24 replies to this topic

[Fossil]

I had this problem too- apparently it can be solved by going to your Application Data (or C:\ProgramData on Windows 7), and using the uninstaller in the Ad-Aware Browsing Protection folder.

Anyway here's a screenshot of the thing. It even blocked me from going to the Lavasoft website on Chrome, which really is crazy.

I have the same problem (erroneous dns page that I don't want to ever activate) on a regular basis, and since the same update (more or less). Also, from about the same time, occasionally ad-aware goes through cycles where it crashes every 5 minutes. It is up-to-date.

I never chose to install the toolbar or safe browsing, yet both are on my machine. I managed to get rid of the toolbar in add/remove programs, but the safe browsing is still there messing up my ability to use the internet.

I also can't find anything in any lavasoft or ad-aware settings that even mentioned safe browsing. So I have a program which I didn't install, which I don't want as it duplicates and obviously conflicts with other programs I have running, and which is impossible to find or remove. (Note that the instructions in the above quote do not seem to apply to my XP machine - none of those places seem to exist)

Are there any instructions as to how to remove the safe browsing? I need serious help with this and do want to keep ad-aware, I just don't want the insidious safe browsing componenent.

Edited by Fossil, 23 June 2012 - 06:20 AM.

[CeciliaB]

Hi Fossil,

Which version of Ad-Aware are you using?
Have you turned off "Safe Browsing" on the main screen of Ad-Aware?
In which browser(s) do you have this problem?
In an XP computer the location would be C:\Documents and Settings\\Application Data\.... But note that Application Data is a hidden file and you need to turn on the setting to show hidden files.

[Fossil]

Hi Fossil,

Which version of Ad-Aware are you using?
Have you turned off "Safe Browsing" on the main screen of Ad-Aware?
In which browser(s) do you have this problem?
In an XP computer the location would be C:\Documents and Settings\\Application Data\.... But note that Application Data is a hidden file and you need to turn on the setting to show hidden files.

-I am using 9.6.0
-There is no "Safe Browsing" on the main screen of my Ad-Aware. The only things present on the main screen are web update, scan system, and ad-watch. I have looked through every menu and sub-menu in both simple and advanced Modes (including Settings) and there is no mention of anything browser related. Which is one reason I am so confused, as the program won't acknowledge what it is doing.
-I have this problem in Firefox, I do not use Explorer due to security problems with it.
-I will endeavor more to find it, but currently I cannot find anything ad-aware related in the application data folder.

Edited by Fossil, 24 June 2012 - 04:19 PM.

[CeciliaB]

It's in 10.x that "Safe Browsing" is mentioned on the main screen of Ad-Aware. In version 9.6 there is nothing in the Ad-Aware program about it. Probably there is something left of the toolbar settings in Firefox, can for example occur if you had Firefox running while uninstalling the toolbar. We can use DDS to see what is going on. Save DDS to your desktop: http://download.blee...om/sUBs/dds.scr

Double-click on the DDS tool to run it.

When finished, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save them to your desktop and paste the content of DDS.txt into your answer.
----------
When you have answered, I will move your posts and my answers to a new topic, since this was supposed to be a topic about what the toolbar is.

[Fossil]

It's in 10.x that "Safe Browsing" is mentioned on the main screen of Ad-Aware. In version 9.6 there is nothing in the Ad-Aware program about it. Probably there is something left of the toolbar settings in Firefox, can for example occur if you had Firefox running while uninstalling the toolbar.

I post this information first to make sure that we are on the same page and taking the right approach first. Some details minorly contradict some things you said.

The page is the pagenotfound.co page which is a component of the Ad-Aware toolbar that only shows up after the Ad-Aware toolbar is installed (specifically the Security Browser files related to adawarebp.exe). It is specifically labelled as "Ad-Aware Safe Browsing" and installed with the automatically-self-installing Ad-Aware toolbar. So from my understanding this is actually a Security Browser/toolbar-related problem and a "what the toolbar is and what it does" problem in Ad-Aware.

In every forum I have read, including well-known trusted ones, the only reported solution seems to be is a complete and permanent uninstall of ad-aware and I'm hoping for an alternate one at the moment.

I did make sure to turn Firefox off, including in the Task Manager, so that shouldn't have been the problem with any incomplete uninstall, but you never know I guess.

There are a couple other posts about this problem in some of the lavasoft forums, but none of them were replied to.

[CeciliaB]

Sorry for my English.

The toolbar is installed together with Ad-Aware 9.6, but the main part of Ad-Aware (the antivirus and antispyware part) is very much like Ad-Aware 9.5 and doesn't know much about the toolbar. The toolbar is more of a separate program. In Ad-Aware 10 this has been changed. When I wrote "there is nothing in the Ad-Aware program about it" in my previous post, I meant the main part of Ad-Aware. Hopefully any left-overs from the uninstallation of the toolbar is visible in DDS.txt and then it will be possible to remove them without uninstalling Ad-Aware completely.

Unfortunately a lot of persons post a question in the forum but never write again.

[Fossil]

Here is the dds text:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Erik at 13:28:34 on 2012-06-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1163 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nervsys.net/forum
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [POINTER] point32.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201245025246
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55F81723-377B-4A7D-8EF8-7E695AA1B7DF} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\erik\application data\mozilla\firefox\profiles\b4ovt0cm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nervsys.net/forum
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\erik\application data\mozilla\firefox\profiles\b4ovt0cm.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\erik\application data\mozilla\firefox\profiles\b4ovt0cm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\erik\application data\mozilla\firefox\profiles\b4ovt0cm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\erik\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-17 64512]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2010-10-26 703080]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152720]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-10 2255464]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== Created Last 30 ================
.
2012-06-14 03:09:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-06 15:34:55 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 15:34:55 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-03 02:54:46 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 13:29:41.70 ===============

[CeciliaB]

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
That has to do with the pagenotfound.co page.

Please, click Start button and then on Run.
Enter: msconfig
When the msconfig program has started, select the Autostartup tab.
In the list find the row that contains "Ad-Aware Browsing Protection" and/or "adawarebp.exe". Remove the checkmark in front of that row.
Click OK. You will be asked to restart the computer. Exit all programs and to that.

After the restart a new message box will be displayed. Select the little box before clicking on OK.

Have pagenotfound.co page disappeared now?

----------------------
Something else:
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
This is an old Java version, Version 6 Update 17, with a lot of known vulnerabilities, which makes it very easy to infect the computer from a web page. It is very important to keep all programs, for example Java, Flash and Adobe Reader, updated. I recommends that you uninstall that Java version. You can download the latest from  http://www.java.com/ instead.

You can use Secunias Software Inspector to check if you have other old versions with security holes.
http://www.bleepingc...th-secunia-psi/ describes how to install and use the program.

[Fossil]

Yes, that does get rid of the offending page, I will not know for a while whether it deals with the problem of Ad-Aware going through successive and repeated crash cycles at least once a day that interfere with the computer's operation.

I would like a permanent solution to the issue however, instead of only using selective startup mode as it is only intended for troubleshooting purposes and using it permanently can potentially cause issues with other things.

I don't use Java for anything anymore and uninstalled it a long time ago. It must be yet another relict program which doesn't want to be removed.

Edited by Fossil, 27 June 2012 - 07:14 AM.

[CeciliaB]

Cootmaster in the other topic wrote that the crashes in his 9.6 occurred when Ad-Aware updated the signatures. Can you check if that is the case in your computer? For example by deselecting automatic update and doing a manual update now and then.
Lavasoft has started to investigate the crashes but more information shortens the time.

We can use OTL to remove the entry from the registry.
Save OTL on the Desktop. http://www.geekstogo...mers-list-it/t/

Run msconfig again and add the checkmark.

Close all programs.
Double-click OTL to run it.

Under Output near the top select Minimal Output.

Click on Run Scan and do not use the computer while the program runs.

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Options" ).

[Fossil]

I am not sure whether the crashes only happen when ad-aware auto-updates. It is currently on, but I can't seem to find out when it happens. If I knew that, I could probably answer more definitively.

Here is the otl text (the extras is attached as requested):

OTL logfile created on: 7/5/2012 8:55:55 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Erik\Desktop\Erik's Folder\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.46% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 192.96 Gb Free Space | 64.73% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ERIKK2 | User Name: Erik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Erik\Desktop\Erik's Folder\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\FortiSSLVPNdaemon.exe (Fortinet Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\zstatus.exe (Zenographics)
PRC - C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Microsoft Hardware\Mouse\IP4xBatt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (FortiSslvpnDaemon) -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe (Fortinet Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pppop) -- C:\WINDOWS\system32\drivers\pppop.sys (Fortinet Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nervsys.net/forum
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nervsys.net/forum"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Erik\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 13:58:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 14:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/27 02:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.17\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/07/23 12:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.17\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/26 14:18:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.17\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/07/23 12:59:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.17\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/26 14:18:13 | 000,000,000 | ---D | M]

[2010/10/12 11:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Extensions
[2010/10/12 11:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/04 10:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\b4ovt0cm.default\extensions
[2012/06/16 12:45:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\b4ovt0cm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/28 09:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\b4ovt0cm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/17 11:31:31 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\b4ovt0cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/23 22:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/03 11:29:33 | 000,340,684 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ERIK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B4OVT0CM.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/29 20:13:05 | 000,434,392 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ERIK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B4OVT0CM.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/06/16 13:58:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/06 09:34:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/06 09:34:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2007/07/27 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201245025246 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F81723-377B-4A7D-8EF8-7E695AA1B7DF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/25 00:44:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/26 14:01:14 | 000,000,000 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F:)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 00:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/26 13:28:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Erik\Start Menu\Programs\Administrative Tools
[2012/06/13 21:09:36 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/05 10:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Desktop\temp files from memory sticks
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 08:55:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/07/05 08:46:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/07/05 08:44:10 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/07/05 08:44:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/05 08:43:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/03 22:33:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/07/03 22:33:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/06/21 23:34:20 | 002,356,251 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\atn_air-p_an_introduction_to_behavioral_health_treatments.pdf
[2012/06/21 23:34:14 | 001,516,151 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\atn_air-p_applied_behavior_analysis.pdf
[2012/06/18 22:38:14 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2012/06/14 03:25:57 | 000,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:09:09 | 000,462,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:09:09 | 000,078,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 03:05:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 23:34:19 | 002,356,251 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\atn_air-p_an_introduction_to_behavioral_health_treatments.pdf
[2012/06/21 23:34:14 | 001,516,151 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\atn_air-p_applied_behavior_analysis.pdf
[2012/06/18 22:38:14 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2012/05/02 20:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/03/31 00:46:09 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/03/31 00:46:09 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/03/31 00:34:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/15 23:30:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/23 16:21:34 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Erik\random.dat
[2012/01/18 11:13:56 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/01/16 20:20:25 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Erik\jagex_cl_runescape_LIVE.dat
[2011/10/10 23:38:27 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/10 23:38:27 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/10 23:38:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/10 23:37:54 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/23 19:25:14 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2011/08/25 18:17:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/25 18:17:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/06 21:10:42 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011/04/24 12:36:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/24 12:36:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/28 23:46:23 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Erik\jagex_runescape_preferences2.dat
[2011/02/28 23:45:05 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Erik\jagex_runescape_preferences.dat
[2011/02/10 12:15:27 | 000,000,285 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009/02/18 14:42:16 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

Attached Files

•  Extras.Txt   36.83K   82 downloads

[CeciliaB]

"Ad-Aware Browsing Protection" is listed as a program that is possible to uninstall in Extras.txt. Can you find it in "Add and Remove programs"?

Security advice:
I can see that there are settings in Internet Explorer and Firefox that have to do with Conduit Engine.
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
Conduit is considered questionable, see http://www.systemloo...uit_Engine.html
Do you want any help removing it?

P.S. Do you have ancestors from northern Europe? Erik is a common Swedish name (I'm Swedish).

[Fossil]

Yes I can find it there, is that what should be removed? I assumed it was something different previously as the name was different.

Sure, help removing anything like that would be appreciated, its difficult keeping on top of all the things that need to be removed.

And yes, but not for hundreds of years.

Edited by Fossil, 06 July 2012 - 11:05 PM.

[CeciliaB]

As far as I know "Ad-Aware Browsing Protection" is responsible for the pagenotfound.co page, even if it does other things too.

Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingc...opic114351.html
  
Start the program OTL.
Copy all the lines in the box:

:OTL
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[REBOOT]

Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

[Fossil]

OK, I need to undo what this program did. I thought we were removing the ad-aware Browsing Protection, not deleting my programs and data on my computer. Programs such as WOT, and many programs I use for work require the cache files and temp folder for access, data storage, and operating files. Currently, those programs are now nonfunctional as a result of the loss of files. It would take me weeks to get all that set up again and years to recreate the data that was just deleted.

The log of what you told me to do is below.

-------

Update - I found and activated the restorepoint, and some of the data was restored, but data and user information required for the operation of numerous over-the-internet programs on my computer which I require for my job have been permanently deleted and now they don't work. That really wrecked my system and unless the contents of the folders can be restored, I have lost years of work.


---------

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Erik
->Temp folder emptied: 3199492454 bytes
->Temporary Internet Files folder emptied: 49757523 bytes
->Java cache emptied: 328567647 bytes
->FireFox cache emptied: 615466017 bytes
->Flash cache emptied: 9391637 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33234 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 218895 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2190207 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21045859 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 245781604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 944372 bytes

Total Files Cleaned = 4,266.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07112012_120612

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by Fossil, 11 July 2012 - 07:49 PM.

[CeciliaB]

I'm sorry that I forgot to remove "emtytemp" from my script. But I know for sure that WOT doesn't require any specific content in folders for temporary files. I'm using WOT myself and clean temporary files now and then without any issues. Programs should not store its data in folders for cache files and temporary files, and Windows does not store any of its important files in such folders. It is common that users clean those folders by using for example CCleaner or Windows' Disk Cleanup. There is a setting in Firefox to clean its cache every time it is turned off.

You can see if any missing files are located in sub-folders in c:\_OTL\Moved Files.

If not, I suggest that you move the hard disk to another computer and there use File Recovery programs.
http://www.piriform.com/recuva
http://www.pcinspect....htm?language=1
http://www.stellarinfo.com/
http://www.krollontr...overy-software/

[Fossil]

All I know is I have at least 50 web-based programs which have had all of their settings deleted and all of the files related to them are gone. WOT is just an example - all of the user data and preferences are gone and the program did not work after that clearing. It restarted itself from scratch and no longer has any information on any sites I have rated over the years; I had to "reinstall" it to make it work again (with no user data).

In a similar way, I've lost the data/preferences for dozens of other programs, which include hundreds of files which are not labeled in any clear way (preventing any ability to manually sort them out). I don't do cache clearings regularly because I am under specific instructions not to. I need to mass undelete everything that was removed at that exact instant and get it back in the exact places it came from or else everything is ruined.

There is nothing in that moved files folder except the text file.

And the Ad-Awarebp program is still there.

Edited by Fossil, 12 July 2012 - 04:59 AM.

[CeciliaB]

Have you received a new Firefox profile? Do you know how to check if there are several Firefox profiles installed?
I wonder if something else happened with your hard disk at the same time, since it more like a lot of account information has been lost and not files in temporary folders.

Have you uninstalled "Ad-Aware Browsing Protection"?

P.S. I'm a bit surprised that a business computer with very important data doesn't have a backup. A hard disk can crash at any time.

[Fossil]

The profile has not changed and there are not multiple profiles. There is no indication anything happened on the hard disk or is wrong with the hard disk - no other files or programs are affected. Only web-based programs which are known to store user data and preferences in the cache have been affected.

And yes, I uninstalled it, but it is still there.

It is not a business computer, it is my personal/work computer. And the backup drive happens to be broken right now and I can't afford a new one. I wasn't expecting to have my files deleted en masse to remove a small program.

If there is no way to regain those files other than file restore, then it is already too late. Given that hundreds, if not thousands, of very small important data files were deleted, and you need all of them for a given program to work right, even if you could use a recovery program to isolate just those 4Gb and find only the important files, even a 5% loss overall means that most of the work is destroyed. I highly recommend in the future that you not tell people to do something like that when it is totally unrelated to the problem.

I am just going to wipe my computer and probably remove ad-aware entirely, since I was already annoyed that the company which is supposed to prevent unwanted downloads is giving me unwanted downloads and now losing tons of data and my internet job is just the nail in the coffin.

Edited by Fossil, 13 July 2012 - 07:09 AM.

[CeciliaB]

Only web-based programs which are known to store user data and preferences in the cache have been affected.

No common programs stores user data and preferences in any kind of temporary folder.

Temp folder emptied: 3199492454 bytes
Most files were deleted from the folder for temporary files. Programs that are programmed according to common guidelines and normal practice don't store any essential information in the temp folder. It is normal practice to empty the temp folder now and then, since none wants to have all temporary files created during installations, uninstallations and updates lying on the hard disk forever.