Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    May 2014
    Posts
    7
    Points
    7

    Default I am having stubborn browser hijacking problems

    I have done several scans with several programs, and have tried disabling things in MSConfig, and I cannot find anything suspicious. Should I do a 360-day OTL as well, since this has probably been happening for a time longer than 1 month? The redirects go through redirsvc, and they are inline text, and often come from TopArcadeHits, but there are others as well. Sometimes, on Imgur, the "Send" Button has a link on the word "Send", so I can only press some parts of the button for it to work correctly.

    I clicked "Manage Attachements," but it brought up a blank window with red triangles, so I'm going to try to copy+paste the MB, SAS, HJT logs. I'd post the MBRCheck log too if it wasn't full of special characters.
    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Database version: v2014.06.03.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.17107
    Dan :: DAN-PC [administrator]

    6/7/2014 2:02:58 AM
    mbam-log-2014-06-07 (02-02-58).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 439262
    Time elapsed: 1 hour(s), 3 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/07/2014 at 02:02 AM

    Application Version : 5.7.1018

    Core Rules Database Version : 11289
    Trace Rules Database Version: 9101

    Scan type : Complete Scan
    Total Scan Time : 00:28:24

    Operating System Information
    Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 566
    Memory threats detected : 0
    Registry items scanned : 36092
    Registry threats detected : 0
    File items scanned : 71732
    File threats detected : 0









    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:38:23 AM, on 6/7/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17041)
    Boot mode: Normal
    Windows folder: C:\Windows
    System folder: C:\Windows\SYSTEM32
    Hosts file: C:\Windows\System32\drivers\etc\hosts

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\Spybot\SDTray.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\HJThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\explorer.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (filesize 2396480 bytes, MD5 B9D89A463F2AC998101724BB2E727C99)
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (filesize 542400 bytes, MD5 3E0DEBA7E963B1C0F59D1D2452C71DE3)
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (filesize 885952 bytes, MD5 6E152A5D984D48023ECF93889C508458)
    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (filesize 3594264 bytes, MD5 BF9F22D2316F1DC45F04328D307CC8CB)
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (filesize 428224 bytes, MD5 11DA96C184582C98330C51158C64AB84)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 194504 bytes, MD5 81590207A8EFAB40BAFE743D8073EB9B)
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (filesize 488640 bytes, MD5 D826639120B2D4E9B53243D55BC1ACC8)
    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (filesize 3594264 bytes, MD5 BF9F22D2316F1DC45F04328D307CC8CB)
    O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (filesize 2396480 bytes, MD5 B9D89A463F2AC998101724BB2E727C99)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 194504 bytes, MD5 81590207A8EFAB40BAFE743D8073EB9B)
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" (filesize 356128 bytes, MD5 7E91655B4947EC1B18B3BC1645839145)
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" (filesize 2567192 bytes, MD5 2B9989AD2AC820599C0F0D2844F9F4DE)
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot\SDTray.exe" (filesize 4101584 bytes, MD5 F336AD03BE347DD5B585AD36AC78751B)
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 958576 bytes, MD5 48BE298F7FD1BEF4D8FBACB04D8D95C4)
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm (filesize 1452 bytes, MD5 2D519BB384202BED2327306AB3657DFB)
    O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (filesize 885952 bytes, MD5 6E152A5D984D48023ECF93889C508458)
    O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (filesize 488640 bytes, MD5 D826639120B2D4E9B53243D55BC1ACC8)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1996392 bytes, MD5 4F04EF75D315039E3665B035FA086D38)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (filesize 633368 bytes, MD5 AF6E930E5900F8051BC5B88A946A0EB0)
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exeC:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exeC:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeC:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot\SDFSSvc.exeC:\Program Files\Spybot\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot\SDUpdSvc.exeC:\Program Files\Spybot\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot\SDWSCSvc.exeC:\Program Files\Spybot\SDWSCSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeC:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeC:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: vToolbarUpdater18.1.7 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe

    --
    End of file - 9253 bytes

  2. The Following User Says Thank You to TheGameBall For This Useful Post:


  3. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    have tried disabling things in MSConfig
    First
    re-enable everything, you disabled, reboot the computer to normal start up mode.

    Next
    We will run a diagnostics that will show us more. Please follow through.

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Thanks
    Joe
    Last edited by zep516; 06-07-2014 at 10:50 AM.

  4. The Following 2 Users Say Thank You to zep516 For This Useful Post:


  5. #3
    Member
    Join Date
    May 2014
    Posts
    7
    Points
    7

    Default

    (Oh yeah, I had forgotten to mention I had already re-enabled everything.)

    I saw the stuff at the end of Extras.txt; is there some other cause or do I really need to hunt down some updated firmware for something?

    Should I do a 360-day OTL, since this has probably been happening for a time longer than 1 month? Otherwise, here's the ones you told me to give:

