Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows installer wont go away [Solved]


  • This topic is locked This topic is locked

#1
N-isharo

N-isharo

    New Member

  • Member
  • Pip
  • 4 posts
Hello, recently i have been experiencing an issue with my computer. It has been popping up a windows installer screen trying to get me to download a file called trayapps.mis (if im not mistaken) every time it boots my computer. Whenever i try to exit the screen my whole computer will go insane and just freeze up. However in safe mode with networking the problem disappears. This issue revealed itself about the time i returned from my trip. If anyone can help it would be greatly appreciated. Thanks


OTL logfile created on: 8/7/2013 11:02:41 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Noah Ishananto\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.68% Memory free
6.19 Gb Paging File | 5.88 Gb Available in Paging File | 94.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.99 Gb Total Space | 50.54 Gb Free Space | 36.89% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.95 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive E: | 12.06 Gb Total Space | 1.87 Gb Free Space | 15.53% Space Free | Partition Type: NTFS

Computer Name: NOAH-PC | User Name: Noah Ishananto | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/07 11:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noah Ishananto\Documents\Desktop\OTL.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/07/26 15:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/22 22:54:59 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/11 17:49:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/08/07 05:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 23:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/07/31 11:45:12 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2011/04/14 15:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/01/20 07:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/28 08:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/01/01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2003/04/29 04:10:40 | 000,004,448 | ---- | M] (StarForce Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/04/28 03:12:21 | 000,094,464 | ---- | M] (StarForce Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/04/28 02:16:07 | 000,050,816 | ---- | M] (StarForce Technologies, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/04/04 00:41:46 | 000,006,848 | ---- | M] (StarForce Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0554EF6C-95C0-4D8C-9E2F-8CBDAE192B4F}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B06036BF-773D-4B1C-90D6-4A1FF253435E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...2013-07-29&psv=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {256A9609-1518-4E4D-81F9-454D05C1A607}
IE - HKCU\..\SearchScopes\{0554EF6C-95C0-4D8C-9E2F-8CBDAE192B4F}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{256A9609-1518-4E4D-81F9-454D05C1A607}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{79DA5113-D3C1-4DF4-8585-4F79502353AA}: "URL" = http://www.google.co...startPage}&rlz=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-04 17:53:43&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B06036BF-773D-4B1C-90D6-4A1FF253435E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noah Ishananto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Noah Ishananto\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/06/27 09:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/08/07 10:41:10 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...us/default.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.1.0_0\background/registryAccess.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Noah Ishananto\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Google Docs = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: XKit = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnboehlfeemlfpefilcplpcjofkegnn\6.0.5.3_0\
CHR - Extension: Matt W. Moore = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfnkfaeekjcmeadbdcohacjdjdmlmia\3_0\
CHR - Extension: SiteAdvisor = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Skype Click to Call = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130306213445.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Noah Ishananto\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B4173B-7BD8-401E-916D-AB6BBA3C53DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 00:38:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/07 11:02:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Noah Ishananto\Documents\Desktop\OTL.exe
[2013/08/07 11:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/08/05 12:52:20 | 000,000,000 | ---D | C] -- C:\Users\Noah Ishananto\Documents\Desktop\RK_Quarantine
[2013/07/30 11:51:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/30 11:46:44 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Noah Ishananto\Documents\APNSetup1.exe
[2013/07/29 16:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/07/29 16:22:00 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Noah Ishananto\Documents\APNSetup.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/07 11:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noah Ishananto\Documents\Desktop\OTL.exe
[2013/08/07 10:55:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/07 10:49:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/07 10:45:45 | 000,042,902 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/07 10:38:32 | 000,042,902 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/07 10:38:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/07 10:37:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/07 10:37:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/07 10:37:21 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/07 10:34:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/08/07 10:27:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/08/05 13:47:21 | 000,001,356 | ---- | M] () -- C:\Users\Noah Ishananto\AppData\Local\d3d9caps.dat
[2013/08/05 13:06:03 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2475776984-3513248554-1730071061-1000UA.job
[2013/08/05 12:31:46 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/05 12:29:28 | 000,000,000 | ---- | M] () -- C:\Users\Noah Ishananto\defogger_reenable
[2013/07/30 12:04:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 16:06:29 | 000,314,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/29 11:21:01 | 000,000,104 | ---- | M] () -- C:\Users\Noah Ishananto\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2013/07/29 11:14:49 | 000,000,104 | ---- | M] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut (2).lnk
[2013/07/29 11:14:44 | 000,000,104 | ---- | M] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut.lnk
[2013/07/28 22:06:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2475776984-3513248554-1730071061-1000Core.job
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/07 10:27:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/05 12:31:46 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/05 12:29:28 | 000,000,000 | ---- | C] () -- C:\Users\Noah Ishananto\defogger_reenable
[2013/07/30 12:04:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 11:21:01 | 000,000,104 | ---- | C] () -- C:\Users\Noah Ishananto\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2013/07/29 11:14:49 | 000,000,104 | ---- | C] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut (2).lnk
[2013/07/29 11:14:44 | 000,000,104 | ---- | C] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut.lnk
[2013/05/08 15:54:58 | 000,000,862 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Local\recently-used.xbel
[2013/02/08 23:41:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/02/08 20:18:45 | 000,138,056 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Roaming\PnkBstrK.sys
[2012/04/22 14:36:30 | 000,005,120 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 10:53:37 | 000,148,903 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/01/26 10:53:02 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/01/21 09:46:05 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/13 21:29:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/01/13 21:29:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/13 19:46:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/01/13 12:08:51 | 000,042,902 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/01/13 12:08:39 | 000,042,902 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/01/12 21:23:50 | 000,001,356 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Local\d3d9caps.dat
[2012/01/12 20:08:16 | 000,028,190 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Roaming\nvModes.001
[2012/01/12 20:01:35 | 000,028,190 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Roaming\nvModes.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/26 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\.minecraft
[2013/01/12 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Firefly Studios
[2013/04/19 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Home Designer Suite 8.0
[2013/06/21 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Image Zone Express
[2012/11/24 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\ooVoo Details
[2013/01/31 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Printer Info Cache
[2013/01/12 00:15:44 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Screaming Bee
[2012/02/03 20:13:03 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\The Creative Assembly

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/06/12 22:03:10 | 000,000,000 | ---D | M](C:\Windows\System32\????rogramData) -- C:\Windows\System32\簸੺懠૞rogramData
[2012/06/12 22:03:10 | 000,000,000 | ---D | C](C:\Windows\System32\????rogramData) -- C:\Windows\System32\簸੺懠૞rogramData

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by N-isharo, 07 August 2013 - 12:23 PM.

  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

Step 1

The first step is to get an OTL log by doing the following. Then we can begin disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir C:\ /S /A:L /C
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 3

Simple question for you - does your computer run fine if you don't try to close the installer screen?

Things to see in your next post:
OTL.txt
Extras.txt
aswMBR log
answer to simple question

  • 0

#3
N-isharo

N-isharo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the OTL txt
OTL logfile created on: 8/7/2013 2:54:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Noah Ishananto\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.38% Memory free
6.19 Gb Paging File | 5.79 Gb Available in Paging File | 93.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.99 Gb Total Space | 50.22 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.95 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive E: | 12.06 Gb Total Space | 1.87 Gb Free Space | 15.53% Space Free | Partition Type: NTFS

Computer Name: NOAH-PC | User Name: Noah Ishananto | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/07 11:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noah Ishananto\Documents\Desktop\OTL.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/07/26 15:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/22 22:54:59 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/11 17:49:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/08/07 05:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 23:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/07/31 11:45:12 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2011/04/14 15:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/01/20 07:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/28 08:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/01/01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2003/04/29 04:10:40 | 000,004,448 | ---- | M] (StarForce Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/04/28 03:12:21 | 000,094,464 | ---- | M] (StarForce Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/04/28 02:16:07 | 000,050,816 | ---- | M] (StarForce Technologies, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/04/04 00:41:46 | 000,006,848 | ---- | M] (StarForce Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0554EF6C-95C0-4D8C-9E2F-8CBDAE192B4F}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B06036BF-773D-4B1C-90D6-4A1FF253435E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...2013-07-29&psv=
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\SearchScopes,DefaultScope = {256A9609-1518-4E4D-81F9-454D05C1A607}
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\SearchScopes\{0554EF6C-95C0-4D8C-9E2F-8CBDAE192B4F}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\SearchScopes\{256A9609-1518-4E4D-81F9-454D05C1A607}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\SearchScopes\{79DA5113-D3C1-4DF4-8585-4F79502353AA}: "URL" = http://www.google.co...startPage}&rlz=
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-04 17:53:43&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\SearchScopes\{B06036BF-773D-4B1C-90D6-4A1FF253435E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noah Ishananto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Noah Ishananto\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/06/27 09:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/08/07 10:41:10 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...us/default.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.1.0_0\background/registryAccess.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Noah Ishananto\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Google Docs = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: XKit = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnboehlfeemlfpefilcplpcjofkegnn\6.0.5.3_0\
CHR - Extension: Matt W. Moore = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfnkfaeekjcmeadbdcohacjdjdmlmia\3_0\
CHR - Extension: SiteAdvisor = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Skype Click to Call = C:\Users\Noah Ishananto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130306213445.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000..\Run: [Facebook Update] C:\Users\Noah Ishananto\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2475776984-3513248554-1730071061-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B4173B-7BD8-401E-916D-AB6BBA3C53DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 00:38:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/08/07 11:02:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Noah Ishananto\Documents\Desktop\OTL.exe
[2013/08/07 11:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/08/05 12:52:20 | 000,000,000 | ---D | C] -- C:\Users\Noah Ishananto\Documents\Desktop\RK_Quarantine
[2013/07/30 11:51:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/30 11:46:44 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Noah Ishananto\Documents\APNSetup1.exe
[2013/07/29 16:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/07/29 16:22:00 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Noah Ishananto\Documents\APNSetup.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/07 13:11:33 | 000,001,356 | ---- | M] () -- C:\Users\Noah Ishananto\AppData\Local\d3d9caps.dat
[2013/08/07 11:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noah Ishananto\Documents\Desktop\OTL.exe
[2013/08/07 10:55:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/07 10:49:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/07 10:45:45 | 000,042,902 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/07 10:38:32 | 000,042,902 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/07 10:38:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/07 10:37:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/07 10:37:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/07 10:37:21 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/07 10:34:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/08/07 10:27:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/08/05 13:06:03 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2475776984-3513248554-1730071061-1000UA.job
[2013/08/05 12:31:46 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/05 12:29:28 | 000,000,000 | ---- | M] () -- C:\Users\Noah Ishananto\defogger_reenable
[2013/07/30 12:04:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 16:06:29 | 000,314,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/29 11:21:01 | 000,000,104 | ---- | M] () -- C:\Users\Noah Ishananto\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2013/07/29 11:14:49 | 000,000,104 | ---- | M] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut (2).lnk
[2013/07/29 11:14:44 | 000,000,104 | ---- | M] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut.lnk
[2013/07/28 22:06:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2475776984-3513248554-1730071061-1000Core.job
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/07 10:27:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/05 12:31:46 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/05 12:29:28 | 000,000,000 | ---- | C] () -- C:\Users\Noah Ishananto\defogger_reenable
[2013/07/30 12:04:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 11:21:01 | 000,000,104 | ---- | C] () -- C:\Users\Noah Ishananto\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2013/07/29 11:14:49 | 000,000,104 | ---- | C] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut (2).lnk
[2013/07/29 11:14:44 | 000,000,104 | ---- | C] () -- C:\Users\Noah Ishananto\Documents\Desktop\Internet - Shortcut.lnk
[2013/05/08 15:54:58 | 000,000,862 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Local\recently-used.xbel
[2013/02/08 23:41:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/02/08 20:18:45 | 000,138,056 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Roaming\PnkBstrK.sys
[2012/04/22 14:36:30 | 000,005,120 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 10:53:37 | 000,148,903 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/01/26 10:53:02 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/01/21 09:46:05 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/13 21:29:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/01/13 21:29:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/13 19:46:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/01/13 12:08:51 | 000,042,902 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/01/13 12:08:39 | 000,042,902 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/01/12 21:23:50 | 000,001,356 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Local\d3d9caps.dat
[2012/01/12 20:08:16 | 000,028,190 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Roaming\nvModes.001
[2012/01/12 20:01:35 | 000,028,190 | ---- | C] () -- C:\Users\Noah Ishananto\AppData\Roaming\nvModes.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/26 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\.minecraft
[2013/01/12 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Firefly Studios
[2013/04/19 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Home Designer Suite 8.0
[2013/06/21 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Image Zone Express
[2012/11/24 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\ooVoo Details
[2013/01/31 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Printer Info Cache
[2013/01/12 00:15:44 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\Screaming Bee
[2012/02/03 20:13:03 | 000,000,000 | ---D | M] -- C:\Users\Noah Ishananto\AppData\Roaming\The Creative Assembly

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 02:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 00:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 00:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 00:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2013/04/23 21:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 00:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/10 23:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 00:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/10 23:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/10 23:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 00:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 00:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2008/01/19 00:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 00:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 00:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/10 23:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 07:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/10 23:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 00:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/10 23:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 00:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 09:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/10 23:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 11:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/10 23:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/10 23:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 00:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/10 23:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/10 23:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/10 23:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2012/01/13 13:03:51 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2012/01/13 12:58:21 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/01/13 12:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/01/13 12:52:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012/01/13 12:52:26 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2012/01/13 13:04:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2012/01/13 13:04:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/01/13 12:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/05/10 00:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/19 00:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 02:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2012/01/13 17:02:46 | 000,001,688 | ---- | M] () MD5=2D1E0CE3E4A831432AD29BE9A8E1DD23 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/01/13 17:02:46 | 000,001,688 | ---- | M] () MD5=2D1E0CE3E4A831432AD29BE9A8E1DD23 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 05:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006/11/02 05:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\System32\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2006/11/02 05:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\WINDOWS\System32\en-US\wshelper.dll.mui
[2006/11/02 05:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_en-us_aba6a9ba9bd9dfc2\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/11/02 06:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 06:01:49 | 000,032,528 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/25 13:57:43 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/05/25 13:57:44 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 10:18:16 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/12/01 16:44:14 | 000,000,942 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2475776984-3513248554-1730071061-1000Core.job
[2012/12/01 16:44:15 | 000,000,964 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2475776984-3513248554-1730071061-1000UA.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is D416-CE4D
Directory of C:\
01/12/2012 04:04 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
01/12/2012 04:04 PM <JUNCTION> Application Data [C:\ProgramData]
01/12/2012 04:04 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
01/12/2012 04:04 PM <JUNCTION> Documents [C:\Users\Public\Documents]
01/12/2012 04:04 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
01/12/2012 04:04 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
01/12/2012 04:04 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
01/12/2012 04:04 PM <SYMLINKD> All Users [C:\ProgramData]
01/12/2012 04:04 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
01/12/2012 04:04 PM <JUNCTION> Application Data [C:\ProgramData]
01/12/2012 04:04 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
01/12/2012 04:04 PM <JUNCTION> Documents [C:\Users\Public\Documents]
01/12/2012 04:04 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
01/12/2012 04:04 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
01/12/2012 04:04 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
01/12/2012 04:04 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
01/12/2012 04:04 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
01/12/2012 04:04 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
01/12/2012 04:04 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
01/12/2012 04:04 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/12/2012 04:04 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/12/2012 04:04 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
01/12/2012 04:04 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
01/12/2012 04:04 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
01/12/2012 04:04 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
01/12/2012 04:04 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
01/12/2012 04:04 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
01/12/2012 04:04 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
01/12/2012 04:04 PM <JUNCTION> My Music [C:\Users\Default\Music]
01/12/2012 04:04 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
01/12/2012 04:04 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
05/12/2012 09:48 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
05/12/2012 09:48 AM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
05/12/2012 09:48 AM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
05/12/2012 09:48 AM <JUNCTION> My Documents [C:\Users\Guest\Documents]
05/12/2012 09:48 AM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/12/2012 09:48 AM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/12/2012 09:48 AM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
05/12/2012 09:48 AM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
05/12/2012 09:48 AM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
05/12/2012 09:48 AM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
05/12/2012 09:48 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
05/12/2012 09:48 AM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
05/12/2012 09:48 AM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
05/12/2012 09:48 AM <JUNCTION> My Music [C:\Users\Guest\Music]
05/12/2012 09:48 AM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
05/12/2012 09:48 AM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mama
03/13/2012 07:05 PM <JUNCTION> Application Data [C:\Users\Mama\AppData\Roaming]
03/13/2012 07:05 PM <JUNCTION> Cookies [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Cookies]
03/13/2012 07:05 PM <JUNCTION> Local Settings [C:\Users\Mama\AppData\Local]
03/13/2012 07:05 PM <JUNCTION> My Documents [C:\Users\Mama\Documents]
03/13/2012 07:05 PM <JUNCTION> NetHood [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/13/2012 07:05 PM <JUNCTION> PrintHood [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/13/2012 07:05 PM <JUNCTION> Recent [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Recent]
03/13/2012 07:05 PM <JUNCTION> SendTo [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\SendTo]
03/13/2012 07:05 PM <JUNCTION> Start Menu [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu]
03/13/2012 07:05 PM <JUNCTION> Templates [C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mama\AppData\Local
03/13/2012 07:05 PM <JUNCTION> Application Data [C:\Users\Mama\AppData\Local]
03/13/2012 07:05 PM <JUNCTION> History [C:\Users\Mama\AppData\Local\Microsoft\Windows\History]
03/13/2012 07:05 PM <JUNCTION> Temporary Internet Files [C:\Users\Mama\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mama\Documents
03/13/2012 07:05 PM <JUNCTION> My Music [C:\Users\Mama\Music]
03/13/2012 07:05 PM <JUNCTION> My Pictures [C:\Users\Mama\Pictures]
03/13/2012 07:05 PM <JUNCTION> My Videos [C:\Users\Mama\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Noah Ishananto
01/12/2012 04:07 PM <JUNCTION> Application Data [C:\Users\Noah Ishananto\AppData\Roaming]
01/12/2012 04:07 PM <JUNCTION> Cookies [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\Cookies]
01/12/2012 04:07 PM <JUNCTION> Local Settings [C:\Users\Noah Ishananto\AppData\Local]
01/12/2012 04:07 PM <JUNCTION> My Documents [C:\Users\Noah Ishananto\Documents]
01/12/2012 04:07 PM <JUNCTION> NetHood [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/12/2012 04:07 PM <JUNCTION> PrintHood [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/12/2012 04:07 PM <JUNCTION> Recent [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\Recent]
01/12/2012 04:07 PM <JUNCTION> SendTo [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\SendTo]
01/12/2012 04:07 PM <JUNCTION> Start Menu [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\Start Menu]
01/12/2012 04:07 PM <JUNCTION> Templates [C:\Users\Noah Ishananto\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Noah Ishananto\AppData\Local
01/12/2012 04:07 PM <JUNCTION> Application Data [C:\Users\Noah Ishananto\AppData\Local]
01/12/2012 04:07 PM <JUNCTION> History [C:\Users\Noah Ishananto\AppData\Local\Microsoft\Windows\History]
01/12/2012 04:07 PM <JUNCTION> Temporary Internet Files [C:\Users\Noah Ishananto\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Noah Ishananto\Documents
01/12/2012 04:07 PM <JUNCTION> My Music [C:\Users\Noah Ishananto\Music]
01/12/2012 04:07 PM <JUNCTION> My Pictures [C:\Users\Noah Ishananto\Pictures]
01/12/2012 04:07 PM <JUNCTION> My Videos [C:\Users\Noah Ishananto\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
01/12/2012 04:04 PM <JUNCTION> My Music [C:\Users\Public\Music]
01/12/2012 04:04 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
01/12/2012 04:04 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile
02/24/2012 09:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/24/2012 09:20 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/24/2012 09:20 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/24/2012 09:20 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/24/2012 09:20 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/24/2012 09:20 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/24/2012 09:20 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/24/2012 09:20 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/24/2012 09:20 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/24/2012 09:20 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\AppData\Local
02/24/2012 09:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/24/2012 09:20 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/24/2012 09:20 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\Documents
02/24/2012 09:20 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02/24/2012 09:20 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/24/2012 09:20 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
98 Dir(s) 53,927,837,696 bytes free

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: NOAH-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 C OS NTFS Partition 137 GB Healthy System
Volume 2 E HP_RECOVERY NTFS Partition 12 GB Healthy
Volume 3 D DATA NTFS Partition 149 GB Healthy

========== Files - Unicode (All) ==========
[2012/06/12 22:03:10 | 000,000,000 | ---D | M](C:\Windows\System32\????rogramData) -- C:\Windows\System32\簸੺懠૞rogramData
[2012/06/12 22:03:10 | 000,000,000 | ---D | C](C:\Windows\System32\????rogramData) -- C:\Windows\System32\簸੺懠૞rogramData

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Answer log
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-07 15:36:12
-----------------------------
15:36:12.929 OS Version: Windows 6.0.6002 Service Pack 2
15:36:12.929 Number of processors: 2 586 0xF0D
15:36:12.929 ComputerName: NOAH-PC UserName:
15:36:13.787 Initialize success
15:41:57.374 AVAST engine defs: 13080701
15:42:50.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:42:50.941 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:42:50.941 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
15:42:50.941 Disk 1 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:42:51.081 Disk 0 MBR read successfully
15:42:51.081 Disk 0 MBR scan
15:42:51.081 Disk 0 unknown MBR code
15:42:51.097 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140278 MB offset 63
15:42:51.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12346 MB offset 287290395
15:42:51.159 Disk 0 scanning sectors +312576705
15:42:51.222 Disk 0 scanning C:\Windows\system32\drivers
15:43:03.686 Service scanning
15:43:29.254 Modules scanning
15:43:33.591 Disk 0 trace - called modules:
15:43:33.607 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll prosync1.sys iaStor.sys
15:43:33.622 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86626590]
15:43:33.622 3 CLASSPNP.SYS[8b1e48b3] -> nt!IofCallDriver -> [0x85b35790]
15:43:33.638 5 acpi.sys[8a89f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b29030]
15:43:35.338 AVAST engine scan C:\Windows
15:43:37.819 AVAST engine scan C:\Windows\system32
15:47:14.581 AVAST engine scan C:\Windows\system32\drivers
15:47:29.198 AVAST engine scan C:\Users\Noah Ishananto
15:52:43.975 AVAST engine scan C:\ProgramData
15:55:19.663 Scan finished successfully
15:56:26.852 Disk 0 MBR has been saved successfully to "C:\Users\Noah Ishananto\Documents\Desktop\MBR.dat"
15:56:26.883 The log file has been saved successfully to "C:\Users\Noah Ishananto\Documents\Desktop\aswMBR.txt"

and for the simple question: It still freezes if i try to open any programs with the install page open.
  • 0

#4
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi N-isharo. I finished analyzing your OTL log today. It looks clean except for two entries. Also your aswMBR log looks clean. Can you take a picture of the windows installer screen for me to see? In the mean time I am going to consult a colleague about what to do next. I should get back to you tomorrow.
  • 0

#5
N-isharo

N-isharo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Crag it is possible however, i have to go out of town this weekend would it be possible to continue this on monday the following week

Edited by N-isharo, 09 August 2013 - 01:13 AM.

  • 0

#6
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Yes that would be fine. Also please try running this and see if it fixes your problem:
http://support.micro...l_and_Uninstall
  • 0

#7
N-isharo

N-isharo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I tried the link and it seems to have fixed the problem. Thank you for your help with this issue.
  • 0

#8
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Now that we're done here is my final speech with important information on keeping your computer free of malware infections. I would recommend uninstalling Java if you don't use it since it can have security holes. Also upgrade your pdf reader since it is a common source of security holes which can cause inection.

Posted Image Please follow these steps to remove older versions of Java components and upgrade the application or just remove it without upgrading (recommended).

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • The next steps are only if you want to install Java (not recommended unless you need it)
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Upgrading Adobe Reader:
  • For XP: Go to Start Menu --> Control Panel --> Add or Remove Programs
  • For Vista/7: Go to Start Menu --> Control Panel --> Programs and Features
  • Scroll to and select the Adobe Reader entry
  • Click Remove or Uninstall
  • Follow the instructions
  • Go to this site: http://get.adobe.com/reader/ or http://www.foxitsoft...ure_PDF_Reader/ for Foxit Reader (I prefer Foxit - it is less targeted by malware and allows pdf form editing)
  • Download and install the newest Adobe Reader (or Foxit)

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#9
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP