Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help me cure an 'Arestocrat' issue please. [Solved]

Started by Thumperness , Apr 15 2013 04:55 PM

  • This topic is locked This topic is locked

#16
SweetTech
Posted 29 April 2013 - 05:28 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

That's definitely interesting. It looks like it was able to run successfully the first time.

Were you able to install the updates for those programs?

How about running the new scan with OTL?
  • 0

Advertisements

#17
Thumperness
Posted 29 April 2013 - 07:18 PM

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Sorry forgot the last step. and yes, I did get the updates done.

OTL logfile created on: 4/29/2013 7:54:34 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 50.72% Memory free
7.98 Gb Paging File | 5.88 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.64 Gb Total Space | 128.54 Gb Free Space | 58.26% Space Free | Partition Type: NTFS
Drive D: | 12.24 Gb Total Space | 1.96 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 7.09 Gb Free Space | 94.09% Space Free | Partition Type: FAT32

Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/29 16:18:00 | 000,812,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/05 16:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\michael\Desktop\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/29 06:44:10 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/03/31 23:34:36 | 000,243,000 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/17 19:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/04/29 16:21:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/23 11:33:54 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/10/03 03:40:12 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/06/29 10:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/04/17 14:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/31 22:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/10/31 22:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/10/31 22:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/17 19:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/06/18 18:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{759345B3-AC48-4804-9E40-35C185F07A7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{8633B2DC-E7FA-4574-8487-9D6684A7E0AC}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{759345B3-AC48-4804-9E40-35C185F07A7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{8633B2DC-E7FA-4574-8487-9D6684A7E0AC}: "URL" = http://search.live.c...ms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {317C33E3-EF69-4F04-858A-4D4A87CBBCEE}
IE - HKCU\..\SearchScopes\{317C33E3-EF69-4F04-858A-4D4A87CBBCEE}: "URL" = http://search.condui...5201140955&UM=2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{759345B3-AC48-4804-9E40-35C185F07A7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{8633B2DC-E7FA-4574-8487-9D6684A7E0AC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{A9540CC9-D669-49AA-BEEF-BEA33A77FD77}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3292583&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...Suggest.ashx?q=[{searchTerms}]
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2013/04/29 17:20:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133515F6-3947-4956-A8FE-C453CB012ADB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\michael\Pictures\Picasa\Backgrounds\picasabackground-008.bmp
O24 - Desktop BackupWallPaper: C:\Users\michael\Pictures\Picasa\Backgrounds\picasabackground-008.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/29 16:45:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/29 16:44:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\michael\Desktop\OTL.exe
[2013/04/29 16:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/29 16:35:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/29 16:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/04/25 12:17:34 | 000,000,000 | ---D | C] -- C:\Users\michael\{85c367fc-3aa0-4ee5-80e0-48accceb0378}
[2013/04/25 12:06:46 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/04/25 11:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/04/25 11:52:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/04/25 11:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/04/25 11:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/04/25 11:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/04/25 11:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/25 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Windows Live
[2013/04/25 11:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/04/24 19:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/24 19:20:50 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Malwarebytes
[2013/04/24 19:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/24 19:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/24 19:20:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/24 19:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/22 21:28:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/22 21:24:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/22 20:49:41 | 005,058,971 | R--- | C] (Swearware) -- C:\Users\michael\Desktop\ComboFix.exe
[2013/04/18 20:39:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/18 20:39:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/18 20:39:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/18 20:26:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/18 20:26:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/14 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/04/14 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/14 21:06:06 | 000,000,000 | ---D | C] -- C:\c436a84ee753aa7da4d22c7e34
[2013/04/14 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Solid Savings
[2013/04/14 20:47:36 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Updater26278
[2013/04/14 20:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid Savings
[2013/04/14 20:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/04/14 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V1
[2013/04/14 20:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/04/14 20:46:28 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\CRE

========== Files - Modified Within 30 Days ==========

[2013/04/29 19:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/29 19:51:11 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/04/29 19:50:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 19:50:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 19:50:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 19:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/29 19:50:21 | 4193,460,224 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/29 17:20:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/29 17:13:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormichael.job
[2013/04/29 17:03:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 16:41:32 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/04/25 12:27:25 | 000,399,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/25 12:22:11 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/25 12:22:11 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/25 12:22:11 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/25 11:31:59 | 000,890,825 | ---- | M] () -- C:\Users\michael\Desktop\SecurityCheck.exe
[2013/04/24 19:20:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/22 20:56:00 | 005,058,971 | R--- | M] (Swearware) -- C:\Users\michael\Desktop\ComboFix.exe
[2013/04/19 20:42:32 | 000,000,935 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/17 18:24:22 | 000,000,732 | ---- | M] () -- C:\Users\michael\AppData\Local\d3d9caps64.dat
[2013/04/14 21:06:39 | 000,002,125 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/11 12:06:38 | 000,002,343 | ---- | M] () -- C:\Users\michael\Desktop\SyncToy 2.1.lnk
[2013/04/10 20:38:11 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/10 09:47:55 | 662,502,122 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/29 16:41:32 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/04/29 16:41:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/04/25 12:01:22 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013/04/25 11:59:38 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/04/25 11:57:50 | 000,001,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/04/25 11:56:43 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/04/25 11:31:49 | 000,890,825 | ---- | C] () -- C:\Users\michael\Desktop\SecurityCheck.exe
[2013/04/24 19:20:38 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 20:42:07 | 000,000,935 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/18 20:39:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/18 20:39:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/18 20:39:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/18 20:39:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/18 20:39:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/17 18:26:44 | 4193,460,224 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/15 17:20:32 | 000,000,732 | ---- | C] () -- C:\Users\michael\AppData\Local\d3d9caps64.dat
[2013/04/14 21:11:53 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/14 20:53:42 | 000,002,125 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/10 09:47:55 | 662,502,122 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/21 14:21:05 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/03/21 14:20:47 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/02/13 16:54:53 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~kDqks0vXgzNbbV
[2012/02/13 16:54:53 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~kDqks0vXgzNbbVr
[2012/02/13 16:54:45 | 000,000,456 | -H-- | C] () -- C:\ProgramData\kDqks0vXgzNbbV
[2012/01/07 14:15:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Alerts
[2012/01/07 14:15:34 | 000,000,268 | RH-- | C] () -- C:\Users\michael\AppData\Roaming\Abstract
[2012/01/07 14:15:34 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Audio Units
[2012/01/07 14:14:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambience
[2012/01/07 14:14:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2012/01/07 14:14:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2012/01/07 14:14:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Audio
[2012/01/07 14:13:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\Abstract
[2011/11/28 16:10:58 | 000,000,268 | RH-- | C] () -- C:\Users\michael\AppData\Roaming\AccountTypes
[2011/11/28 16:10:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/11/28 16:10:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/11/28 16:10:57 | 000,000,268 | RH-- | C] () -- C:\Users\michael\AppData\Roaming\vhosts
[2011/11/28 16:10:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2009/09/02 09:19:49 | 000,024,226 | -H-- | C] () -- C:\Users\michael\AppData\Roaming\UserTile.png
[2009/07/02 17:47:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/29 10:32:46 | 000,007,052 | ---- | C] () -- C:\Users\michael\AppData\Local\d3d9caps.dat
[2009/06/25 07:42:13 | 000,018,432 | ---- | C] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 22:29:39 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2010/04/04 21:02:00 | 000,000,000 | -H-D | M] -- C:\Users\michael\AppData\Roaming\Arkadium
[2010/09/17 10:31:09 | 000,000,000 | -H-D | M] -- C:\Users\michael\AppData\Roaming\EA
[2011/12/03 12:12:12 | 000,000,000 | -H-D | M] -- C:\Users\michael\AppData\Roaming\Nikon
[2011/03/17 15:13:46 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Oberon Media
[2009/09/02 09:19:49 | 000,000,000 | -H-D | M] -- C:\Users\michael\AppData\Roaming\PeerNetworking
[2012/02/13 17:18:19 | 000,000,000 | -H-D | M] -- C:\Users\michael\AppData\Roaming\Tific

========== Purity Check ==========



========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/04 09:38:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/04 09:38:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/04 09:38:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/02/22 00:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/02/22 00:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2013/04/25 10:08:46 | 000,270,019 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2013/04/25 11:44:18 | 000,000,004 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/03/19 09:48:23 | 000,548,874 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\en-US-1-2.bdic
[2012/02/19 17:47:58 | 000,441,089 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\en-US-2-1.bdic
[2013/03/25 16:49:42 | 000,440,949 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\en-US-2-4.bdic
[2013/04/22 20:46:04 | 000,440,949 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\en-US-3-0.bdic
[2010/06/09 12:02:13 | 000,000,000 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\First Run
[2013/04/25 11:44:17 | 000,030,759 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Local State
[2013/04/25 11:39:34 | 010,971,308 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2013/04/25 11:39:35 | 001,454,300 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set
[2013/04/25 11:40:02 | 000,006,144 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2013/04/25 11:40:02 | 000,004,640 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2013/04/25 11:39:35 | 000,134,868 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2013/04/25 11:39:33 | 001,392,824 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2013/04/25 11:39:35 | 000,019,780 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2013/04/25 11:39:35 | 000,004,664 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist
[2012/02/19 17:46:19 | 000,000,055 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Service State
[1 C:\Users\michael\AppData\Local\Google\Chrome\User Data\*.tmp files -> C:\Users\michael\AppData\Local\Google\Chrome\User Data\*.tmp -> ]
[2013/03/24 21:18:28 | 000,057,344 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2013/03/24 21:18:28 | 000,000,512 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2013/04/24 19:14:17 | 000,027,984 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2013/04/24 19:14:17 | 000,027,984 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2013/04/25 11:44:14 | 000,181,248 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2013/04/25 11:44:14 | 000,016,384 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2013/04/25 11:44:17 | 000,466,722 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2013/04/25 11:44:17 | 000,030,676 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2013/04/18 16:20:26 | 000,006,144 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2013/04/18 16:20:27 | 000,003,608 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
[2013/04/25 11:43:55 | 000,100,352 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2013/04/25 11:43:55 | 000,016,384 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/04/28 10:23:44 | 000,150,798 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2013/04/25 11:44:17 | 000,196,608 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\History
[2013/03/25 16:54:36 | 000,102,400 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-03
[2013/04/25 11:43:56 | 000,811,008 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-04
[2013/04/25 11:43:56 | 000,016,384 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-04-journal
[2013/04/25 11:44:17 | 000,016,745 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2013/04/25 11:44:17 | 000,016,384 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2013/04/24 19:18:04 | 000,050,502 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2013/04/24 19:18:04 | 000,019,048 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/03/19 09:46:17 | 000,012,288 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2013/04/24 19:40:34 | 000,000,008 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings
[2013/04/25 11:28:36 | 000,021,504 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2013/04/25 11:28:36 | 000,009,800 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2013/04/18 16:22:09 | 000,009,216 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
[2013/04/18 16:22:09 | 000,003,608 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
[2013/04/25 11:44:18 | 000,071,272 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2013/04/19 20:42:32 | 000,085,643 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad
[2013/04/18 16:22:09 | 000,013,312 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2013/04/18 16:22:09 | 000,006,704 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
[2013/03/24 21:19:27 | 000,000,180 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\README
[2013/04/25 11:28:36 | 000,012,288 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2013/04/25 11:28:36 | 000,012,824 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2013/04/24 20:40:40 | 000,049,152 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2013/04/24 20:40:40 | 000,012,824 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2013/04/25 11:29:08 | 000,000,008 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2013/04/25 11:44:18 | 000,131,072 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2013/04/24 19:40:25 | 000,083,968 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2013/04/24 19:40:25 | 000,012,848 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[1 C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\*.tmp files -> C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\*.tmp -> ]
[2013/04/18 16:21:08 | 000,007,168 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2013/04/18 16:21:08 | 000,005,672 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal
[2013/04/18 16:21:34 | 000,013,312 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0\2
[2013/04/18 16:21:30 | 000,286,720 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0\3
[2013/04/18 16:21:51 | 000,154,624 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndlegeeaeejpodkbnkkofpjpjeigcopp_0\4
[2013/04/22 20:44:47 | 000,000,231 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000005.sst
[2013/04/24 19:40:24 | 000,000,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000013.log
[2013/04/24 19:40:24 | 000,000,016 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT
[2013/04/18 16:20:11 | 000,000,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK
[2013/04/25 11:44:17 | 000,000,145 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
[2013/04/24 19:13:48 | 000,000,142 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old
[2013/04/24 19:40:24 | 000,000,238 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000012
[2013/03/24 21:18:32 | 000,000,347 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\000005.sst
[2013/03/25 16:39:27 | 000,000,369 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\000008.sst
[2013/04/22 20:45:01 | 000,000,159 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\000031.sst
[2013/04/24 19:40:27 | 000,000,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\000039.log
[2013/04/24 19:40:27 | 000,000,016 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
[2012/11/16 10:34:25 | 000,000,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
[2013/04/25 11:44:17 | 000,000,145 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
[2013/04/24 19:18:04 | 000,000,145 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
[2013/04/24 19:40:27 | 000,000,471 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000038
[2013/04/22 20:44:56 | 000,004,580 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\background.html
[2013/04/22 20:44:56 | 000,006,682 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\change_sink.js
[2013/04/22 20:44:56 | 000,012,288 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\contentscript.js
[2013/04/22 20:44:56 | 000,013,752 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\document_iterator.js
[2013/04/22 20:44:56 | 000,005,122 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\dropdown_menu_icon_set.png
[2013/04/22 20:44:56 | 000,011,057 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\find_proxy.js
[2013/04/22 20:44:56 | 000,033,313 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\flags.gif
[2013/04/22 20:44:56 | 000,004,251 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\get_html_text.js
[2013/04/22 20:44:56 | 000,002,880 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\global_constants.js
[2013/04/22 20:44:56 | 000,000,834 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\manifest.json
[2013/04/22 20:44:56 | 000,002,002 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\name_injection_builder.js
[2013/04/22 20:44:56 | 004,002,976 | ---- | M] (Skype Technologies S.A.) -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
[2013/04/22 20:44:56 | 000,001,024 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_active_icon_set.gif
[2013/04/22 20:44:56 | 000,000,977 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_inactive_icon_set.gif
[2013/04/22 20:44:56 | 000,001,134 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_free_icon_set.gif
[2013/04/22 20:44:56 | 000,010,147 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\number_injection_builder.js
[2013/04/22 20:44:56 | 000,000,740 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype.png
[2013/04/22 20:44:56 | 000,001,876 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype_name_icon_set.gif
[2013/04/22 20:44:56 | 000,000,134 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\space.gif
[2013/04/22 20:44:56 | 000,010,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\string_finder.js
[2013/04/18 16:21:42 | 000,000,525 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndlegeeaeejpodkbnkkofpjpjeigcopp\000003.log
[2013/04/18 16:21:07 | 000,000,016 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndlegeeaeejpodkbnkkofpjpjeigcopp\CURRENT
[2013/04/18 16:21:06 | 000,000,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndlegeeaeejpodkbnkkofpjpjeigcopp\LOCK
[2013/04/18 16:22:08 | 000,000,047 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndlegeeaeejpodkbnkkofpjpjeigcopp\LOG
[2013/04/18 16:21:07 | 000,000,050 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndlegeeaeejpodkbnkkofpjpjeigcopp\MANIFEST-000002
[2013/04/18 16:21:31 | 000,003,072 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage
[2013/04/18 16:21:32 | 000,003,608 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage-journal
[2012/02/19 18:56:23 | 000,003,072 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2012/02/19 12:41:16 | 000,003,072 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage
[2013/04/18 16:22:09 | 000,850,944 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndlegeeaeejpodkbnkkofpjpjeigcopp_0.localstorage
[2013/04/18 16:22:09 | 000,016,384 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndlegeeaeejpodkbnkkofpjpjeigcopp_0.localstorage-journal
[2013/03/25 16:54:17 | 000,004,096 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.yahoo.com_0.localstorage
[2013/03/25 16:54:17 | 000,004,640 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.yahoo.com_0.localstorage-journal
[2013/03/25 16:39:27 | 000,000,379 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\E8TKZ54X\macromedia.com\support\flashplayer\sys\settings.sol
[2010/06/09 12:02:50 | 000,017,408 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/06/09 12:02:50 | 000,019,456 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2013/04/22 21:39:58 | 000,670,656 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000029.sst
[2013/04/24 19:14:00 | 000,657,279 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000032.sst
[2013/04/24 19:40:31 | 000,519,848 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000035.sst
[2013/04/25 11:44:18 | 000,877,843 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000036.log
[2013/04/24 19:40:31 | 000,000,016 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
[2013/03/24 21:19:28 | 000,000,000 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
[2013/04/25 11:44:18 | 000,000,267 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
[2013/04/24 19:14:00 | 000,000,267 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
[2013/04/24 19:40:31 | 000,000,231 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000034
[2011/02/07 21:22:45 | 000,000,000 | -H-- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/02/19 19:01:07 | 000,001,443 | ---- | M] () -- C:\Users\michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\manifest.json

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:FDCBDD8E
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C4FA47B7

< End of report >
  • 0

#18
SweetTech
Posted 30 April 2013 - 01:48 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Your logs are looking better. I still see a few minor ad-ware related things that i'd like to remove:

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

    OTL Fix

    We need to run an OTL Fix

    Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

    [list=1]
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
[2013/04/14 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Solid Savings
[2013/04/14 20:47:36 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Updater26278
[2013/04/14 20:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid Savings
[2012/02/13 16:54:53 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~kDqks0vXgzNbbV
[2012/02/13 16:54:53 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~kDqks0vXgzNbbVr
[2012/02/13 16:54:45 | 000,000,456 | -H-- | C] () -- C:\ProgramData\kDqks0vXgzNbbV
:Reg

:Files
dir /s /a "C:\Users\michael\{85c367fc-3aa0-4ee5-80e0-48accceb0378}" /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#19
Thumperness
Posted 01 May 2013 - 02:07 PM

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Did I miss it, or have you actually told me how to shut down Microsoft security essentials? I can not seem to get it all the way shut off.
  • 0

#20
SweetTech
Posted 01 May 2013 - 03:39 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please try the following to disable Security Essentials.

Locate the Security Essentials icon in your System Tray. Right click it and select Open.

Click the Settings tab > Real-time protection > uncheck box next to Turn on real-time protection (recommended)

Click on the Save changes button.
  • 0

#21
Thumperness
Posted 02 May 2013 - 02:51 PM

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows ™ Vista Home Premium x64
Ran by michael on Thu 05/02/2013 at 16:31:42.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchengineprotection
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{317C33E3-EF69-4F04-858A-4D4A87CBBCEE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{759345B3-AC48-4804-9E40-35C185F07A7A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{759345B3-AC48-4804-9E40-35C185F07A7A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8633B2DC-E7FA-4574-8487-9D6684A7E0AC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamesbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/02/2013 at 16:37:50.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Users\michael\AppData\Local\Solid Savings\Chrome folder moved successfully.
C:\Users\michael\AppData\Local\Solid Savings folder moved successfully.
C:\Users\michael\AppData\Local\Updater26278 folder moved successfully.
C:\Program Files (x86)\Solid Savings folder moved successfully.
C:\ProgramData\~kDqks0vXgzNbbV moved successfully.
C:\ProgramData\~kDqks0vXgzNbbVr moved successfully.
C:\ProgramData\kDqks0vXgzNbbV moved successfully.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Users\michael\{85c367fc-3aa0-4ee5-80e0-48accceb0378}" /c >
Volume in drive C has no label.
Volume Serial Number is 53F0-66DC
Directory of C:\Users\michael\{85c367fc-3aa0-4ee5-80e0-48accceb0378}
04/25/2013 12:18 PM <DIR> .
04/25/2013 12:18 PM <DIR> ..
02/11/2011 06:35 PM 1,991,936 iglhxa64.cpa
1 File(s) 1,991,936 bytes
Total Files Listed:
1 File(s) 1,991,936 bytes
2 Dir(s) 137,775,640,576 bytes free
C:\Users\michael\Desktop\cmd.bat deleted successfully.
C:\Users\michael\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\michael\Desktop\cmd.bat deleted successfully.
C:\Users\michael\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\michael\Desktop\cmd.bat deleted successfully.
C:\Users\michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: michael
->Temp folder emptied: 52353 bytes
->Temporary Internet Files folder emptied: 15309763 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21486 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: michael
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: michael
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05022013_164316

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\michael\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U8VV1T3\page__st__15__p__2290623__fromsearch__1[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#22
SweetTech
Posted 02 May 2013 - 03:06 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    How Malware Spreads - How did I get infected
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#23
Thumperness
Posted 02 May 2013 - 03:29 PM

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thank you ever so much for your help.

I do have one other thread I have started called "Sure seems like a virus" yesterday.

Not much of a title but still need some help if you or anyone else is interested.

Thanx again,

David
  • 0

#24
SweetTech
Posted 03 May 2013 - 04:36 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Not a problem. I'm glad to have been of assistance. I'll keep an eye on that thread and if nobody else picks it up by tomorrow, I'll go ahead and grab it. Got a bit of a busy weekend, and don't want to keep you waiting for a response if somebody else can respond a bit quicker to your replies.

-ST.
  • 0

#25
SweetTech
Posted 03 May 2013 - 04:36 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP