Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: Key-Find has high Jacked my Browser

  1. 2014-04-05, 19:29 #11
    autographshark
    autographshark is offline
    Junior Member
    Join Date
    Nov 2005
    Location
    Atlanta
    Posts
    28

    Default Still there didn't leave!

    OTL logfile created on: 4/5/2014 12:46:50 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kenneth\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.23 Mb Total Physical Memory | 234.68 Mb Available Physical Memory | 23.12% Memory free
    2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 101.74 Gb Free Space | 68.26% Space Free | Partition Type: NTFS

    Computer Name: PC801713467250 | User Name: kenneth | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\kenneth\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    PRC - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    PRC - C:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe (Sonic Solutions)
    PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
    PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - c:\Documents and Settings\kenneth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmify6y.dll ()
    MOD - C:\Program Files\AVAST Software\Avast\defs\14040502\algo.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
    MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\libcef.dll ()
    MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    MOD - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
    SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
    SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
    DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
    DRV - (RSUSBSTOR) -- System32\Drivers\RTS5121.sys File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.SYS File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Changer) -- File not found
    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
    DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
    DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
    DRV - (AswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
    DRV - (tStLibG) -- C:\WINDOWS\system32\drivers\tStLibG.sys (StdLib)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
    DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
    DRV - (SysCow) -- C:\WINDOWS\system32\drivers\syscow32x.sys (Sonic Solutions)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
    DRV - (Cam3820) -- C:\WINDOWS\system32\drivers\cam3820a.sys (CamVendor)
    DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
    DRV - (SahdIa32) -- C:\WINDOWS\system32\drivers\SahdIa32.sys (Sonic Solutions)
    DRV - (SaibIa32) -- C:\WINDOWS\system32\drivers\SaibIa32.sys (Sonic Solutions)
    DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
    DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS358
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 00:32:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/03 14:56:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/03 14:56:04 | 000,000,000 | ---D | M]

    [2012/05/07 15:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Extensions
    [2014/04/03 01:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions
    [2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis
    [2009/03/18 16:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
    [2013/07/31 09:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\QUICK_START@GMAIL.COM
    [2014/04/01 00:32:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2009/12/05 05:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2014/02/03 14:55:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://att.my.yahoo.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/04/05 11:45:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downlo...oadManager.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4397C3C-4801-45DB-97C8-078873CCB5F1}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/05 11:45:28 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/04/05 03:54:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2014/04/05 03:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Local Settings\Application Data\Microsoft Corporation
    [2014/04/05 03:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2014/04/05 02:42:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kenneth\My Documents\OTL.exe
    [2014/04/05 02:40:22 | 000,000,000 | ---D | C] -- C:\Pc Problems
    [2014/04/05 02:33:04 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/04/05 02:33:04 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/04/04 00:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
    [2014/04/03 12:28:58 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/04/03 12:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2014/04/03 01:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2014/04/03 01:29:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/02 10:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2014/04/02 10:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2014/04/02 10:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2014/04/01 01:02:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kenneth\My Documents\Dropbox
    [2014/04/01 00:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\DropboxMaster
    [2014/04/01 00:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
    [2014/04/01 00:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Dropbox
    [2014/04/01 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\Dropbox
    [2014/04/01 00:32:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2014/04/01 00:09:40 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
    [2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
    [2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
    [2014/03/12 00:55:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
    [2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
    [2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
    [2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
    [2014/03/12 00:55:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
    [2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
    [2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
    [2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
    [2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
    [2014/03/12 00:55:49 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
    [2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
    [2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
    [2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
    [2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
    [2014/03/12 00:55:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
    [2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
    [2014/03/12 00:55:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
    [2014/03/12 00:55:47 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
    [2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
    [2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
    [2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
    [2014/03/12 00:55:46 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
    [2014/03/12 00:55:45 | 006,022,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
    [2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
    [2014/03/12 00:55:44 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
    [2014/03/12 00:55:43 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2014/03/12 00:55:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
    [2013/01/12 09:18:55 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
    [2012/08/24 01:47:33 | 026,822,384 | ---- | C] (Intuit) -- C:\Program Files\QuickBooksInstallDiagnosticTool.exe
    [2012/08/09 01:32:18 | 006,785,285 | ---- | C] (KompoZer ) -- C:\Program Files\kompozer-0.8b3.en-US.win32.exe
    [2012/07/24 02:49:15 | 052,249,417 | ---- | C] (www.AuctionListingCreator.com ) -- C:\Program Files\ListingFactory_2012_Setup.exe
    [2012/07/10 12:39:18 | 001,982,061 | ---- | C] (Auctonic) -- C:\Program Files\Auctonic.exe
    [2012/07/05 01:19:48 | 000,813,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
    [2012/05/10 02:39:47 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
    [2012/05/10 01:28:54 | 001,810,833 | ---- | C] (BrainWave) -- C:\Program Files\HCP.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/04/05 13:00:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINEUA.JOB
    [2014/04/05 12:41:47 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2014/04/05 12:34:10 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
    [2014/04/05 12:26:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\ADOBE FLASH PLAYER UPDATER.JOB
    [2014/04/05 12:21:26 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/04/05 12:20:54 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2014/04/05 12:20:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADELOGONTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
    [2014/04/05 12:20:28 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/04/05 12:20:27 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/04/05 12:19:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINECORE.JOB
    [2014/04/05 12:19:47 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
    [2014/04/05 12:19:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/04/05 12:18:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/04/05 12:18:52 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/05 11:45:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2014/04/05 10:31:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\DTReg.job
    [2014/04/04 00:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kenneth\My Documents\OTL.exe
    [2014/04/04 00:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
    [2014/04/03 13:54:14 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/04/02 10:39:27 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2014/04/02 10:39:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\kenneth\My Documents\ERUNT.lnk
    [2014/04/01 10:51:37 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
    [2014/04/01 10:50:19 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
    [2014/04/01 00:42:18 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2014/04/01 00:32:49 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/04/01 00:32:49 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2014/04/01 00:32:48 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2014/04/01 00:32:48 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2014/04/01 00:32:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
    [2014/04/01 00:32:47 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/04/01 00:32:46 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2014/04/01 00:32:45 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2014/04/01 00:32:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2014/04/01 00:09:40 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
    [2014/03/30 23:13:14 | 000,506,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/03/30 23:13:14 | 000,089,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2014/03/30 23:04:53 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2014/03/30 23:04:50 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2014/03/30 23:04:12 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/03/30 23:04:12 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/03/25 12:38:13 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/03/24 12:01:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADESCHEDULEDTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
    [2014/03/18 13:52:32 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/03/12 07:29:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/03/12 07:29:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/03/12 07:25:25 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/03/12 03:07:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2014/04/05 03:53:09 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2014/04/05 02:41:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\kenneth\My Documents\ERUNT.lnk
    [2014/04/02 10:39:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2014/04/02 10:19:13 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/04/01 10:51:36 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
    [2014/04/01 01:02:31 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
    [2014/03/31 23:38:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
    [2014/03/31 23:38:22 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
    [2014/03/18 11:59:39 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
    [2014/03/18 11:59:39 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2013/06/20 03:20:35 | 012,570,054 | ---- | C] () -- C:\Program Files\hifsetup.zip
    [2013/05/16 09:47:33 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/05/16 09:47:33 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/05/16 09:03:43 | 117,478,104 | ---- | C] () -- C:\Program Files\avast_free_antivirus_setup.exe
    [2013/05/15 00:16:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/05/04 11:08:25 | 000,411,003 | ---- | C] ( ) -- C:\Program Files\PinBot-v1-3-Setup.exe
    [2013/04/19 13:11:31 | 150,064,088 | ---- | C] () -- C:\Program Files\AFM Tutorial_Videos.zip
    [2013/04/19 12:07:05 | 004,790,449 | ---- | C] () -- C:\Program Files\afm_v2_06.zip
    [2013/04/16 02:58:50 | 001,271,683 | ---- | C] () -- C:\Program Files\inbox-profits.zip
    [2013/04/15 01:48:21 | 000,474,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2420282109-1773090242-3309790634-1007-0.dat
    [2013/04/15 01:31:24 | 050,947,546 | ---- | C] () -- C:\Program Files\Free_PLR_Products-dkas.zip
    [2013/04/15 00:56:37 | 000,000,442 | ---- | C] () -- C:\Program Files\Shortcut to afm.lnk
    [2013/04/14 17:30:56 | 086,167,160 | ---- | C] () -- C:\Program Files\PLR_Facebook_Fans_Stampede.zip
    [2013/04/14 16:39:47 | 004,764,001 | ---- | C] () -- C:\Program Files\afm.zip
    [2013/04/12 17:18:39 | 000,045,814 | ---- | C] () -- C:\Program Files\extension_1_0_5.crx
    [2013/04/11 11:52:55 | 009,593,826 | ---- | C] () -- C:\Program Files\eBay_Social_Selling_Best_Practices[1].pdf
    [2013/03/23 08:57:34 | 336,558,358 | ---- | C] () -- C:\Program Files\FanPage Store Generator.zip
    [2013/03/22 18:59:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2013/02/17 14:57:54 | 000,111,115 | ---- | C] () -- C:\Program Files\STF_2013-02-17_1361127423957 GA 2012 return.pdf
    [2013/02/17 14:56:08 | 000,164,764 | ---- | C] () -- C:\Program Files\FTF_2013-02-17_1361127298608 Fed 2012 return.pdf
    [2013/02/17 14:53:23 | 000,024,649 | ---- | C] () -- C:\Program Files\2012 Ga refund.pdf
    [2013/01/25 11:36:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\fusioncache.dat
    [2012/12/13 03:36:13 | 000,361,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/11/14 01:49:14 | 000,246,364 | ---- | C] () -- C:\Program Files\2freechapters-silentsalesmachine-dot-com[1].pdf
    [2012/08/24 11:56:00 | 000,012,314 | ---- | C] () -- C:\Documents and Settings\kenneth\.recently-used.xbel
    [2012/08/15 01:55:26 | 000,016,839 | ---- | C] () -- C:\Program Files\Autograph Ebook cover 3.jpg
    [2012/07/23 13:43:24 | 003,762,328 | ---- | C] () -- C:\Program Files\InternetBusinessBasics.zip
    [2012/07/23 13:36:17 | 005,227,079 | ---- | C] () -- C:\Program Files\InternetMarketingFromA-Z.zip
    [2012/07/23 11:02:34 | 000,609,436 | ---- | C] () -- C:\Program Files\spelloe_setup.exe
    [2012/07/19 13:46:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
    [2012/07/19 13:46:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
    [2012/07/19 13:46:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
    [2012/07/06 13:36:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/06 03:08:19 | 000,008,983 | ---- | C] () -- C:\Program Files\ETSY 089.jpg
    [2012/07/06 03:08:18 | 000,061,506 | ---- | C] () -- C:\Program Files\ETSY 051.jpg
    [2012/07/06 02:15:36 | 000,020,224 | ---- | C] () -- C:\Program Files\Green.jpg
    [2012/07/06 01:45:58 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\kenneth\.gtk-bookmarks
    [2012/07/05 12:00:34 | 018,117,717 | ---- | C] () -- C:\Program Files\GimPhoto-1.4.3_setup.exe
    [2012/06/22 00:11:39 | 010,606,592 | ---- | C] () -- C:\Program Files\creator.msi
    [2012/05/31 12:35:38 | 000,264,025 | ---- | C] () -- C:\Program Files\Cabinet-Repair-Vol-1-PDF.pdf
    [2012/05/28 09:43:11 | 000,013,990 | ---- | C] () -- C:\Program Files\Turbo lister problems.csv
    [2012/05/10 02:52:41 | 151,801,119 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
    [2012/05/10 01:20:47 | 005,433,105 | ---- | C] () -- C:\Program Files\hifsetup.exe
    [2012/05/10 01:13:47 | 007,589,922 | ---- | C] () -- C:\Program Files\kop-setup.zip
    [2012/05/09 09:43:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\kenneth\Application Data\wklnhst.dat
    [2012/05/07 16:08:40 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
    [2012/05/07 14:02:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2012/05/01 19:21:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/01/15 01:53:42 | 006,624,351 | ---- | C] () -- C:\Program Files\twitter-marketing-bot.mp4
    [2011/01/15 01:53:42 | 000,039,391 | ---- | C] () -- C:\Program Files\TwitterMarketingBot.png
    [2011/01/15 01:53:40 | 000,071,852 | ---- | C] () -- C:\Program Files\Twitter Marketing Bot.ubot

