | C] () -- C:\Users\jilly\Documents\Highjack This AdwCleaner.rtf
[2014/01/06 19:58:30 | 000,022,937 | ---- | C] () -- C:\Users\jilly\Documents\Hijack This JRT.rtf
[2014/01/03 14:03:45 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/03 13:12:52 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf0885820801d0.job
[2014/01/03 13:12:49 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf088580b2a601.job
[2013/12/18 13:13:12 | 000,001,143 | ---- | C] () -- C:\Users\jilly\Desktop\Continue Skype Free Download Installation.lnk
[2013/12/16 11:11:30 | 000,539,490 | ---- | C] () -- C:\Users\jilly\Documents\BabysFirstXmas1.jpg
[2013/12/14 15:18:49 | 001,006,587 | ---- | C] () -- C:\Users\jilly\Documents\Emma.png
[2013/12/13 11:56:35 | 013,412,790 | ---- | C] () -- C:\Users\jilly\Documents\Green Eyes.rar
[2013/12/13 11:56:28 | 000,491,948 | ---- | C] () -- C:\Users\jilly\Documents\preview-3.jpg
[2013/12/13 11:56:28 | 000,464,539 | ---- | C] () -- C:\Users\jilly\Documents\preview-2.jpg
[2013/12/13 11:56:28 | 000,451,647 | ---- | C] () -- C:\Users\jilly\Documents\preview-1.jpg
[2013/12/13 11:56:28 | 000,121,584 | ---- | C] () -- C:\Users\jilly\Documents\close-up.jpg
[2013/12/13 11:56:27 | 020,247,771 | ---- | C] () -- C:\Users\jilly\Documents\Green eyes.psd
[2013/12/13 09:55:03 | 000,000,981 | ---- | C] () -- C:\Users\jilly\Desktop\Dropbox.lnk
[2013/12/13 09:51:41 | 000,001,013 | ---- | C] () -- C:\Users\jilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/07 11:05:23 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2013/09/07 11:05:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\icmfilter.dll
[2013/04/02 10:06:37 | 000,007,680 | ---- | C] () -- C:\Users\jilly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/18 16:49:09 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/10/11 07:42:15 | 000,005,197 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/05 18:00:25 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/05 08:36:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/05 08:30:09 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/13 08:01:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 08:01:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/14 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/09/08 14:51:25 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Alien Skin
[2012/10/05 07:07:34 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\AVG2013
[2012/10/25 10:44:39 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/06 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Dropbox
[2012/10/18 09:48:38 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Jasc
[2012/10/06 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Lanmisoft
[2013/05/08 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\RocketPDF
[2013/10/19 12:46:05 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Trillian
[2012/10/05 07:06:30 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\TuneUp Software
[2013/09/07 12:22:16 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Waterfox Limited
[2012/10/11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\jilly\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
 

[Maniac]

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

  FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.48

  [2013/11/19 16:32:07 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions\support@tubedimmerapp.com

  :files

  ipconfig /flushdns /c

  :Commands

  [emptytemp]

  [resethosts]

  [clearallrestorepoints]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

In your next reply, post the following log files:

• OTL Fix log
• Kaspersky AVP log

[Jilly]

Ok, I finally got the extra log, do you want me to continue with your previous instructions?

 

OTL Extras logfile created on: 09/01/2014 12:08:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jilly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.86 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 44.01% Memory free
7.73 Gb Paging File | 5.11 Gb Available in Paging File | 66.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 250.80 Gb Free Space | 55.61% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 4.39 Gb Free Space | 29.98% Space Free | Partition Type: NTFS
 
Computer Name: JILLY-PC | User Name: jilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3154375046-2013276623-2211640544-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\waterfox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\jilly\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\jilly\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010F053D-1DBE-4D06-ADCD-3811C8437492}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1E1AF0D2-E9B0-4549-AC90-3CBE65DA9E70}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{55DB1812-E647-45E1-B2A4-2E6DF8B5DEA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE75757C-BBB5-4CCC-AE63-CE3235CB19E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12694634-C2D7-461E-8AEC-3EFC876B1CE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{14DC6B23-F8A0-4AF9-A40D-FC265EFF0967}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{20600645-1FCD-43D4-9B94-B1D340AFE0FC}" = dir=in | app=c:\users\jilly\appdata\local\microsoft\skydrive\skydrive.exe |
"{211C9118-EDD3-4EAA-921A-E2C3156C8245}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{25C4772C-59F0-4A1C-9540-60C6E3004D01}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{29DAD0CD-E5D5-4101-B5A6-9C24100B5493}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{35C91F84-51BF-4C6C-A532-401CD71F0370}" = dir=in | app=c:\program files (x86)\skypewebplugin\skypewebplugin.exe |
"{4DDD0CB7-64EB-4CDE-BE5E-FEB26C9BC076}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5896D611-D7F8-4C4A-A2A4-E17685237658}" = protocol=58 | dir=in | app=system |
"{628B0933-9EFE-4F83-83FA-EE7C1C854692}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70298ECD-3634-4DC1-ADBB-D4BCA64BC729}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{74BAE9AA-E2FF-4304-8266-79C6CF6864B4}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{772274F5-59A2-450A-B45A-BC4AFF50320B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{7B6F52AD-6A64-4EBD-A055-D892CA60BEC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{7E98B89D-ED7A-4E6D-B194-E09F4B91ED63}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8EFBD32B-6640-446C-B2D1-DBF48F20E586}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9AB6A2FA-D2A2-4D69-A826-A51EE6A80FF0}" = protocol=6 | dir=in | app=c:\users\jilly\appdata\roaming\dropbox\bin\dropbox.exe |
"{B23A8DE7-9D14-4AEF-9AEF-66AF5AB45CEF}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CBBA03A6-3CA1-4CE9-BACD-4C63354E192B}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{DB4238A1-9E0C-4C54-B802-0EC2BB733578}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E54C0AD9-0751-4998-8ADA-CCB4430B2A5C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{E8B51701-AF07-4F7B-BE20-1D8D6605D691}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EA4397BD-F953-4231-9F7E-571D12C50B05}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{EBC94E4C-4D6B-4380-A343-5886029E2272}" = protocol=17 | dir=in | app=c:\users\jilly\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3B300CE-2EB2-49B6-834F-59557C951609}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F84DDF6C-3BA2-423D-8FF7-4EB343CF2A47}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{FFF736B6-1ACC-4161-9394-ACE3E01B1967}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{A9706120-E908-4262-8112-B245F6E10DBA}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"TCP Query User{F3A0C410-E1DF-4734-BFA9-DEBA12516AFF}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{008E3620-0156-4833-8454-3197C8AA43AA}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{2B1D9D36-0DC5-47FC-9F31-42D228B0B0EE}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF82FC-00F1-1375-87C4-0578364E036B}" = ATI Catalyst Install Manager
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{3B6074E5-5823-9363-851C-25F9DDB1E477}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CAB32387-ECE2-AE2D-9F70-FEC99A835FFD}" = ATI AVIVO64 Codecs
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501)
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Waterfox 24.0 (x64 en-US)" = Waterfox 24.0 (x64 en-US)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1170BEDA-359C-4202-A5BF-CCA919E7B917}" = CCC Help Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DE6032-D3EE-D664-FA63-452431599161}" = CCC Help Norwegian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24BBD0E3-4579-9EF5-6081-DE56129D093A}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39EFAC6A-639E-3CE3-2B62-EF8518AD8326}" = CCC Help Chinese Traditional
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3ED3BC2E-141A-BFB0-D48C-E8DDA3A461E7}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B21E43-056F-9E58-8774-20E8A89B5347}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65A30A52-B4CA-006E-8750-8366C9693C77}" = CCC Help Russian
"{66C5E9B6-2D87-D7E8-9B8F-BFCAD7105AD1}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F11BED2-859F-46C4-A9DA-A91AAD5BC849}" = Skype Web Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{745A24D1-CFF4-45BA-8690-2AD15DA790C4}" = Skype Web Plugin
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78AE5FAE-C641-311B-9CC8-CEBB87FAF795}" = CCC Help Japanese
"{7BCA9417-A611-CC28-9471-6250EC9666EB}" = Catalyst Control Center Graphics Full Existing
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C28F118-03B5-4756-F83C-C31C851D1FF3}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95E58BA1-2E10-B49E-283C-3C170C098149}" = CCC Help Dutch
"{9635D462-1B39-E171-BA1C-32A036572251}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4147C0B-A939-B87E-A6AB-71837A52AFEC}" = Catalyst Control Center Core Implementation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8ACDFFF-093C-8898-E1B8-9388277CD805}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC57BF3A-E460-4CBD-A8BB-3A3A8D1D9A55}_is1" = All Media Converter version 5.2.3
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B47669BF-36B7-B33B-69C9-A2E7AAA36017}" = CCC Help German
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C52D6FF6-308B-2395-72EE-CA72216F8618}" = CCC Help Korean
"{C5422D6A-6CC4-82CA-C28F-249DC0C846B5}" = Catalyst Control Center Graphics Full New
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC73671-6AFB-CC2B-203B-2A00E8901755}" = Catalyst Control Center Graphics Previews Vista
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D7058431-BC8D-71B7-136F-6FFA32C5C7C2}" = CCC Help Swedish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECBA603F-259F-9C33-85DE-0D7E3FCAB407}" = CCC Help Finnish
"{EE14D3B8-D4A6-EEC6-A37E-FC77CBF6A5FE}" = CCC Help Italian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26E3E58-D6E5-3C61-7A7C-20D61017C26A}" = CCC Help French
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB9F4BEA-283B-18FA-3DA4-B757214528F3}" = Catalyst Control Center Localization All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE6D5F28-4C11-4197-66CA-48AA4AECD833}" = Catalyst Control Center Graphics Light
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 4000" = Eye Candy 4000
"FastFontPreview_is1" = FastFontPreview v3.0.2 FREEWARE
"Font Xplorer" = Font Xplorer 1.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Trillian" = Trillian
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xenofex2" = Alien Skin Xenofex 2.0
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3154375046-2013276623-2211640544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe AIR Free Download Packages" = Adobe AIR Free Download Packages
"Dropbox" = Dropbox
"Microsoft SkyDrive Free Download Packages" = Microsoft SkyDrive Free Download Packages
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07/01/2014 03:58:21 | Computer Name = jilly-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 07/01/2014 03:58:23 | Computer Name = jilly-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
 Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
 The previous version of Security Essentials was restored. Error code:0x80070643.
 Fatal error during installation.
 
Error - 08/01/2014 04:35:14 | Computer Name = jilly-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 08/01/2014 04:35:29 | Computer Name = jilly-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
 Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
 The previous version of Security Essentials was restored. Error code:0x80070643.
 Fatal error during installation.
 
Error - 08/01/2014 05:02:32 | Computer Name = jilly-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\jilly\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 08/01/2014 05:02:42 | Computer Name = jilly-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\jilly\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 08/01/2014 14:01:15 | Computer Name = jilly-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 08/01/2014 14:02:25 | Computer Name = jilly-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\jilly\downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 09/01/2014 04:44:27 | Computer Name = jilly-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 09/01/2014 04:44:41 | Computer Name = jilly-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
 Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
 The previous version of Security Essentials was restored. Error code:0x80070643.
 Fatal error during installation.
 
[ System Events ]
Error - 07/01/2014 04:00:32 | Computer Name = jilly-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
 
Error - 08/01/2014 04:37:21 | Computer Name = jilly-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
 
Error - 09/01/2014 04:46:25 | Computer Name = jilly-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
 
 
< End of report >
 

[Jilly]

OTL Fix

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: support%40tubedimmerapp.com:2.6.48 removed from extensions.enabledAddons
C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions\support@tubedimmerapp.com\chrome\content folder moved successfully.
C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions\support@tubedimmerapp.com\chrome folder moved successfully.
C:\Users\jilly\AppData\Roaming\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\extensions\support@tubedimmerapp.com folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jilly\Downloads\cmd.bat deleted successfully.
C:\Users\jilly\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: jilly
->Temp folder emptied: 9798405812 bytes
->Temporary Internet Files folder emptied: 47394935 bytes
->Java cache emptied: 2783803 bytes
->FireFox cache emptied: 98827539 bytes
->Google Chrome cache emptied: 43298030 bytes
->Flash cache emptied: 58661 bytes
 
User: Public
 
User: wangzhisong
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 403963867 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 18894105810 bytes
 
Total Files Cleaned = 27,932.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01102014_134510

Files\Folders moved on Reboot...
C:\Users\jilly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jilly\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\jilly\AppData\Local\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\startupCache\startupCache.8.little moved successfully.
C:\Users\jilly\AppData\Local\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\Cache\_CACHE_001_ moved successfully.
C:\Users\jilly\AppData\Local\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\Cache\_CACHE_002_ moved successfully.
C:\Users\jilly\AppData\Local\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\Cache\_CACHE_003_ moved successfully.
C:\Users\jilly\AppData\Local\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\Cache\_CACHE_MAP_ moved successfully.
C:\Users\jilly\AppData\Local\Mozilla\Firefox\Profiles\9g9vk3tp.default-1367480507830\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[Jilly]

Running Kaspersky now

[Maniac]

Thanks!

[Jilly]

Hi Borislav, Kaspersky has been scanning for almost 23 hours now, my laptop keeps switching off and at the moment Kaspersky isn`t responding, which is the third time now.

 

I disconnected sleep mode but it hasn`t stopped my pc from shutting down.................  Arghh any ideas please?

[Maniac]

How is your system now?

[Jilly]

Still scanning but very slow and I can`t get on the page.  I can see progress if I hold the cursor over the bottom menu icon but that`s it and the duration time hasn`t moved in a while.  Plus the layout has changed.

 

Here`s a screen print.  Still getting a black screen after a few minutes sitting idle

[Jilly]

Wouldn`t let me post the screen print, saying message too short, so trying again

 

[Jilly]

It`s totally frozen now.

 

[Jilly]

Just thought, it might have finished as the scan report is showing now but I can`t get it up on my screen to check or copy the results for you.........  This is getting me down!!!!

 

I hope we can get to the bottom of this

[Jilly]

For some reason Hitman Pro has attached itself and done a scan......  here`s the log

 

HitmanPro 3.7.8.208www.hitmanpro.com   Computer name . . . . : JILLY-PC   Windows . . . . . . . : 6.1.1.7601.X64/2   User name . . . . . . : jilly-PC\jilly   UAC . . . . . . . . . : Enabled   License . . . . . . . : Free   Scan date . . . . . . : 2014-01-12 09:58:38   Scan mode . . . . . . : Quick   Scan duration . . . . : 3m 38s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No   Threats . . . . . . . : 0   Traces  . . . . . . . : 15   Objects scanned . . . : 3,752   Files scanned . . . . : 3,752   Remnants scanned  . . : 0 files / 0 keysSuspicious files ____________________________________________________________   C:\Users\jilly\AppData\Local\Temp\9387032\bases\arkmon.kdl      Size . . . . . . . : 38,400 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:34)      Entropy  . . . . . : 7.6      SHA-256  . . . . . : EC17DF944D02EB5E8170671BF42FA93DADB3B046A120C9C01257DF1069EDAFCA      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Anti-Rootkit Monitor      Version  . . . . . : 1.3.5.1      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.   C:\Users\jilly\AppData\Local\Temp\9387032\bases\kavsys.kdl      Size . . . . . . . : 185,856 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:51)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : 5201555705B8BC7596A101931F07D871B189C0083F3ECFE6039A4C2CF4BCF976      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Set of system interfaces      Version  . . . . . : 1.12.6.0      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.   C:\Users\jilly\AppData\Local\Temp\9387032\bases\kjim.kdl      Size . . . . . . . : 299,520 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:52)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : B3E2D2290D6D214D9DE7DA6E022421125E7AF5E2F9FD082922751AC44D66C163      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Script Heuristics Engine      Version  . . . . . : 5.15.0.2      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.   C:\Users\jilly\AppData\Local\Temp\9387032\bases\klavemu.kdl      Size . . . . . . . : 1,664,000 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:53)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : 852785521F813F6B359FC4276E9433073C0FC75A7A5EDE621226056294BE090C      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Heuristics engine      Version  . . . . . : 18.44.19.5      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.   C:\Users\jilly\AppData\Local\Temp\9387032\bases\mark.kdl      Size . . . . . . . : 153,600 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:55)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : 8C33BFC55669C5A7B9BCC1B0E1E716C2A2C636A6528BBAE5BD1A137FBB53C310      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Anti-Rootkit Engine      Version  . . . . . : 5.3.4.1      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.   C:\Users\jilly\AppData\Local\Temp\9387032\bases\pbs.kdl      Size . . . . . . . : 435,712 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:56)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : F6A67DA1D84F8D5E5CC6AF5F45514E1EC1C078B53CEE501699A90EFC7331A5FC      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Extensional Scan Engine      Version  . . . . . : 2.4.0.2      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.   C:\Users\jilly\AppData\Local\Temp\9387032\bases\qscan.kdl      Size . . . . . . . : 455,168 bytes      Age  . . . . . . . : 1.8 days (2014-01-10 14:03:58)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : 0BC8ED2FF5E2A8631784262EFD671FD0534BC784AB620C0A3433ED87DE6B74A3      Product  . . . . . : Kaspersky Anti-Virus      Publisher  . . . . : Kaspersky Lab ZAO      Description  . . . : Initial Scan Engine      Version  . . . . . : 3.7.6.0      Copyright  . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.      Fuzzy  . . . . . . : 22.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The file name extension of this program is not common.         Program is running but currently exposes no human-computer interface (GUI).         Time indicates that the file appeared recently on this computer.         File resides in a temporary folder. This is not typical for most programs.         The file is in use by one or more active processes.Repairs _____________________________________________________________________   hosts   C:\Windows\system32\drivers\etc\