    OTL logfile created on: 6/7/2014 3:46:01 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.37 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 62.67% Memory free
    6.75 Gb Paging File | 5.00 Gb Available in Paging File | 74.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 928.88 Gb Total Space | 880.79 Gb Free Space | 94.82% Space Free | Partition Type: NTFS
    Drive E: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/06/07 03:52:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.exe
    PRC - [2014/06/02 08:33:31 | 002,567,192 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
    PRC - [2014/06/02 08:33:31 | 002,455,064 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
    PRC - [2014/06/02 08:33:31 | 001,808,408 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
    PRC - [2014/06/02 08:33:31 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
    PRC - [2014/05/13 18:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/04/25 14:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDTray.exe
    PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDWSCSvc.exe
    PRC - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDUpdSvc.exe
    PRC - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDFSSvc.exe
    PRC - [2014/01/06 16:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/28 03:29:38 | 003,675,352 | ---- | M] (Disc Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2013/10/16 12:44:58 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/05/28 13:17:01 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/01/31 04:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2013/01/31 04:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 16:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    PRC - [2010/01/18 21:43:00 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    PRC - [2009/07/13 20:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2014/06/02 08:33:31 | 002,567,192 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
    MOD - [2014/06/02 08:33:31 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
    MOD - [2014/05/13 18:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
    MOD - [2014/05/13 18:40:53 | 013,695,816 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
    MOD - [2014/05/13 18:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
    MOD - [2014/05/13 18:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
    MOD - [2014/05/13 18:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
    MOD - [2014/05/13 18:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
    MOD - [2014/04/25 14:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files\Spybot\snlFileFormats150.bpl
    MOD - [2014/04/25 14:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files\Spybot\snlThirdParty150.bpl
    MOD - [2014/04/25 14:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot\DEC150.bpl
    MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll


    ========== Services (SafeList) ==========

    SRV - [2014/06/02 08:33:31 | 001,808,408 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe -- (vToolbarUpdater18.1.7)
    SRV - [2014/05/21 12:39:14 | 000,564,416 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2014/05/13 15:45:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDWSCSvc.exe -- (SDWSCService)
    SRV - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDUpdSvc.exe -- (SDUpdateService)
    SRV - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDFSSvc.exe -- (SDScannerService)
    SRV - [2014/03/06 02:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/16 12:44:58 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP)
    SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/05/28 13:21:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dan\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alvjxks8)
    DRV - [2014/06/02 08:33:31 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2014/06/01 13:31:27 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2014/04/02 11:36:58 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2014/04/02 11:36:58 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2013/12/30 22:35:32 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2013/10/16 12:48:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2013/10/16 12:48:26 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2013/10/16 12:48:26 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
    DRV - [2013/09/19 20:13:55 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
    DRV - [2013/09/19 20:13:54 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
    DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/02 14:39:44 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
    DRV - [2011/06/02 14:39:44 | 000,039,736 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
    DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 17 57 99 64 5B CE 01 [binary data]
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=2I7NDKB_enUS0538______
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13 21:39:52&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2282707794-52558753-626861832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/13 22:40:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014/04/02 11:37:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014/04/02 11:37:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]

    [2013/09/11 11:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://mysearch.avg.com/search?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13 21:39:52&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1,
    CHR - homepage: [ history, homepage, nativeMessaging, searchProvider, startupPages, tabs ]
    CHR - homepage: [ browsingData, cookies, history, management, nativeMessaging, tabs, unlimitedStorage, webNavigation, webRequest, webRequestBlocking, webRequestInternal, searchProvider, homepage, startupPages ]
    CHR - homepage: http://mysearch.avg.com?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13 21:39:52&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
    CHR - homepage: http://mysearch.avg.com/?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13%2021:39:52&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
    CHR - homepage: http://mysearch.avg.com?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13 21:39:52&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
    CHR - Extension: YouTube = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Facebook = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: Google Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Kaspersky URL Advisor = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0\
    CHR - Extension: TopArcadeHits = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
    CHR - Extension: Safe Money = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0\
    CHR - Extension: Content Blocker = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0\
    CHR - Extension: Virtual Keyboard = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0\
    CHR - Extension: AVG Secure Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.5.512_0\
    CHR - Extension: Gmail = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Anti-Banner = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0\

    O1 HOSTS File: ([2014/05/30 21:31:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
    O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
    O4 - HKU\S-1-5-21-2282707794-52558753-626861832-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
    O4 - HKU\S-1-5-21-2282707794-52558753-626861832-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2282707794-52558753-626861832-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2282707794-52558753-626861832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2282707794-52558753-626861832-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
    O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3034F098-21EB-4EC5-A106-57A50A06EB6A}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2014/04/09 18:37:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/04/18 02:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/06/02 08:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2014/06/01 13:31:27 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2014/05/31 00:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/05/30 23:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/05/30 23:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/05/30 23:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\HJThis
    [2014/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2014/05/30 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2014/05/30 21:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2014/05/30 21:36:40 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2014/05/30 21:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2014/05/30 21:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
    [2014/05/30 21:32:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/05/30 21:31:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/05/30 21:24:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/05/30 21:24:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/05/30 21:24:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/05/30 21:23:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/05/30 21:23:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/05/30 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
    [2014/05/29 14:54:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
    [2014/05/29 14:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2014/05/28 16:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/05/28 15:59:01 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\EmieUserList
    [2014/05/28 15:59:01 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\EmieSiteList
    [2014/05/28 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\QuickScan
    [2014/05/26 17:22:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Oracle
    [2014/05/26 17:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/05/26 17:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2014/05/26 17:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/05/26 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2014/05/22 14:21:11 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\MFAData
    [2014/05/22 14:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2014/05/22 14:21:11 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Avg2014
    [2014/05/15 03:00:53 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2014/05/14 15:44:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/05/14 15:44:03 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    [2014/05/14 15:43:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2014/05/14 15:43:56 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2014/05/14 15:43:56 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
    [2014/05/14 15:43:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
    [2014/05/14 15:43:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
    [2014/05/14 15:43:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
    [2014/05/14 15:43:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
    [2014/05/14 15:43:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
    [2014/05/14 15:43:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
    [2014/05/14 15:43:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

    ========== Files - Modified Within 30 Days ==========

    [2014/06/07 15:49:18 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/07 15:49:18 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/07 15:48:21 | 000,662,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/06/07 15:48:21 | 000,122,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/06/07 15:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/07 15:41:46 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/06/07 15:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/07 15:41:38 | 2716,672,000 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/07 08:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/06/02 08:33:31 | 000,042,784 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2014/06/01 13:31:27 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2014/05/31 00:09:43 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/30 23:30:08 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/05/30 22:45:48 | 000,002,967 | ---- | M] () -- C:\Users\Dan\Desktop\HiJackThis.lnk
    [2014/05/30 22:33:04 | 000,002,794 | ---- | M] () -- C:\Users\Dan\Desktop\WS73099cc142f4875513fb5cd10c4aa30d6b3522 - Shortcut.lnk
    [2014/05/30 22:26:36 | 000,002,123 | ---- | M] () -- C:\Users\Dan\Desktop\WS1a9193826455f5ff3d6161141208a8044f3-7983 - Shortcut.lnk
    [2014/05/30 21:58:17 | 000,000,402 | ---- | M] () -- C:\Users\Dan\Desktop\mctadmin.reg
    [2014/05/30 21:36:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/05/30 21:31:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/05/28 15:50:43 | 000,267,611 | ---- | M] () -- C:\Users\Dan\AppData\Local\census.cache
    [2014/05/28 15:50:43 | 000,124,902 | ---- | M] () -- C:\Users\Dan\AppData\Local\ars.cache
    [2014/05/28 15:34:07 | 000,000,010 | ---- | M] () -- C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
    [2014/05/28 15:10:32 | 000,000,036 | ---- | M] () -- C:\Users\Dan\AppData\Local\housecall.guid.cache
    [2014/05/24 07:30:18 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/05/13 15:45:13 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/05/13 15:45:13 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/05/09 02:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/05/09 02:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

    ========== Files Created - No Company Name ==========

    [2014/05/31 00:09:43 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/30 23:30:08 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/05/30 22:45:48 | 000,002,967 | ---- | C] () -- C:\Users\Dan\Desktop\HiJackThis.lnk
    [2014/05/30 22:33:04 | 000,002,794 | ---- | C] () -- C:\Users\Dan\Desktop\WS73099cc142f4875513fb5cd10c4aa30d6b3522 - Shortcut.lnk
    [2014/05/30 22:26:36 | 000,002,123 | ---- | C] () -- C:\Users\Dan\Desktop\WS1a9193826455f5ff3d6161141208a8044f3-7983 - Shortcut.lnk
    [2014/05/30 21:58:17 | 000,000,402 | ---- | C] () -- C:\Users\Dan\Desktop\mctadmin.reg
    [2014/05/30 21:36:43 | 000,001,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2014/05/30 21:36:43 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/05/30 21:24:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/05/30 21:24:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/05/30 21:24:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/05/30 21:24:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/05/30 21:24:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/05/28 15:50:43 | 000,267,611 | ---- | C] () -- C:\Users\Dan\AppData\Local\census.cache
    [2014/05/28 15:50:43 | 000,124,902 | ---- | C] () -- C:\Users\Dan\AppData\Local\ars.cache
    [2014/05/28 15:34:07 | 000,000,010 | ---- | C] () -- C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
    [2014/05/28 15:10:32 | 000,000,036 | ---- | C] () -- C:\Users\Dan\AppData\Local\housecall.guid.cache
    [2013/11/24 22:32:25 | 000,002,099 | ---- | C] () -- C:\Users\Dan\AppData\Local\recently-used.xbel
    [2013/09/11 17:44:01 | 000,000,093 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\WB.CFG
    [2013/09/11 17:44:01 | 000,000,005 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\WBPU-TTL.DAT
    [2013/06/18 13:06:05 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2013/06/18 13:06:05 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2013/06/18 13:06:05 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2013/06/18 12:54:42 | 000,036,056 | ---- | C] () -- C:\Windows\DIIUnin.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >










    OTL Extras logfile created on: 6/7/2014 3:46:01 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.37 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 62.67% Memory free
    6.75 Gb Paging File | 5.00 Gb Available in Paging File | 74.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 928.88 Gb Total Space | 880.79 Gb Free Space | 94.82% Space Free | Partition Type: NTFS
    Drive E: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2282707794-52558753-626861832-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot\SDTray.exe" = C:\Program Files\Spybot\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot\SDFSSvc.exe" = C:\Program Files\Spybot\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot\SDUpdate.exe" = C:\Program Files\Spybot\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot\SDUpdSvc.exe" = C:\Program Files\Spybot\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{13E24EA1-4E62-44E5-B2A6-EB3739C0A9E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{161B9AD2-44D1-41C9-8C0A-177D15595724}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight ii\editor.exe |
    "{65C7541D-CBD2-42F8-BBD7-BDD55A58C90A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight ii\editor.exe |
    "{95496A26-DAA2-4DC3-843B-52DF8882D226}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{B781AF3D-2E75-4F79-9AAF-91058497101C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{FB6CC4CB-4655-468A-A5B3-58CDCD30E8E4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{FBDAD798-0C7E-4950-B920-C8B72E5DF926}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "TCP Query User{EC48F1EC-D9FD-41DC-B438-CF96D8A7CA5F}C:\program files\firestorm-release\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-release\slvoice.exe |
    "UDP Query User{A332C9CB-C8FD-4646-BAAC-82C6A1134B4C}C:\program files\firestorm-release\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-release\slvoice.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B75BC01B-4586-43F8-9349-D250DB98F26F}" = SketchUp 2013
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}" = LibreOffice 4.0.3.3
    "{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
    "AVG SafeGuard toolbar" = AVG SafeGuard toolbar
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CCleaner" = CCleaner
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Diablo II" = Diablo II
    "Firestorm-Beta" = Firestorm-Beta (remove only)
    "GIMP-2_is1" = GIMP 2.8.6
    "GOGPACKRTC_is1" = RollerCoaster Tycoon Deluxe
    "Google Chrome" = Google Chrome
    "Image Converter Image Converter" = Image Converter
    "ImgBurn" = ImgBurn
    "InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "Runic Games TorchED" = TorchED
    "Steam" = Steam
    "Steam App 200710" = Torchlight II
    "Steam App 223070" = Torchlight II GUTS
    "Torchlight_is1" = Torchlight

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2282707794-52558753-626861832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Image Editor Packages" = Image Editor Packages

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/31/2014 4:09:15 PM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/1/2014 1:34:57 AM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/1/2014 12:30:24 PM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/2/2014 9:33:10 AM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/2/2014 7:03:55 PM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/3/2014 11:36:52 AM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/4/2014 1:20:25 PM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/4/2014 3:57:48 PM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/4/2014 11:22:58 PM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/5/2014 8:35:33 AM | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 6/3/2014 9:11:26 PM | Computer Name = Dan-PC | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.

    Error - 6/3/2014 11:29:00 PM | Computer Name = Dan-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/4/2014 1:29:24 PM | Computer Name = Dan-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/4/2014 4:05:29 PM | Computer Name = Dan-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/4/2014 5:53:29 PM | Computer Name = Dan-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/4/2014 7:34:13 PM | Computer Name = Dan-PC | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.

    Error - 6/4/2014 7:42:25 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 6/4/2014 7:53:37 PM | Computer Name = Dan-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/6/2014 6:58:03 PM | Computer Name = Dan-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/6/2014 8:25:24 PM | Computer Name = Dan-PC | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.


    < End of report >

  6. The Following User Says Thank You to TheGameBall For This Useful Post:


  7. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Next

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following


      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      SRV - [2014/06/02 08:33:31 | 001,808,408 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe -- (vToolbarUpdater18.1.7)
      DRV - [2014/06/02 08:33:31 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
      O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
      O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
      [2014/06/02 08:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
      [2014/05/22 14:21:11 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\MFAData
      [2014/05/22 14:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
      [2014/05/22 14:21:11 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Avg2014
      
      :Files
      C:\Program Files\AVG SafeGuard toolbar\vprot.exe
      ipconfig /flushdns /c
      C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
      
      :Commands
      
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post:
    1-OTL Fix log
    2-New otl after quick scan
    3-Adwcleaner [SO]txt log
    4-JRT txt log

    Thanks
    Joe

  8. The Following 2 Users Say Thank You to zep516 For This Useful Post:


  9. #5
    Member
    Join Date
    May 2014
    Posts
    7
    Points
    7

    Default

    Okay, here's the fix log:

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Service vToolbarUpdater18.1.7 stopped successfully!
    Service vToolbarUpdater18.1.7 deleted successfully!
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe moved successfully.
    Service avgtp stopped successfully!
    Service avgtp deleted successfully!
    C:\Windows\System32\drivers\avgtpx86.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    File C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    C:\Program Files\AVG SafeGuard toolbar\vprot.exe moved successfully.
    C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
    Invalid CLSID key: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
    File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll not found.
    C:\ProgramData\AVG Secure Search\Logger folder moved successfully.
    C:\ProgramData\AVG Secure Search folder moved successfully.
    C:\Users\Dan\AppData\Local\MFAData\logs folder moved successfully.
    C:\Users\Dan\AppData\Local\MFAData folder moved successfully.
    C:\ProgramData\MFAData\survey folder moved successfully.
    C:\ProgramData\MFAData\SelfUpd\bins folder moved successfully.
    C:\ProgramData\MFAData\SelfUpd folder moved successfully.
    C:\ProgramData\MFAData\pack\bins folder moved successfully.
    C:\ProgramData\MFAData\pack folder moved successfully.
    C:\ProgramData\MFAData folder moved successfully.
    C:\Users\Dan\AppData\Local\Avg2014\log folder moved successfully.
    C:\Users\Dan\AppData\Local\Avg2014 folder moved successfully.
    ========== FILES ==========
    File\Folder C:\Program Files\AVG SafeGuard toolbar\vprot.exe not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dan\Downloads\cmd.bat deleted successfully.
    C:\Users\Dan\Downloads\cmd.txt deleted successfully.
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dan
    ->Temp folder emptied: 3928927 bytes
    ->Temporary Internet Files folder emptied: 11031164 bytes
    ->Java cache emptied: 304321 bytes
    ->Google Chrome cache emptied: 444040035 bytes
    ->Flash cache emptied: 1694 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 56987673 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 492.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 06072014_191427

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    ---------------------------------------------------------------------------------------------------------
    I noticed some settings were put back to the default, should I have re-checked "All Users" and All Extra Registry Items? Also, I'm pretty sure I disabled DaemonToolsLite, but since it appears, I'm not sure what went wrong with that.


    OTL logfile created on: 6/7/2014 8:45:47 PM - Run 6
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.37 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 61.25% Memory free
    6.75 Gb Paging File | 4.74 Gb Available in Paging File | 70.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 928.88 Gb Total Space | 882.52 Gb Free Space | 95.01% Space Free | Partition Type: NTFS

    Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/06/07 19:25:12 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Dan\Downloads\JRT.exe
    PRC - [2014/06/07 03:52:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.exe
    PRC - [2014/05/13 18:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/04/25 14:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDTray.exe
    PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDWSCSvc.exe
    PRC - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDUpdSvc.exe
    PRC - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDFSSvc.exe
    PRC - [2014/01/06 16:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/16 12:44:58 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/05/28 13:17:01 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/01/31 04:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2013/01/31 04:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 16:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    PRC - [2010/01/18 21:43:00 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2014/05/13 18:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
    MOD - [2014/05/13 18:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
    MOD - [2014/05/13 18:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
    MOD - [2014/05/13 18:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
    MOD - [2014/05/13 18:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
    MOD - [2014/04/25 14:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files\Spybot\snlFileFormats150.bpl
    MOD - [2014/04/25 14:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files\Spybot\snlThirdParty150.bpl
    MOD - [2014/04/25 14:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot\DEC150.bpl
    MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll


    ========== Services (SafeList) ==========

    SRV - [2014/05/21 12:39:14 | 000,564,416 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2014/05/13 15:45:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDWSCSvc.exe -- (SDWSCService)
    SRV - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDUpdSvc.exe -- (SDUpdateService)
    SRV - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDFSSvc.exe -- (SDScannerService)
    SRV - [2014/03/06 02:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/16 12:44:58 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP)
    SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/05/28 13:21:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dan\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (arvw2o7g)
    DRV - [2014/06/01 13:31:27 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2014/04/02 11:36:58 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2014/04/02 11:36:58 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2013/12/30 22:35:32 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2013/10/16 12:48:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2013/10/16 12:48:26 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2013/10/16 12:48:26 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
    DRV - [2013/09/19 20:13:55 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
    DRV - [2013/09/19 20:13:54 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
    DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/02 14:39:44 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
    DRV - [2011/06/02 14:39:44 | 000,039,736 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
    DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 17 57 99 64 5B CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=2I7NDKB_enUS0538______
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014/04/02 11:37:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014/04/02 11:37:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]

    [2013/09/11 11:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://mysearch.avg.com?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13 21:39:52&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
    CHR - Extension: YouTube = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Facebook = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: Google Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Kaspersky URL Advisor = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0\
    CHR - Extension: Safe Money = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0\
    CHR - Extension: Content Blocker = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0\
    CHR - Extension: Virtual Keyboard = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0\
    CHR - Extension: Gmail = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Anti-Banner = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0\

    O1 HOSTS File: ([2014/06/07 19:15:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
    O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
    O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3034F098-21EB-4EC5-A106-57A50A06EB6A}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2014/04/09 18:37:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/06/07 20:21:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/06/07 19:33:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/06/07 19:32:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/06/07 19:14:27 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/06/01 13:31:27 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2014/05/31 00:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/05/30 23:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/05/30 23:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/05/30 23:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\HJThis
    [2014/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2014/05/30 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2014/05/30 21:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2014/05/30 21:36:40 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2014/05/30 21:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2014/05/30 21:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
    [2014/05/30 21:32:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/05/30 21:31:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/05/30 21:24:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/05/30 21:24:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/05/30 21:24:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/05/30 21:23:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/05/30 21:23:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/05/30 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
    [2014/05/29 14:54:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
    [2014/05/29 14:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2014/05/28 16:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/05/28 15:59:01 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\EmieUserList
    [2014/05/28 15:59:01 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\EmieSiteList
    [2014/05/28 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\QuickScan
    [2014/05/26 17:22:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Oracle
    [2014/05/26 17:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/05/26 17:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2014/05/26 17:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/05/26 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java

    ========== Files - Modified Within 30 Days ==========

    [2014/06/07 20:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/07 20:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/06/07 19:56:14 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/07 19:56:14 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/07 19:54:41 | 000,662,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/06/07 19:54:41 | 000,122,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/06/07 19:48:42 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/06/07 19:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/07 19:48:33 | 2716,672,000 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/07 19:15:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/06/01 13:31:27 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2014/05/31 00:09:43 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/30 23:30:08 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/05/30 22:45:48 | 000,002,967 | ---- | M] () -- C:\Users\Dan\Desktop\HiJackThis.lnk
    [2014/05/30 22:33:04 | 000,002,794 | ---- | M] () -- C:\Users\Dan\Desktop\WS73099cc142f4875513fb5cd10c4aa30d6b3522 - Shortcut.lnk
    [2014/05/30 22:26:36 | 000,002,123 | ---- | M] () -- C:\Users\Dan\Desktop\WS1a9193826455f5ff3d6161141208a8044f3-7983 - Shortcut.lnk
    [2014/05/30 21:58:17 | 000,000,402 | ---- | M] () -- C:\Users\Dan\Desktop\mctadmin.reg
    [2014/05/30 21:36:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/05/28 15:50:43 | 000,267,611 | ---- | M] () -- C:\Users\Dan\AppData\Local\census.cache
    [2014/05/28 15:50:43 | 000,124,902 | ---- | M] () -- C:\Users\Dan\AppData\Local\ars.cache
    [2014/05/28 15:34:07 | 000,000,010 | ---- | M] () -- C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
    [2014/05/28 15:10:32 | 000,000,036 | ---- | M] () -- C:\Users\Dan\AppData\Local\housecall.guid.cache
    [2014/05/24 07:30:18 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2014/05/31 00:09:43 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/30 23:30:08 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/05/30 22:45:48 | 000,002,967 | ---- | C] () -- C:\Users\Dan\Desktop\HiJackThis.lnk
    [2014/05/30 22:33:04 | 000,002,794 | ---- | C] () -- C:\Users\Dan\Desktop\WS73099cc142f4875513fb5cd10c4aa30d6b3522 - Shortcut.lnk
    [2014/05/30 22:26:36 | 000,002,123 | ---- | C] () -- C:\Users\Dan\Desktop\WS1a9193826455f5ff3d6161141208a8044f3-7983 - Shortcut.lnk
    [2014/05/30 21:58:17 | 000,000,402 | ---- | C] () -- C:\Users\Dan\Desktop\mctadmin.reg
    [2014/05/30 21:36:43 | 000,001,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2014/05/30 21:36:43 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/05/30 21:24:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/05/30 21:24:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/05/30 21:24:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/05/30 21:24:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/05/30 21:24:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/05/28 15:50:43 | 000,267,611 | ---- | C] () -- C:\Users\Dan\AppData\Local\census.cache
    [2014/05/28 15:50:43 | 000,124,902 | ---- | C] () -- C:\Users\Dan\AppData\Local\ars.cache
    [2014/05/28 15:34:07 | 000,000,010 | ---- | C] () -- C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
    [2014/05/28 15:10:32 | 000,000,036 | ---- | C] () -- C:\Users\Dan\AppData\Local\housecall.guid.cache
    [2013/11/24 22:32:25 | 000,002,099 | ---- | C] () -- C:\Users\Dan\AppData\Local\recently-used.xbel
    [2013/09/11 17:44:01 | 000,000,093 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\WB.CFG
    [2013/09/11 17:44:01 | 000,000,005 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\WBPU-TTL.DAT
    [2013/06/18 13:06:05 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2013/06/18 13:06:05 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2013/06/18 13:06:05 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2013/06/18 12:54:42 | 000,036,056 | ---- | C] () -- C:\Windows\DIIUnin.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/04/09 16:53:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Autodesk
    [2013/08/05 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Canon
    [2013/12/30 22:44:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
    [2013/11/19 23:56:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Firestorm
    [2013/07/16 20:00:28 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Firestorm.bak
    [2013/12/30 22:32:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
    [2013/06/27 01:01:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LibreOffice
    [2014/05/26 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Oracle
    [2014/05/29 21:29:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\QuickScan
    [2013/06/18 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\runic games
    [2013/11/25 00:02:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SketchUp

    ========== Purity Check ==========



    < End of report >





    And now ADW (well, this should be the right log, it was called AdwCleaner[S0]):
    # AdwCleaner v3.212 - Report created 07/06/2014 at 19:47:04
    # Updated 05/06/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : Dan - DAN-PC
    # Running from : C:\Users\Dan\Downloads\adwcleaner_3.212.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Dan\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Dan\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Dan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    Folder Deleted : C:\Users\Dan\AppData\Roaming\DSite
    Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\Windows\System32\Tasks\DSite

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF944545-E299-481B-AB1F-431816154CBA}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF944545-E299-481B-AB1F-431816154CBA}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Google Chrome v35.0.1916.114

    [ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

    *************************

    AdwCleaner[R0].txt - [5232 octets] - [07/06/2014 19:32:47]
    AdwCleaner[S0].txt - [5429 octets] - [07/06/2014 19:47:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5489 octets] ##########




    And finally JRT:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x86
    Ran by Dan on Sat 06/07/2014 at 20:21:25.61
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 06/07/2014 at 20:28:31.44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. The Following User Says Thank You to TheGameBall For This Useful Post:


  11. #6
    Member
    Join Date
    May 2014
    Posts
    7
    Points
    7

    Default

    Okay, here's the fix log:

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Service vToolbarUpdater18.1.7 stopped successfully!
    Service vToolbarUpdater18.1.7 deleted successfully!
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe moved successfully.
    Service avgtp stopped successfully!
    Service avgtp deleted successfully!
    C:\Windows\System32\drivers\avgtpx86.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    File C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    C:\Program Files\AVG SafeGuard toolbar\vprot.exe moved successfully.
    C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
    Invalid CLSID key: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
    File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll not found.
    C:\ProgramData\AVG Secure Search\Logger folder moved successfully.
    C:\ProgramData\AVG Secure Search folder moved successfully.
    C:\Users\Dan\AppData\Local\MFAData\logs folder moved successfully.
    C:\Users\Dan\AppData\Local\MFAData folder moved successfully.
    C:\ProgramData\MFAData\survey folder moved successfully.
    C:\ProgramData\MFAData\SelfUpd\bins folder moved successfully.
    C:\ProgramData\MFAData\SelfUpd folder moved successfully.
    C:\ProgramData\MFAData\pack\bins folder moved successfully.
    C:\ProgramData\MFAData\pack folder moved successfully.
    C:\ProgramData\MFAData folder moved successfully.
    C:\Users\Dan\AppData\Local\Avg2014\log folder moved successfully.
    C:\Users\Dan\AppData\Local\Avg2014 folder moved successfully.
    ========== FILES ==========
    File\Folder C:\Program Files\AVG SafeGuard toolbar\vprot.exe not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dan\Downloads\cmd.bat deleted successfully.
    C:\Users\Dan\Downloads\cmd.txt deleted successfully.
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dan
    ->Temp folder emptied: 3928927 bytes
    ->Temporary Internet Files folder emptied: 11031164 bytes
    ->Java cache emptied: 304321 bytes
    ->Google Chrome cache emptied: 444040035 bytes
    ->Flash cache emptied: 1694 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 56987673 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 492.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 06072014_191427

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    ---------------------------------------------------------------------------------------------------------
    I noticed some settings were put back to the default, should I have re-checked "All Users" and All Extra Registry Items? Also, I'm pretty sure I disabled DaemonToolsLite, but since it appears, I'm not sure what went wrong with that.


    OTL logfile created on: 6/7/2014 8:45:47 PM - Run 6
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.37 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 61.25% Memory free
    6.75 Gb Paging File | 4.74 Gb Available in Paging File | 70.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 928.88 Gb Total Space | 882.52 Gb Free Space | 95.01% Space Free | Partition Type: NTFS

    Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/06/07 19:25:12 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Dan\Downloads\JRT.exe
    PRC - [2014/06/07 03:52:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.exe
    PRC - [2014/05/13 18:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/04/25 14:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDTray.exe
    PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDWSCSvc.exe
    PRC - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDUpdSvc.exe
    PRC - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\SDFSSvc.exe
    PRC - [2014/01/06 16:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/16 12:44:58 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/05/28 13:17:01 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/01/31 04:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2013/01/31 04:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 16:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    PRC - [2010/01/18 21:43:00 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2014/05/13 18:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
    MOD - [2014/05/13 18:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
    MOD - [2014/05/13 18:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
    MOD - [2014/05/13 18:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
    MOD - [2014/05/13 18:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
    MOD - [2014/04/25 14:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files\Spybot\snlFileFormats150.bpl
    MOD - [2014/04/25 14:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files\Spybot\snlThirdParty150.bpl
    MOD - [2014/04/25 14:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot\DEC150.bpl
    MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll


    ========== Services (SafeList) ==========

    SRV - [2014/05/21 12:39:14 | 000,564,416 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2014/05/13 15:45:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDWSCSvc.exe -- (SDWSCService)
    SRV - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDUpdSvc.exe -- (SDUpdateService)
    SRV - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDFSSvc.exe -- (SDScannerService)
    SRV - [2014/03/06 02:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/16 12:44:58 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP)
    SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/05/28 13:21:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dan\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (arvw2o7g)
    DRV - [2014/06/01 13:31:27 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2014/04/02 11:36:58 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2014/04/02 11:36:58 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2013/12/30 22:35:32 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2013/10/16 12:48:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2013/10/16 12:48:26 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2013/10/16 12:48:26 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
    DRV - [2013/09/19 20:13:55 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
    DRV - [2013/09/19 20:13:54 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
    DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/02 14:39:44 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
    DRV - [2011/06/02 14:39:44 | 000,039,736 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
    DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 17 57 99 64 5B CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=2I7NDKB_enUS0538______
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014/04/02 11:37:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014/04/02 11:37:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014/04/02 11:37:08 | 000,000,000 | ---D | M]

    [2013/09/11 11:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://mysearch.avg.com?cid={1536F203-D7CE-4350-9343-8121C3445737}&mid=a0ed26200d0047d399e4d16daeae7269-420654ead4406049d98409c65d970c2a7b7c06f4&lang=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=2014-02-13 21:39:52&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
    CHR - Extension: YouTube = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Facebook = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: Google Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Kaspersky URL Advisor = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0\
    CHR - Extension: Safe Money = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0\
    CHR - Extension: Content Blocker = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0\
    CHR - Extension: Virtual Keyboard = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0\
    CHR - Extension: Gmail = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Anti-Banner = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0\

    O1 HOSTS File: ([2014/06/07 19:15:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
    O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
    O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3034F098-21EB-4EC5-A106-57A50A06EB6A}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2014/04/09 18:37:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/06/07 20:21:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/06/07 19:33:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/06/07 19:32:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/06/07 19:14:27 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/06/01 13:31:27 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2014/05/31 00:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/05/30 23:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/05/30 23:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/05/30 23:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\HJThis
    [2014/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2014/05/30 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2014/05/30 21:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2014/05/30 21:36:40 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2014/05/30 21:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2014/05/30 21:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
    [2014/05/30 21:32:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/05/30 21:31:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/05/30 21:24:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/05/30 21:24:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/05/30 21:24:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/05/30 21:23:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/05/30 21:23:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/05/30 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
    [2014/05/29 14:54:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
    [2014/05/29 14:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2014/05/28 16:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/05/28 15:59:01 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\EmieUserList
    [2014/05/28 15:59:01 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\EmieSiteList
    [2014/05/28 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\QuickScan
    [2014/05/26 17:22:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Oracle
    [2014/05/26 17:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/05/26 17:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2014/05/26 17:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/05/26 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java

    ========== Files - Modified Within 30 Days ==========

    [2014/06/07 20:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/07 20:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/06/07 19:56:14 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/07 19:56:14 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/07 19:54:41 | 000,662,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/06/07 19:54:41 | 000,122,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/06/07 19:48:42 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/06/07 19:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/07 19:48:33 | 2716,672,000 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/07 19:15:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/06/01 13:31:27 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2014/05/31 00:09:43 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/30 23:30:08 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/05/30 22:45:48 | 000,002,967 | ---- | M] () -- C:\Users\Dan\Desktop\HiJackThis.lnk
    [2014/05/30 22:33:04 | 000,002,794 | ---- | M] () -- C:\Users\Dan\Desktop\WS73099cc142f4875513fb5cd10c4aa30d6b3522 - Shortcut.lnk
    [2014/05/30 22:26:36 | 000,002,123 | ---- | M] () -- C:\Users\Dan\Desktop\WS1a9193826455f5ff3d6161141208a8044f3-7983 - Shortcut.lnk
    [2014/05/30 21:58:17 | 000,000,402 | ---- | M] () -- C:\Users\Dan\Desktop\mctadmin.reg
    [2014/05/30 21:36:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/05/28 15:50:43 | 000,267,611 | ---- | M] () -- C:\Users\Dan\AppData\Local\census.cache
    [2014/05/28 15:50:43 | 000,124,902 | ---- | M] () -- C:\Users\Dan\AppData\Local\ars.cache
    [2014/05/28 15:34:07 | 000,000,010 | ---- | M] () -- C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
    [2014/05/28 15:10:32 | 000,000,036 | ---- | M] () -- C:\Users\Dan\AppData\Local\housecall.guid.cache
    [2014/05/24 07:30:18 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2014/05/31 00:09:43 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/05/30 23:30:08 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/05/30 22:45:48 | 000,002,967 | ---- | C] () -- C:\Users\Dan\Desktop\HiJackThis.lnk
    [2014/05/30 22:33:04 | 000,002,794 | ---- | C] () -- C:\Users\Dan\Desktop\WS73099cc142f4875513fb5cd10c4aa30d6b3522 - Shortcut.lnk
    [2014/05/30 22:26:36 | 000,002,123 | ---- | C] () -- C:\Users\Dan\Desktop\WS1a9193826455f5ff3d6161141208a8044f3-7983 - Shortcut.lnk
    [2014/05/30 21:58:17 | 000,000,402 | ---- | C] () -- C:\Users\Dan\Desktop\mctadmin.reg
    [2014/05/30 21:36:43 | 000,001,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2014/05/30 21:36:43 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/05/30 21:24:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/05/30 21:24:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/05/30 21:24:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/05/30 21:24:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/05/30 21:24:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/05/28 15:50:43 | 000,267,611 | ---- | C] () -- C:\Users\Dan\AppData\Local\census.cache
    [2014/05/28 15:50:43 | 000,124,902 | ---- | C] () -- C:\Users\Dan\AppData\Local\ars.cache
    [2014/05/28 15:34:07 | 000,000,010 | ---- | C] () -- C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
    [2014/05/28 15:10:32 | 000,000,036 | ---- | C] () -- C:\Users\Dan\AppData\Local\housecall.guid.cache
    [2013/11/24 22:32:25 | 000,002,099 | ---- | C] () -- C:\Users\Dan\AppData\Local\recently-used.xbel
    [2013/09/11 17:44:01 | 000,000,093 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\WB.CFG
    [2013/09/11 17:44:01 | 000,000,005 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\WBPU-TTL.DAT
    [2013/06/18 13:06:05 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2013/06/18 13:06:05 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2013/06/18 13:06:05 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2013/06/18 12:54:42 | 000,036,056 | ---- | C] () -- C:\Windows\DIIUnin.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/04/09 16:53:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Autodesk
    [2013/08/05 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Canon
    [2013/12/30 22:44:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
    [2013/11/19 23:56:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Firestorm
    [2013/07/16 20:00:28 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Firestorm.bak
    [2013/12/30 22:32:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
    [2013/06/27 01:01:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LibreOffice
    [2014/05/26 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Oracle
    [2014/05/29 21:29:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\QuickScan
    [2013/06/18 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\runic games
    [2013/11/25 00:02:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SketchUp

    ========== Purity Check ==========



    < End of report >





    And now ADW (well, this should be the right log, it was called AdwCleaner[S0]):
    # AdwCleaner v3.212 - Report created 07/06/2014 at 19:47:04
    # Updated 05/06/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : Dan - DAN-PC
    # Running from : C:\Users\Dan\Downloads\adwcleaner_3.212.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Dan\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Dan\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Dan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    Folder Deleted : C:\Users\Dan\AppData\Roaming\DSite
    Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\Windows\System32\Tasks\DSite

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF944545-E299-481B-AB1F-431816154CBA}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF944545-E299-481B-AB1F-431816154CBA}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Google Chrome v35.0.1916.114

    [ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

    *************************

    AdwCleaner[R0].txt - [5232 octets] - [07/06/2014 19:32:47]
    AdwCleaner[S0].txt - [5429 octets] - [07/06/2014 19:47:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5489 octets] ##########




    And finally JRT:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x86
    Ran by Dan on Sat 06/07/2014 at 20:21:25.61
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 06/07/2014 at 20:28:31.44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  12. The Following User Says Thank You to TheGameBall For This Useful Post:


  13. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Everything looks normal now, I see now evidence of Browserhijacks.

    How is the browser hijacker situation on your end?

    Joe

  14. The Following User Says Thank You to zep516 For This Useful Post:


  15. #8
    Member
    Join Date
    May 2014
    Posts
    7
    Points
    7

    Default

    It actually appears to be gone! Thank you. I'm saving a copy of this website so I can try those tools next time. And I'll try to be a little more suspicious of entries that call themselves AVG.

  16. The Following User Says Thank You to TheGameBall For This Useful Post:


  17. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Lets double check everything with an on line scan, after that we need to uninstall otl and remove other tools, I'll provide instruction for that.

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)


    Thanks
    Joe

  18. The Following User Says Thank You to zep516 For This Useful Post:


  19. #10
    Member
    Join Date
    May 2014
    Posts
    7
    Points
    7

    Default

    Um, is it helpful to run ESET even though that's one of the online scanners that I used that came up with nothing (besides maybe some cookies)?

  20. The Following User Says Thank You to TheGameBall For This Useful Post:


Page 1 of 2 12 LastLast