    ========== ZeroAccess Check ==========

    [2013/05/07 00:57:36 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@
    [2013/05/07 00:57:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L
    [2013/05/17 08:04:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U
    [2013/05/07 00:57:54 | 000,000,928 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@
    [2009/08/24 12:33:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    "ThreadingModel" = Both
    "" = C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\n.

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/15 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/15 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Purity Check ==========



    < End of report >
  2. 2014-04-06, 18:59 #12
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    OK, just hang on I will be back on the forums in a few hours.

    Did you not find the log from the fix ?

    Is it present in all 3 browsers or just one in perticular
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2014-04-06, 19:20 #13
    autographshark
    autographshark is offline
    Junior Member
    Join Date
    Nov 2005
    Location
    Atlanta
    Posts
    28

    Default Not sure on the log

    I thought that was the recent log from the fix I posted above. It doesn't open the three browsers I set it for instead it opens only one with Key-Find a search browser.
  4. 2014-04-06, 19:51 #14
    autographshark
    autographshark is offline
    Junior Member
    Join Date
    Nov 2005
    Location
    Atlanta
    Posts
    28

    Default Hope this is it, it still here. I'm using Goggle Chrome as my Browser

    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net not found.
    File C:\Program Files\LyricsSpeaker\120.xpi not found.
    File C:\Program Files\mozilla firefox\searchplugins\key-find.xml not found.
    Registry value HKEY_USERS\S-1-5-21-2420282109-1773090242-3309790634-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Auction Auto Bidder not found.
    Folder C:\Documents and Settings\kenneth\Application Data\key-find\ not found.
    Folder C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\kenneth\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\kenneth\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Andre

    User: Default User

    User: kenneth
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: user1

    Total Java Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Andre

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: kenneth
    ->Temp folder emptied: 47748 bytes
    ->Temporary Internet Files folder emptied: 2185768 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 162417545 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: user1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 38754735 bytes

    Total Files Cleaned = 194.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04062014_132620

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  5. 2014-04-06, 19:56 #15
    autographshark
    autographshark is offline
    Junior Member
    Join Date
    Nov 2005
    Location
    Atlanta
    Posts
    28

    Default A second file re-scanned and saved

    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net deleted successfully.
    File C:\Program Files\LyricsSpeaker\120.xpi not found.
    C:\Program Files\Mozilla Firefox\searchplugins\key-find.xml moved successfully.
    Registry value HKEY_USERS\S-1-5-21-2420282109-1773090242-3309790634-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Auction Auto Bidder deleted successfully.
    C:\Documents and Settings\kenneth\Application Data\key-find\images folder moved successfully.
    C:\Documents and Settings\kenneth\Application Data\key-find folder moved successfully.
    C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\kenneth\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\kenneth\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Andre

    User: Default User

    User: kenneth
    ->Java cache emptied: 257498 bytes

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 13 bytes

    User: user1

    Total Java Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Andre

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 57793 bytes

    User: kenneth
    ->Temp folder emptied: 195953344 bytes
    ->Temporary Internet Files folder emptied: 20481093 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 6487458 bytes
    ->Google Chrome cache emptied: 137366810 bytes
    ->Flash cache emptied: 60928 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 1398893 bytes
    ->Flash cache emptied: 768 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 206923810 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 6378 bytes

    User: user1
    ->Temp folder emptied: 166033 bytes
    ->Temporary Internet Files folder emptied: 3845549 bytes
    ->Flash cache emptied: 808 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 625050868 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1074811743 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1460716 bytes
    RecycleBin emptied: 3565514042 bytes

    Total Files Cleaned = 5,569.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04052014_114528

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  6. 2014-04-06, 21:37 #16
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thank you, thats what I was looking for.

    You will need the 32 bit version of System Look

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64 Bit Version

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
key-find
:filefind
key-find
:regfind
key-find
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2014-04-07, 02:48 #17
    autographshark
    autographshark is offline
    Junior Member
    Join Date
    Nov 2005
    Location
    Atlanta
    Posts
    28

    Default System look

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:36 on 06/04/2014 by kenneth
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "key-find"
    C:\System Rollback Data\Restore\Archive\00000140\00000139\46\Target\Documents and Settings\kenneth\Application Data\key-find d------ [03:05 31/03/2014]
    C:\System Rollback Data\Restore\Archive\00000140\00000139\46\Target\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\bin\Key-find d------ [03:01 31/03/2014]
    C:\_OTL\MovedFiles\04052014_114528\C_Documents and Settings\kenneth\Application Data\key-find d------ [15:45 05/04/2014]

    ========== filefind ==========

    Searching for "key-find"
    No files found.

    ========== regfind ==========

    Searching for "key-find"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command]
    @=""C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
    @="C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
    @=""C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
    @="C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
    [HKEY_LOCAL_MACHINE\SOFTWARE\key-findSoftware]
    [HKEY_LOCAL_MACHINE\SOFTWARE\key-findSoftware\key-findhp]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
    "DisplayName"="key-find uninstaller"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
    "UninstallString"="C:\Documents and Settings\kenneth\Application Data\key-find\UninstallManager.exe "
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
    "DisplayIcon"="C:\Documents and Settings\kenneth\Application Data\key-find\UninstallManager.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
    "Publisher"="key-find"

    -= EOF =-
  8. 2014-04-07, 09:50 #18
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Before we remove anything, look in your Add Remove Programs in the Control Panel and see if key-find is listed and if so uninstall it. Let me know
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2014-04-07, 10:19 #19
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your latest log was showing an uninstaller, whether it uninstalls or not run this free tool called HitMan Pro 3.7

    http://www.surfright.nl/en/home/
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  10. 2014-04-07, 19:00 #20
    autographshark
    autographshark is offline
    Junior Member
    Join Date
    Nov 2005
    Location
    Atlanta
    Posts
    28

    Default Ran the control panel uninstall programs.

    I open the the control panel and then uninstall programs it was there had an edit or remove button. I clicked it and it claims it was already uninstalled. I clicked remove but didn't reboot yet. I'm downloading the Hitman pro but will wait for further instructions before moving forward. Let me know.
    Ken
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules