Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Chitka Pop Ups HELP [Closed]

Started by jasontaber , Mar 01 2013 11:58 PM

This topic is locked

#1
jasontaber

Posted 01 March 2013 - 11:58 PM

New Member

Member
9 posts

Just started recieving these yestrday and I cannot get rid of them with Malware, Adaware or any other program. Please help, below is my OTL scan.

OTL logfile created on: 3/1/2013 10:51:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.61 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 49.96% Memory free
5.22 Gb Paging File | 3.64 Gb Available in Paging File | 69.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 459.76 Gb Total Space | 377.45 Gb Free Space | 82.10% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.92 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 351.30 Gb Free Space | 75.43% Space Free | Partition Type: NTFS

Computer Name: JASON-HP | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/01 22:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2013/02/26 17:38:24 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/21 05:37:04 | 018,814,816 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/02/11 04:47:42 | 000,673,192 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/01/27 09:39:55 | 000,162,816 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/26 18:56:36 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/29 12:01:16 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2011/11/11 14:31:00 | 000,042,496 | ---- | M] (Supra) -- C:\dKEYUSBCradle\SyncService.exe
PRC - [2011/11/11 14:30:58 | 000,105,472 | ---- | M] (Supra) -- C:\dKEYUSBCradle\SyncInfoApp.exe
PRC - [2011/11/11 14:30:54 | 000,014,848 | ---- | M] (Supra) -- C:\dKEYUSBCradle\ProxyDaemon.exe
PRC - [2011/11/11 14:27:10 | 000,073,216 | ---- | M] () -- C:\dKEYUSBCradle\stunnel-4.10.exe
PRC - [2011/02/17 00:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2011/01/25 19:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 15:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 15:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 15:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/10 17:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/11/09 09:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/10/11 04:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010/02/11 12:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/11/17 05:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/08/24 20:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/13 19:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/08 18:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 18:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/11 04:47:14 | 000,087,464 | ---- | M] () -- C:\Program Files\adawaretb\adawareDx.dll
MOD - [2013/01/27 09:39:55 | 000,162,816 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/12 00:01:26 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/11/20 15:56:18 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\30b1d86571495ea86b9a19b13498aad3\WindowsFormsIntegration.ni.dll
MOD - [2010/11/20 15:52:53 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
MOD - [2010/11/20 15:52:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll
MOD - [2010/11/20 15:52:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010/11/20 15:52:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010/11/20 15:52:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
MOD - [2010/11/20 15:52:10 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/20 15:52:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/20 15:52:00 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
MOD - [2010/11/20 15:50:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/20 15:50:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/20 15:50:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/20 15:50:36 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 15:50:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010/11/10 17:39:38 | 000,096,256 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010/11/05 13:09:54 | 000,098,304 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 19:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Services (SafeList) ==========

SRV - [2013/02/26 17:38:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/11 14:31:00 | 000,042,496 | ---- | M] (Supra) [Auto | Running] -- C:\dKEYUSBCradle\SyncService.exe -- (dKeySync)
SRV - [2011/02/17 00:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2011/01/25 19:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/10 17:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/11 04:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/11/17 05:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\Jason\AppData\Local\Temp\5937.sys -- (5937)
DRV - [2013/02/27 19:56:35 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/11 11:28:31 | 000,035,896 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/11 14:25:56 | 000,066,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011/11/11 14:25:56 | 000,049,416 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/11/28 15:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 15:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 15:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 15:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 15:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 10:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/11/09 09:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/04 07:52:50 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/11/04 07:52:50 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010/02/18 11:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/09/16 01:37:08 | 000,083,888 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxSer.sys -- (OxSer)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/07/31 05:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/19
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/19
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{C20123EB-608F-4110-A3FA-EF65B9A8C98B}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/19
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....C87CD512EBAC5CB
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMDTDF
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{C20123EB-608F-4110-A3FA-EF65B9A8C98B}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/27 01:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/27 01:14:51 | 000,000,000 | ---D | M]

[2013/01/27 08:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/27 08:47:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Logo Maker = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh\1_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl_v2 = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.14.251.3_0\
CHR - Extension: SecureSearch = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/01 22:43:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5110868B-96A9-4C1A-A370-55044B8FBAE8}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/09 21:37:48 | 000,000,164 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/01 22:30:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/01 22:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/03/01 22:17:27 | 000,035,896 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013/02/27 20:41:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2013/02/27 20:39:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LavasoftStatistics
[2013/02/27 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/27 20:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/27 20:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/27 20:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/02/27 20:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/27 20:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/02/27 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\adawarebp
[2013/02/27 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/02/27 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013/02/27 20:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/27 20:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/27 20:02:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SecureSearch
[2013/02/27 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/02/27 19:56:36 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/27 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Ad-Aware Antivirus
[2013/02/27 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2013/02/27 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/27 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/27 18:16:17 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/27 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/27 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Programs
[2013/02/24 10:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/23 12:18:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe
[2013/02/23 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/02/23 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/23 09:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/23 09:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/23 09:38:00 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/23 09:38:00 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/23 09:38:00 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/23 09:37:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/23 09:37:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/23 09:37:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/23 09:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/23 09:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/18 18:37:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\The Walking Dead 1-90
[2013/02/16 14:06:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gary Allan - Set You Free (2013)
[2013/02/15 12:02:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Mary Margaret
[2013/02/10 14:28:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\j2 Global
[2013/02/10 14:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\eFax Messenger
[2013/02/10 14:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2013/02/10 14:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\eFax Messenger 4.4
[2013/02/10 14:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2013/02/10 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2013/02/07 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My Scans
[2013/02/05 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/02/05 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2013/02/03 12:30:45 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/02/01 16:50:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\redsn0w
[2013/01/31 18:43:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Corel Website Creator X6
[2013/01/31 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2013/01/31 18:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013/01/31 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel Website Creator X6
[2013/01/31 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\HTML And CSS - Design And Build Websites V413HAV

========== Files - Modified Within 30 Days ==========

[2013/03/01 22:54:56 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/01 22:54:56 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/01 22:52:26 | 000,657,732 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/01 22:52:26 | 000,119,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/01 22:47:47 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/03/01 22:47:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/01 22:45:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/01 22:45:52 | 2103,349,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/01 22:43:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/03/01 22:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/03/01 22:26:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/01 21:41:42 | 1678,127,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/01 20:04:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/02/27 20:44:12 | 000,380,509 | ---- | M] () -- C:\Users\Jason\Desktop\Search Map.png
[2013/02/27 20:23:49 | 001,435,189 | ---- | M] () -- C:\Users\Jason\Desktop\Renata DL.jpg
[2013/02/27 19:56:35 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/27 18:16:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 18:12:40 | 000,136,592 | ---- | M] () -- C:\Users\Jason\Documents\cc_20130227_181235.reg
[2013/02/27 17:14:20 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2013/02/23 12:41:34 | 001,588,941 | ---- | M] () -- C:\Users\Jason\Desktop\Lease_Application_Nina.pdf
[2013/02/23 12:18:04 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/23 12:15:27 | 001,685,518 | ---- | M] () -- C:\Users\Jason\Desktop\Lease_Application Pryor.pdf
[2013/02/23 12:14:59 | 000,376,982 | ---- | M] () -- C:\Users\Jason\Desktop\2011_CorpTax_Return.pdf
[2013/02/23 09:40:35 | 000,000,088 | ---- | M] () -- C:\Users\Jason\.java.policy
[2013/02/23 09:39:59 | 000,000,134 | ---- | M] () -- C:\Users\Jason\Desktop\ZIP Forms.url
[2013/02/23 09:37:36 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/23 09:37:35 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/23 09:37:35 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/23 09:37:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/23 09:37:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/23 09:37:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/22 23:17:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/22 17:29:37 | 000,210,968 | ---- | M] () -- C:\Users\Jason\Desktop\Check.png
[2013/02/15 12:19:01 | 000,205,593 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/02/15 12:15:00 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2013/02/11 11:28:31 | 000,035,896 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013/02/11 09:23:09 | 000,298,365 | ---- | M] () -- C:\Users\Jason\Desktop\Lease Extension.pdf
[2013/02/11 09:21:56 | 000,237,949 | ---- | M] () -- C:\Users\Jason\Desktop\Inventory-Lease.pdf
[2013/02/11 09:21:24 | 000,216,667 | ---- | M] () -- C:\Users\Jason\Desktop\Residential Lease.pdf
[2013/02/10 14:27:48 | 000,001,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/02/10 14:27:47 | 000,000,971 | ---- | M] () -- C:\Users\Jason\Desktop\eFax Compose Fax 4.4.lnk
[2013/02/10 14:27:43 | 000,000,964 | ---- | M] () -- C:\Users\Jason\Desktop\eFax Messenger 4.4.lnk
[2013/02/10 14:26:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\eFax_4_4_Port
[2013/02/07 18:35:01 | 000,583,916 | ---- | M] () -- C:\Users\Jason\Desktop\Bruce Signed Page0001.pdf
[2013/02/07 18:07:05 | 000,384,673 | ---- | M] () -- C:\Users\Jason\Desktop\Bruce_Reiff.pdf
[2013/02/07 18:06:25 | 000,015,254 | ---- | M] () -- C:\Users\Jason\Documents\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/07 18:06:25 | 000,015,254 | ---- | M] () -- C:\Users\Jason\Desktop\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/01 19:09:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/31 18:43:17 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Corel Website Creator X6.lnk
[2013/01/31 11:39:02 | 000,162,268 | ---- | M] () -- C:\Users\Jason\Desktop\Residential Lease App.pdf

========== Files Created - No Company Name ==========

[2013/03/01 21:41:42 | 1678,127,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/01 20:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/02/27 20:44:11 | 000,380,509 | ---- | C] () -- C:\Users\Jason\Desktop\Search Map.png
[2013/02/27 20:24:13 | 001,435,189 | ---- | C] () -- C:\Users\Jason\Desktop\Renata DL.jpg
[2013/02/27 20:03:50 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/27 18:16:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 18:12:37 | 000,136,592 | ---- | C] () -- C:\Users\Jason\Documents\cc_20130227_181235.reg
[2013/02/23 12:41:29 | 001,588,941 | ---- | C] () -- C:\Users\Jason\Desktop\Lease_Application_Nina.pdf
[2013/02/23 12:18:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/23 12:18:04 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/23 12:15:25 | 001,685,518 | ---- | C] () -- C:\Users\Jason\Desktop\Lease_Application Pryor.pdf
[2013/02/23 12:14:57 | 000,376,982 | ---- | C] () -- C:\Users\Jason\Desktop\2011_CorpTax_Return.pdf
[2013/02/23 09:40:35 | 000,000,088 | ---- | C] () -- C:\Users\Jason\.java.policy
[2013/02/23 09:39:49 | 000,000,134 | ---- | C] () -- C:\Users\Jason\Desktop\ZIP Forms.url
[2013/02/22 17:29:36 | 000,210,968 | ---- | C] () -- C:\Users\Jason\Desktop\Check.png
[2013/02/15 12:15:00 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2013/02/15 12:11:42 | 000,205,593 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/02/15 12:11:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/02/11 09:23:06 | 000,298,365 | ---- | C] () -- C:\Users\Jason\Desktop\Lease Extension.pdf
[2013/02/11 09:21:53 | 000,237,949 | ---- | C] () -- C:\Users\Jason\Desktop\Inventory-Lease.pdf
[2013/02/11 09:21:20 | 000,216,667 | ---- | C] () -- C:\Users\Jason\Desktop\Residential Lease.pdf
[2013/02/11 09:16:55 | 000,015,254 | ---- | C] () -- C:\Users\Jason\Documents\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/10 14:27:48 | 000,001,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/02/10 14:27:45 | 000,000,971 | ---- | C] () -- C:\Users\Jason\Desktop\eFax Compose Fax 4.4.lnk
[2013/02/10 14:27:41 | 000,000,964 | ---- | C] () -- C:\Users\Jason\Desktop\eFax Messenger 4.4.lnk
[2013/02/10 14:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\eFax_4_4_Port
[2013/02/07 18:35:01 | 000,583,916 | ---- | C] () -- C:\Users\Jason\Desktop\Bruce Signed Page0001.pdf
[2013/02/07 18:19:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/02/07 18:07:05 | 000,384,673 | ---- | C] () -- C:\Users\Jason\Desktop\Bruce_Reiff.pdf
[2013/02/07 18:06:19 | 000,015,254 | ---- | C] () -- C:\Users\Jason\Desktop\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/04 17:15:05 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2013/02/01 19:09:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/31 18:43:17 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Corel Website Creator X6.lnk
[2013/01/31 11:38:59 | 000,162,268 | ---- | C] () -- C:\Users\Jason\Desktop\Residential Lease App.pdf
[2013/01/15 20:38:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/15 20:33:08 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013/01/15 20:33:08 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013/01/15 20:33:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/01/15 20:33:03 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 15:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Attached Files

AdwCleanerS1.txt 3.39KB 114 downloads
OTL.Txt 89.06KB 97 downloads

#2
Essexboy

Posted 02 March 2013 - 05:04 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi it looks to be more than chitka

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\Jason\AppData\Local\Temp\5937.sys -- (5937)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2013/02/27 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/02/27 20:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#3
jasontaber

Posted 02 March 2013 - 10:25 AM

New Member

Topic Starter
Member
9 posts

Here is the OTL log
All processes killed
========== OTL ==========
Service 5937 stopped successfully!
Service 5937 deleted successfully!
File C:\Users\Jason\AppData\Local\Temp\5937.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Folder C:\ProgramData\blekko toolbars\ not found.
Folder C:\ProgramData\Search Protection\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jason
->Temp folder emptied: 582702 bytes
->Temporary Internet Files folder emptied: 141866958 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7561884 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 251881 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 143.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03022013_095914

Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WOFI9QXL\tcode3[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WOFI9QXL\tcodewads_at[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHFBV8FD\empty[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHFBV8FD\Suite[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHFBV8FD\weatherRefresh[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHFBV8FD\ygm[1].mp3 moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FXQ5OI4J\pgw8bqx-i-19873478-2009[1].eot moved successfully.
File move failed. C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7C6FYOYF\=0;kvag=0;kvinc=0;kvmar=0;kvch=0;kvseg=0;kvugc=0;kvui=48c87386774b45f7ae2ca48188a93f84;kvmn=93319415;extmirroring=0;target=_blank;aduho=-360;grp=239725770[1].htm scheduled to be moved on reboot.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7C6FYOYF\dref=http%253A%252F%252Fmail.aol.com%252F37488-111%252Faol-6%252Fen-us%252FSuite[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7C6FYOYF\page__pid__2268543[1].htm moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7C6FYOYF\pgw8bqx-i-19873478-2007[1].eot moved successfully.
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

and here is the combo fix log

ComboFix 13-03-01.01 - Jason 03/02/2013 10:11:28.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2675.1850 [GMT -6:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\boost_interprocess\20130302100256.359599
c:\programdata\boost_interprocess\20130302100256.359599\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\programdata\boost_interprocess\20130302100256.359599\plex_frame_mutex
F:\Autorun.inf
F:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 )))))))))))))))))))))))))))))))
.
.
2013-03-02 16:19 . 2013-03-02 16:20 -------- d-----w- c:\users\Jason\AppData\Local\temp
2013-03-02 16:19 . 2013-03-02 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-02 15:59 . 2013-03-02 15:59 -------- d-----w- C:\_OTL
2013-03-02 05:51 . 2013-03-02 16:19 -------- d-----w- c:\programdata\boost_interprocess
2013-03-02 05:33 . 2013-03-02 05:33 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-02 05:33 . 2013-03-02 05:33 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 00:16 . 2013-02-28 00:16 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes
2013-02-28 00:16 . 2013-02-28 00:16 -------- d-----w- c:\programdata\Malwarebytes
2013-02-28 00:16 . 2013-02-28 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-28 00:16 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-28 00:16 . 2013-02-28 00:16 -------- d-----w- c:\users\Jason\AppData\Local\Programs
2013-02-23 18:18 . 2013-02-23 18:18 -------- d-----w- c:\users\Jason\AppData\Local\Adobe
2013-02-23 15:38 . 2013-02-23 15:37 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-23 15:38 . 2013-02-23 15:37 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 15:36 . 2013-02-23 15:36 -------- d-----w- c:\programdata\McAfee
2013-02-10 20:28 . 2013-02-10 20:28 -------- d-----w- c:\users\Jason\AppData\Roaming\j2 Global
2013-02-10 20:27 . 2013-02-10 20:27 -------- d-----w- c:\users\Jason\AppData\Roaming\eFax Messenger
2013-02-10 20:26 . 2013-02-10 20:26 -------- d-----w- c:\programdata\eFax Messenger 4.4 Output
2013-02-10 20:25 . 2013-02-10 20:28 -------- d-----w- c:\program files\eFax Messenger 4.4
2013-02-06 00:18 . 2013-02-06 00:18 -------- d-----w- c:\program files\Plex
2013-02-03 18:30 . 2013-02-03 18:30 -------- d-----w- c:\windows\Hewlett-Packard
2013-02-01 22:50 . 2013-02-01 23:37 -------- d-----w- c:\users\Jason\AppData\Roaming\redsn0w
2013-02-01 00:41 . 2013-02-01 00:41 -------- d-----w- c:\program files\Corel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 02:32 . 2013-01-16 02:32 805376 ----a-w- c:\windows\system32\FntCache.dll
2013-01-16 02:32 . 2013-01-16 02:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2013-01-16 02:32 . 2013-01-16 02:32 1076736 ----a-w- c:\windows\system32\DWrite.dll
2013-01-16 02:32 . 2013-01-16 02:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-16 02:32 . 2013-01-16 02:32 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-01-16 02:32 . 2013-01-16 02:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-16 02:32 . 2013-01-16 02:32 294400 ----a-w- c:\windows\system32\atmfd.dll
2013-01-16 02:32 . 2013-01-16 02:32 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-16 02:32 . 2013-01-16 02:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-16 02:32 . 2013-01-16 02:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-16 02:31 . 2013-01-16 02:31 850944 ----a-w- c:\windows\system32\sbe.dll
2013-01-16 02:31 . 2013-01-16 02:31 642048 ----a-w- c:\windows\system32\CPFilters.dll
2013-01-16 02:31 . 2013-01-16 02:31 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-01-16 02:31 . 2013-01-16 02:31 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-16 02:31 . 2013-01-16 02:31 2330624 ----a-w- c:\windows\system32\win32k.sys
2013-01-16 02:31 . 2013-01-16 02:31 428032 ----a-w- c:\windows\system32\vbscript.dll
2013-01-16 02:31 . 2013-01-16 02:31 542208 ----a-w- c:\windows\system32\kerberos.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-27 969104]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2012-08-29 95744]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2013-01-29 3858600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-21 9718376]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-12 336384]
"HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-11-27 70656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2012-8-29 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DisplayKEY eSYNC Info.lnk - c:\dkeyusbcradle\SyncInfoApp.exe [2011-11-11 105472]
HP Digital Imaging Monitor.lnk - c:\program files\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2010-09-28 16:09 664600 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-01-27 14:47 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [x]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
S3 silabser;CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 05:12 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 05:33]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 02:58]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 02:58]
.
2013-02-27 c:\windows\Tasks\HPCeeScheduleForJason.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=C54B05ADAE65E80FBC87CD512EBAC5CB
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat
AddRemove-adawaretb - c:\program files\adawaretb\uninstall.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-02 10:22:10
ComboFix-quarantined-files.txt 2013-03-02 16:22
.
Pre-Run: 404,844,646,400 bytes free
Post-Run: 404,620,804,096 bytes free
.
- - End Of File - - D3A619FDEA12306D997E643B22E77022

Attached Files

log.txt 13.44KB 140 downloads
03022013_095914.log 7.65KB 98 downloads

#4
Essexboy

Posted 02 March 2013 - 10:29 AM

GeekU Moderator

Retired Staff
69,964 posts

Are the popups still apparent ? Could you run a fresh OTL quickscan please

#5
jasontaber

Posted 02 March 2013 - 10:32 AM

New Member

Topic Starter
Member
9 posts

still getting the popups and browswer hijacks

Attached Thumbnails

#6
Essexboy

Posted 02 March 2013 - 10:34 AM

GeekU Moderator

Retired Staff
69,964 posts

OK I will look at the fresh OTL scan and see what is there

#7
jasontaber

Posted 02 March 2013 - 10:58 AM

New Member

Topic Starter
Member
9 posts

Ran a fresh quick scan as requested.

OTL logfile created on: 3/2/2013 10:42:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.61 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 56.33% Memory free
5.22 Gb Paging File | 3.68 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 459.76 Gb Total Space | 376.88 Gb Free Space | 81.97% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.92 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 350.78 Gb Free Space | 75.31% Space Free | Partition Type: NTFS

Computer Name: JASON-HP | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/02 09:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/21 05:37:04 | 018,814,816 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/01/29 07:28:20 | 000,033,960 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2013/01/29 07:28:18 | 001,502,376 | ---- | M] (Plex, Inc.) -- C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2013/01/29 07:28:16 | 003,858,600 | ---- | M] (Plex, Inc.) -- C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/26 18:56:36 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/29 12:04:55 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2012/08/29 12:01:16 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2011/11/11 14:31:00 | 000,042,496 | ---- | M] (Supra) -- C:\dKEYUSBCradle\SyncService.exe
PRC - [2011/11/11 14:30:58 | 000,105,472 | ---- | M] (Supra) -- C:\dKEYUSBCradle\SyncInfoApp.exe
PRC - [2011/11/11 14:30:54 | 000,014,848 | ---- | M] (Supra) -- C:\dKEYUSBCradle\ProxyDaemon.exe
PRC - [2011/11/11 14:27:10 | 000,073,216 | ---- | M] () -- C:\dKEYUSBCradle\stunnel-4.10.exe
PRC - [2011/02/17 00:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2011/01/25 19:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 15:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 15:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 15:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/10 17:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/11/09 09:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/10/11 04:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010/02/11 12:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/11/17 05:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/08/24 20:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/08 18:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 18:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/29 07:28:52 | 000,058,024 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2013/01/29 07:28:52 | 000,044,712 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2013/01/29 07:28:52 | 000,033,448 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2013/01/29 07:28:52 | 000,017,576 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2013/01/29 07:28:50 | 000,841,896 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2013/01/29 07:28:50 | 000,196,264 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2013/01/29 07:28:48 | 000,825,512 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2013/01/29 07:28:48 | 000,050,344 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2013/01/29 07:28:48 | 000,033,960 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2013/01/29 07:28:46 | 000,366,248 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2013/01/29 07:28:46 | 000,094,376 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2013/01/29 07:28:44 | 000,590,504 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2013/01/29 07:28:44 | 000,017,576 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2013/01/29 07:28:42 | 000,141,992 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\zlib1.dll
MOD - [2013/01/29 07:28:42 | 000,134,824 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2013/01/29 07:28:40 | 008,495,272 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\WebKit.dll
MOD - [2013/01/29 07:28:40 | 000,629,416 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\tag.dll
MOD - [2013/01/29 07:28:40 | 000,293,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\swscale-0.dll
MOD - [2013/01/29 07:28:38 | 000,587,528 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\sqlite3.dll
MOD - [2013/01/29 07:28:38 | 000,087,208 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2013/01/29 07:28:36 | 000,150,696 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2013/01/29 07:28:34 | 000,173,736 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2013/01/29 07:28:32 | 001,010,344 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2013/01/29 07:28:30 | 000,063,656 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2013/01/29 07:28:28 | 001,291,432 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2013/01/29 07:28:24 | 000,953,000 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\CFLite.dll
MOD - [2013/01/29 07:28:22 | 001,255,120 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\avformat-52.dll
MOD - [2013/01/29 07:28:22 | 001,039,016 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\cairo.dll
MOD - [2013/01/29 07:28:22 | 000,272,072 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\avutil-50.dll
MOD - [2013/01/29 07:28:20 | 005,828,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\avcodec-52.dll
MOD - [2013/01/29 07:28:20 | 000,033,960 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/12 00:01:26 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/11/20 15:56:18 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\30b1d86571495ea86b9a19b13498aad3\WindowsFormsIntegration.ni.dll
MOD - [2010/11/20 15:52:53 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
MOD - [2010/11/20 15:52:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll
MOD - [2010/11/20 15:52:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010/11/20 15:52:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010/11/20 15:52:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
MOD - [2010/11/20 15:52:10 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/20 15:52:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/20 15:52:00 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
MOD - [2010/11/20 15:50:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/20 15:50:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/20 15:50:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/20 15:50:36 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 15:50:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010/11/10 17:39:38 | 000,096,256 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010/11/05 13:09:54 | 000,098,304 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 19:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Services (SafeList) ==========

SRV - [2013/03/01 23:33:54 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/11 14:31:00 | 000,042,496 | ---- | M] (Supra) [Auto | Running] -- C:\dKEYUSBCradle\SyncService.exe -- (dKeySync)
SRV - [2011/02/17 00:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2011/01/25 19:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/10 17:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/11 04:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/11/17 05:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jason\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/02/27 19:56:35 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/11 11:28:31 | 000,035,896 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/11 14:25:56 | 000,066,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011/11/11 14:25:56 | 000,049,416 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/11/28 15:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 15:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 15:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 15:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 15:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 10:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/11/09 09:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/04 07:52:50 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/11/04 07:52:50 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010/02/18 11:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/09/16 01:37:08 | 000,083,888 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxSer.sys -- (OxSer)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/07/31 05:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/19
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{C20123EB-608F-4110-A3FA-EF65B9A8C98B}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....C87CD512EBAC5CB
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{C20123EB-608F-4110-A3FA-EF65B9A8C98B}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/27 01:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/27 01:14:51 | 000,000,000 | ---D | M]

[2013/01/27 08:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/27 08:47:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Logo Maker = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh\1_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SecureSearch = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/02 10:19:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5110868B-96A9-4C1A-A370-55044B8FBAE8}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 10:22:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/02 10:22:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\temp
[2013/03/02 10:08:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/02 10:08:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/02 10:08:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/02 10:08:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/02 10:08:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/02 10:07:50 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe
[2013/03/02 09:59:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/02 09:57:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/03/01 23:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/03/01 22:17:27 | 000,035,896 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013/02/27 20:41:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2013/02/27 20:39:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LavasoftStatistics
[2013/02/27 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/27 20:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/27 20:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/27 20:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/02/27 20:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/27 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\adawarebp
[2013/02/27 20:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/27 20:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/27 20:02:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SecureSearch
[2013/02/27 19:56:36 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/27 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Ad-Aware Antivirus
[2013/02/27 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2013/02/27 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/27 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/27 18:16:17 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/27 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/27 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Programs
[2013/02/24 10:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/23 12:18:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe
[2013/02/23 09:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/23 09:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/18 18:37:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\The Walking Dead 1-90
[2013/02/16 14:06:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gary Allan - Set You Free (2013)
[2013/02/15 12:02:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Mary Margaret
[2013/02/10 14:28:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\j2 Global
[2013/02/10 14:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\eFax Messenger
[2013/02/10 14:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2013/02/10 14:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\eFax Messenger 4.4
[2013/02/10 14:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2013/02/10 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2013/02/07 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My Scans
[2013/02/05 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/02/05 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2013/02/03 12:30:45 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/02/01 16:50:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\redsn0w
[2013/01/31 18:43:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Corel Website Creator X6
[2013/01/31 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2013/01/31 18:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013/01/31 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel Website Creator X6
[2013/01/31 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\HTML And CSS - Design And Build Websites V413HAV

========== Files - Modified Within 30 Days ==========

[2013/03/02 10:42:21 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 10:42:21 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 10:40:38 | 000,657,732 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/02 10:40:38 | 000,119,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/02 10:34:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 10:34:32 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/03/02 10:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 10:33:52 | 2103,349,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 10:30:54 | 000,012,799 | ---- | M] () -- C:\Users\Jason\Desktop\Untitled 2.png
[2013/03/02 10:27:25 | 000,111,877 | ---- | M] () -- C:\Users\Jason\Desktop\ilivid.png
[2013/03/02 10:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 10:22:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 10:19:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/02 10:08:10 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe
[2013/03/02 09:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/03/01 21:41:42 | 1678,127,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/27 20:44:12 | 000,380,509 | ---- | M] () -- C:\Users\Jason\Desktop\Search Map.png
[2013/02/27 20:23:49 | 001,435,189 | ---- | M] () -- C:\Users\Jason\Desktop\Renata DL.jpg
[2013/02/27 19:56:35 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/27 18:16:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 18:12:40 | 000,136,592 | ---- | M] () -- C:\Users\Jason\Documents\cc_20130227_181235.reg
[2013/02/27 17:14:20 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2013/02/23 12:41:34 | 001,588,941 | ---- | M] () -- C:\Users\Jason\Desktop\Lease_Application_Nina.pdf
[2013/02/23 12:15:27 | 001,685,518 | ---- | M] () -- C:\Users\Jason\Desktop\Lease_Application Pryor.pdf
[2013/02/23 12:14:59 | 000,376,982 | ---- | M] () -- C:\Users\Jason\Desktop\2011_CorpTax_Return.pdf
[2013/02/23 09:40:35 | 000,000,088 | ---- | M] () -- C:\Users\Jason\.java.policy
[2013/02/23 09:39:59 | 000,000,134 | ---- | M] () -- C:\Users\Jason\Desktop\ZIP Forms.url
[2013/02/22 23:17:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/22 17:29:37 | 000,210,968 | ---- | M] () -- C:\Users\Jason\Desktop\Check.png
[2013/02/15 12:19:01 | 000,205,593 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/02/15 12:15:00 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2013/02/11 11:28:31 | 000,035,896 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013/02/11 09:23:09 | 000,298,365 | ---- | M] () -- C:\Users\Jason\Desktop\Lease Extension.pdf
[2013/02/11 09:21:56 | 000,237,949 | ---- | M] () -- C:\Users\Jason\Desktop\Inventory-Lease.pdf
[2013/02/11 09:21:24 | 000,216,667 | ---- | M] () -- C:\Users\Jason\Desktop\Residential Lease.pdf
[2013/02/10 14:27:48 | 000,001,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/02/10 14:27:47 | 000,000,971 | ---- | M] () -- C:\Users\Jason\Desktop\eFax Compose Fax 4.4.lnk
[2013/02/10 14:27:43 | 000,000,964 | ---- | M] () -- C:\Users\Jason\Desktop\eFax Messenger 4.4.lnk
[2013/02/10 14:26:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\eFax_4_4_Port
[2013/02/07 18:35:01 | 000,583,916 | ---- | M] () -- C:\Users\Jason\Desktop\Bruce Signed Page0001.pdf
[2013/02/07 18:07:05 | 000,384,673 | ---- | M] () -- C:\Users\Jason\Desktop\Bruce_Reiff.pdf
[2013/02/07 18:06:25 | 000,015,254 | ---- | M] () -- C:\Users\Jason\Documents\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/07 18:06:25 | 000,015,254 | ---- | M] () -- C:\Users\Jason\Desktop\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/01 19:09:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/31 18:43:17 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Corel Website Creator X6.lnk
[2013/01/31 11:39:02 | 000,162,268 | ---- | M] () -- C:\Users\Jason\Desktop\Residential Lease App.pdf

========== Files Created - No Company Name ==========

[2013/03/02 10:30:54 | 000,012,799 | ---- | C] () -- C:\Users\Jason\Desktop\Untitled 2.png
[2013/03/02 10:27:24 | 000,111,877 | ---- | C] () -- C:\Users\Jason\Desktop\ilivid.png
[2013/03/02 10:08:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/02 10:08:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/02 10:08:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/02 10:08:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/02 10:08:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/01 23:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/01 21:41:42 | 1678,127,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/27 20:44:11 | 000,380,509 | ---- | C] () -- C:\Users\Jason\Desktop\Search Map.png
[2013/02/27 20:24:13 | 001,435,189 | ---- | C] () -- C:\Users\Jason\Desktop\Renata DL.jpg
[2013/02/27 20:03:50 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/27 18:16:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 18:12:37 | 000,136,592 | ---- | C] () -- C:\Users\Jason\Documents\cc_20130227_181235.reg
[2013/02/23 12:41:29 | 001,588,941 | ---- | C] () -- C:\Users\Jason\Desktop\Lease_Application_Nina.pdf
[2013/02/23 12:15:25 | 001,685,518 | ---- | C] () -- C:\Users\Jason\Desktop\Lease_Application Pryor.pdf
[2013/02/23 12:14:57 | 000,376,982 | ---- | C] () -- C:\Users\Jason\Desktop\2011_CorpTax_Return.pdf
[2013/02/23 09:40:35 | 000,000,088 | ---- | C] () -- C:\Users\Jason\.java.policy
[2013/02/23 09:39:49 | 000,000,134 | ---- | C] () -- C:\Users\Jason\Desktop\ZIP Forms.url
[2013/02/22 17:29:36 | 000,210,968 | ---- | C] () -- C:\Users\Jason\Desktop\Check.png
[2013/02/15 12:15:00 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2013/02/15 12:11:42 | 000,205,593 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/02/15 12:11:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/02/11 09:23:06 | 000,298,365 | ---- | C] () -- C:\Users\Jason\Desktop\Lease Extension.pdf
[2013/02/11 09:21:53 | 000,237,949 | ---- | C] () -- C:\Users\Jason\Desktop\Inventory-Lease.pdf
[2013/02/11 09:21:20 | 000,216,667 | ---- | C] () -- C:\Users\Jason\Desktop\Residential Lease.pdf
[2013/02/11 09:16:55 | 000,015,254 | ---- | C] () -- C:\Users\Jason\Documents\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/10 14:27:48 | 000,001,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/02/10 14:27:45 | 000,000,971 | ---- | C] () -- C:\Users\Jason\Desktop\eFax Compose Fax 4.4.lnk
[2013/02/10 14:27:41 | 000,000,964 | ---- | C] () -- C:\Users\Jason\Desktop\eFax Messenger 4.4.lnk
[2013/02/10 14:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\eFax_4_4_Port
[2013/02/07 18:35:01 | 000,583,916 | ---- | C] () -- C:\Users\Jason\Desktop\Bruce Signed Page0001.pdf
[2013/02/07 18:19:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/02/07 18:07:05 | 000,384,673 | ---- | C] () -- C:\Users\Jason\Desktop\Bruce_Reiff.pdf
[2013/02/07 18:06:19 | 000,015,254 | ---- | C] () -- C:\Users\Jason\Desktop\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/04 17:15:05 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2013/02/01 19:09:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/31 18:43:17 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Corel Website Creator X6.lnk
[2013/01/31 11:38:59 | 000,162,268 | ---- | C] () -- C:\Users\Jason\Desktop\Residential Lease App.pdf
[2013/01/15 20:38:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/15 20:33:08 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013/01/15 20:33:08 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013/01/15 20:33:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/01/15 20:33:03 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 15:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/01 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ad-Aware Antivirus
[2013/02/10 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\eFax Messenger
[2013/02/10 14:28:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\j2 Global
[2013/01/27 01:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NewspaperDirect
[2013/02/01 17:37:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\redsn0w
[2013/02/27 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SecureSearch
[2013/03/02 10:38:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Attached Files

OTL.Txt 90.95KB 94 downloads

#8
Essexboy

Posted 02 March 2013 - 11:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Does this appear in all browsers ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....C87CD512EBAC5CB
[2013/01/27 08:47:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/02/27 20:02:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SecureSearch
[2013/03/02 10:27:24 | 000,111,877 | ---- | C] () -- C:\Users\Jason\Desktop\ilivid.png

:Files
ipconfig /flusdns /c

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download to your desktop Short cut cleaner
Then run.
Posted Image

When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
Please post that log

#9
jasontaber

Posted 02 March 2013 - 11:40 AM

New Member

Topic Starter
Member
9 posts

yes it is appearing in all browsers

#10
jasontaber

Posted 02 March 2013 - 12:04 PM

New Member

Topic Starter
Member
9 posts

Here is the scan after running.

OTL logfile created on: 3/2/2013 11:49:11 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.61 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 60.97% Memory free
5.22 Gb Paging File | 4.12 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 459.76 Gb Total Space | 376.56 Gb Free Space | 81.91% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.92 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 350.64 Gb Free Space | 75.28% Space Free | Partition Type: NTFS

Computer Name: JASON-HP | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/02 09:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/21 05:37:04 | 018,814,816 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/01/27 09:39:55 | 000,162,816 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/26 18:56:36 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/29 12:04:55 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2012/08/29 12:01:16 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2011/11/11 14:31:00 | 000,042,496 | ---- | M] (Supra) -- C:\dKEYUSBCradle\SyncService.exe
PRC - [2011/11/11 14:30:58 | 000,105,472 | ---- | M] (Supra) -- C:\dKEYUSBCradle\SyncInfoApp.exe
PRC - [2011/11/11 14:30:54 | 000,014,848 | ---- | M] (Supra) -- C:\dKEYUSBCradle\ProxyDaemon.exe
PRC - [2011/11/11 14:27:10 | 000,073,216 | ---- | M] () -- C:\dKEYUSBCradle\stunnel-4.10.exe
PRC - [2011/02/17 00:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2011/01/25 19:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 15:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 15:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 15:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/10 17:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/11/09 09:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/10/11 04:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010/02/11 12:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/11/17 22:14:12 | 000,259,712 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\hp\Digital Imaging\bin\hpqdstcp.exe
PRC - [2009/11/17 05:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/08/24 20:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/13 19:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/08 18:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 18:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/27 09:39:55 | 000,162,816 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 15:52:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010/11/20 15:52:10 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/20 15:52:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/20 15:50:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/20 15:50:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/20 15:50:36 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 15:50:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 19:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Services (SafeList) ==========

SRV - [2013/03/01 23:33:54 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/11 14:31:00 | 000,042,496 | ---- | M] (Supra) [Auto | Running] -- C:\dKEYUSBCradle\SyncService.exe -- (dKeySync)
SRV - [2011/02/17 00:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2011/01/25 19:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/10 17:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/11/09 09:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/11 04:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/11/17 05:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jason\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/02/27 19:56:35 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/11 11:28:31 | 000,035,896 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/11 14:25:56 | 000,066,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011/11/11 14:25:56 | 000,049,416 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/11/28 15:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 15:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 15:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 15:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 15:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 10:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/11/09 09:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/04 07:52:50 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/11/04 07:52:50 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010/02/18 11:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/09/16 01:37:08 | 000,083,888 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxSer.sys -- (OxSer)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/07/31 05:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/19
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{C20123EB-608F-4110-A3FA-EF65B9A8C98B}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{C20123EB-608F-4110-A3FA-EF65B9A8C98B}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/27 01:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/27 01:14:51 | 000,000,000 | ---D | M]

[2013/03/02 11:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Logo Maker = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh\1_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/02 11:42:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5110868B-96A9-4C1A-A370-55044B8FBAE8}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 10:22:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/02 10:22:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\temp
[2013/03/02 10:08:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/02 10:08:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/02 10:08:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/02 10:08:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/02 10:08:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/02 10:07:50 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe
[2013/03/02 09:59:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/02 09:57:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/03/01 23:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/03/01 22:17:27 | 000,035,896 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013/02/27 20:41:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2013/02/27 20:39:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LavasoftStatistics
[2013/02/27 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/27 20:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/27 20:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/27 20:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/02/27 20:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/27 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\adawarebp
[2013/02/27 20:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/27 20:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/27 19:56:36 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/27 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Ad-Aware Antivirus
[2013/02/27 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2013/02/27 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/27 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/27 18:16:17 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/27 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/27 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Programs
[2013/02/24 10:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/23 12:18:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe
[2013/02/23 09:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/23 09:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/18 18:37:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\The Walking Dead 1-90
[2013/02/16 14:06:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gary Allan - Set You Free (2013)
[2013/02/15 12:02:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Mary Margaret
[2013/02/10 14:28:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\j2 Global
[2013/02/10 14:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\eFax Messenger
[2013/02/10 14:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2013/02/10 14:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\eFax Messenger 4.4
[2013/02/10 14:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2013/02/10 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2013/02/07 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My Scans
[2013/02/05 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/02/05 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2013/02/03 12:30:45 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/02/01 16:50:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\redsn0w
[2013/01/31 18:43:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Corel Website Creator X6
[2013/01/31 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2013/01/31 18:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013/01/31 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel Website Creator X6
[2013/01/31 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\HTML And CSS - Design And Build Websites V413HAV

========== Files - Modified Within 30 Days ==========

[2013/03/02 11:52:42 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 11:52:42 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 11:51:56 | 000,657,732 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/02 11:51:56 | 000,119,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/02 11:48:22 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/03/02 11:46:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 11:44:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 11:44:34 | 2103,349,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 11:42:17 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/03/02 11:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 11:22:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 10:30:54 | 000,012,799 | ---- | M] () -- C:\Users\Jason\Desktop\Untitled 2.png
[2013/03/02 10:08:10 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe
[2013/03/02 09:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2013/03/01 21:41:42 | 1678,127,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/27 20:44:12 | 000,380,509 | ---- | M] () -- C:\Users\Jason\Desktop\Search Map.png
[2013/02/27 20:23:49 | 001,435,189 | ---- | M] () -- C:\Users\Jason\Desktop\Renata DL.jpg
[2013/02/27 19:56:35 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/27 18:16:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 18:12:40 | 000,136,592 | ---- | M] () -- C:\Users\Jason\Documents\cc_20130227_181235.reg
[2013/02/27 17:14:20 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2013/02/23 12:41:34 | 001,588,941 | ---- | M] () -- C:\Users\Jason\Desktop\Lease_Application_Nina.pdf
[2013/02/23 12:15:27 | 001,685,518 | ---- | M] () -- C:\Users\Jason\Desktop\Lease_Application Pryor.pdf
[2013/02/23 12:14:59 | 000,376,982 | ---- | M] () -- C:\Users\Jason\Desktop\2011_CorpTax_Return.pdf
[2013/02/23 09:40:35 | 000,000,088 | ---- | M] () -- C:\Users\Jason\.java.policy
[2013/02/23 09:39:59 | 000,000,134 | ---- | M] () -- C:\Users\Jason\Desktop\ZIP Forms.url
[2013/02/22 23:17:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/22 17:29:37 | 000,210,968 | ---- | M] () -- C:\Users\Jason\Desktop\Check.png
[2013/02/15 12:19:01 | 000,205,593 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/02/15 12:15:00 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2013/02/11 11:28:31 | 000,035,896 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013/02/11 09:23:09 | 000,298,365 | ---- | M] () -- C:\Users\Jason\Desktop\Lease Extension.pdf
[2013/02/11 09:21:56 | 000,237,949 | ---- | M] () -- C:\Users\Jason\Desktop\Inventory-Lease.pdf
[2013/02/11 09:21:24 | 000,216,667 | ---- | M] () -- C:\Users\Jason\Desktop\Residential Lease.pdf
[2013/02/10 14:27:48 | 000,001,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/02/10 14:27:47 | 000,000,971 | ---- | M] () -- C:\Users\Jason\Desktop\eFax Compose Fax 4.4.lnk
[2013/02/10 14:27:43 | 000,000,964 | ---- | M] () -- C:\Users\Jason\Desktop\eFax Messenger 4.4.lnk
[2013/02/10 14:26:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\eFax_4_4_Port
[2013/02/07 18:35:01 | 000,583,916 | ---- | M] () -- C:\Users\Jason\Desktop\Bruce Signed Page0001.pdf
[2013/02/07 18:07:05 | 000,384,673 | ---- | M] () -- C:\Users\Jason\Desktop\Bruce_Reiff.pdf
[2013/02/07 18:06:25 | 000,015,254 | ---- | M] () -- C:\Users\Jason\Documents\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/07 18:06:25 | 000,015,254 | ---- | M] () -- C:\Users\Jason\Desktop\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/01 19:09:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/31 18:43:17 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Corel Website Creator X6.lnk

========== Files Created - No Company Name ==========

[2013/03/02 10:30:54 | 000,012,799 | ---- | C] () -- C:\Users\Jason\Desktop\Untitled 2.png
[2013/03/02 10:08:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/02 10:08:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/02 10:08:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/02 10:08:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/02 10:08:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/01 23:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/01 21:41:42 | 1678,127,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/27 20:44:11 | 000,380,509 | ---- | C] () -- C:\Users\Jason\Desktop\Search Map.png
[2013/02/27 20:24:13 | 001,435,189 | ---- | C] () -- C:\Users\Jason\Desktop\Renata DL.jpg
[2013/02/27 20:03:50 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/27 18:16:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 18:12:37 | 000,136,592 | ---- | C] () -- C:\Users\Jason\Documents\cc_20130227_181235.reg
[2013/02/23 12:41:29 | 001,588,941 | ---- | C] () -- C:\Users\Jason\Desktop\Lease_Application_Nina.pdf
[2013/02/23 12:15:25 | 001,685,518 | ---- | C] () -- C:\Users\Jason\Desktop\Lease_Application Pryor.pdf
[2013/02/23 12:14:57 | 000,376,982 | ---- | C] () -- C:\Users\Jason\Desktop\2011_CorpTax_Return.pdf
[2013/02/23 09:40:35 | 000,000,088 | ---- | C] () -- C:\Users\Jason\.java.policy
[2013/02/23 09:39:49 | 000,000,134 | ---- | C] () -- C:\Users\Jason\Desktop\ZIP Forms.url
[2013/02/22 17:29:36 | 000,210,968 | ---- | C] () -- C:\Users\Jason\Desktop\Check.png
[2013/02/15 12:15:00 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2013/02/15 12:11:42 | 000,205,593 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/02/15 12:11:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/02/11 09:23:06 | 000,298,365 | ---- | C] () -- C:\Users\Jason\Desktop\Lease Extension.pdf
[2013/02/11 09:21:53 | 000,237,949 | ---- | C] () -- C:\Users\Jason\Desktop\Inventory-Lease.pdf
[2013/02/11 09:21:20 | 000,216,667 | ---- | C] () -- C:\Users\Jason\Desktop\Residential Lease.pdf
[2013/02/11 09:16:55 | 000,015,254 | ---- | C] () -- C:\Users\Jason\Documents\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/10 14:27:48 | 000,001,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/02/10 14:27:45 | 000,000,971 | ---- | C] () -- C:\Users\Jason\Desktop\eFax Compose Fax 4.4.lnk
[2013/02/10 14:27:41 | 000,000,964 | ---- | C] () -- C:\Users\Jason\Desktop\eFax Messenger 4.4.lnk
[2013/02/10 14:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\eFax_4_4_Port
[2013/02/07 18:35:01 | 000,583,916 | ---- | C] () -- C:\Users\Jason\Desktop\Bruce Signed Page0001.pdf
[2013/02/07 18:19:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/02/07 18:07:05 | 000,384,673 | ---- | C] () -- C:\Users\Jason\Desktop\Bruce_Reiff.pdf
[2013/02/07 18:06:19 | 000,015,254 | ---- | C] () -- C:\Users\Jason\Desktop\last_two_pay_stubs_for_Bruce_Reiff.pdf
[2013/02/04 17:15:05 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2013/02/01 19:09:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/31 18:43:17 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Corel Website Creator X6.lnk
[2013/01/15 20:38:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/15 20:33:08 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013/01/15 20:33:08 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013/01/15 20:33:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/01/15 20:33:03 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 15:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/01 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ad-Aware Antivirus
[2013/02/10 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\eFax Messenger
[2013/02/10 14:28:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\j2 Global
[2013/01/27 01:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NewspaperDirect
[2013/02/01 17:37:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\redsn0w
[2013/03/02 11:48:46 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Attached Files

OTL 1203PM.Txt 78.9KB 97 downloads

#11
jasontaber

Posted 02 March 2013 - 12:07 PM

New Member

Topic Starter
Member
9 posts

here is the short cut cleaner log

Shortcut Cleaner 1.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingc...ortcut-cleaner/

Program started at: 03/02/2013 12:06:54 PM.

Searching C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Jason\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Jason\Desktop\

0 bad shortcuts found.

Program finished at: 03/02/2013 12:06:57 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

#12
Essexboy

Posted 02 March 2013 - 12:39 PM

GeekU Moderator

Retired Staff
69,964 posts

I'd like to check out the MBR next

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#13
jasontaber

Posted 02 March 2013 - 02:23 PM

New Member

Topic Starter
Member
9 posts

14:18:38.0861 3356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:18:40.0733 3356 ============================================================
14:18:40.0733 3356 Current date / time: 2013/03/02 14:18:40.0733
14:18:40.0733 3356 SystemInfo:
14:18:40.0733 3356
14:18:40.0733 3356 OS Version: 6.1.7601 ServicePack: 1.0
14:18:40.0733 3356 Product type: Workstation
14:18:40.0733 3356 ComputerName: JASON-HP
14:18:40.0733 3356 UserName: Jason
14:18:40.0733 3356 Windows directory: C:\Windows
14:18:40.0733 3356 System windows directory: C:\Windows
14:18:40.0733 3356 Processor architecture: Intel x86
14:18:40.0733 3356 Number of processors: 2
14:18:40.0733 3356 Page size: 0x1000
14:18:40.0733 3356 Boot type: Normal boot
14:18:40.0733 3356 ============================================================
14:18:44.0194 3356 BG loaded
14:18:45.0551 3356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:18:45.0567 3356 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:18:45.0645 3356 ============================================================
14:18:45.0645 3356 \Device\Harddisk0\DR0:
14:18:45.0645 3356 MBR partitions:
14:18:45.0645 3356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:18:45.0645 3356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x39782FC1
14:18:45.0645 3356 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x397B5800, BlocksNum 0xBD0000
14:18:45.0645 3356 \Device\Harddisk1\DR1:
14:18:45.0645 3356 MBR partitions:
14:18:45.0645 3356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
14:18:45.0645 3356 ============================================================
14:18:45.0738 3356 C: <-> \Device\Harddisk0\DR0\Partition2
14:18:45.0801 3356 D: <-> \Device\Harddisk0\DR0\Partition3
14:18:45.0847 3356 F: <-> \Device\Harddisk1\DR1\Partition1
14:18:45.0847 3356 ============================================================
14:18:45.0847 3356 Initialize success
14:18:45.0847 3356 ============================================================

Attached Files

Report.txt 2.33KB 104 downloads

#14
Essexboy

Posted 02 March 2013 - 02:28 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you locate and post the log located at C:\TDSSKiller date time this will be a larger log than the one you posted

#15
jasontaber

Posted 02 March 2013 - 02:30 PM

New Member

Topic Starter
Member
9 posts

so far it looks like they are gone, I have gone back to numerous sites that previously had the popups and they have not come back. Will monitor and let you know if I see anything else. Should I proceed with running anything else right now? Also, THANK YOU FOR YOUR HELP!