Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Insane amount of pop ups and advertisements [Closed]

Started by Jrt2006 , Dec 11 2013 07:58 PM

This topic is locked

#1
Jrt2006

Posted 11 December 2013 - 07:58 PM

Member

Member
42 posts

Hello Geeks to Go,

I've got my girlfriends computer here and there seems to be something sick taking over it. When opening the browser, I get an insane amount of pop ups, and every webpage is full of advertisements, to the point you cant even view the content you were looking for. When clicking on known links, or selecting drop down boxes, a new pop up exists. I've read another thread and noticed I have the ScorpionSaver install on the system as well but can not uninstall it. It says the directy for the file to install could not be found?

To rid the computer of this, I've only used what was available on her computer, CCleaner and MalwareBytes to no avail.

Please Help!

OTL logfile created on: 12/11/2013 7:52:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ersarem\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 51.73% Memory free
5.49 Gb Paging File | 4.15 Gb Available in Paging File | 75.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.34 Gb Total Space | 217.53 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.93 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: CDS-20015 | User Name: ersarem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/12/11 19:35:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ersarem\Downloads\OTL.exe
PRC - [2013/11/17 11:56:15 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/15 10:26:03 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/17 15:05:20 | 001,410,560 | -HS- | M] (Freidea Solution) -- C:\Program Files\Best Free Keylogger\syscres.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/01 18:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/30 12:54:48 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/15 13:54:46 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2010/12/15 13:54:44 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2010/12/15 13:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/11/09 12:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/09/25 03:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 03:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/25 03:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 03:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/25 17:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2009/03/25 17:05:16 | 000,710,480 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/11/17 11:56:02 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/15 10:26:01 | 016,237,448 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/10/14 18:28:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 18:27:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/04 21:26:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/25 17:13:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/08 15:50:44 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/09/08 14:25:33 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/09/08 14:25:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/09/08 14:25:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/09/08 14:24:50 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/08 14:24:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/08 14:23:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/22 02:41:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/26 16:21:59 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/12/15 13:55:28 | 000,120,128 | ---- | M] () -- C:\Program Files\Sprint\Sprint SmartView\Pac.dll
MOD - [2010/12/15 13:54:56 | 000,070,976 | ---- | M] () -- C:\Program Files\Sprint\Sprint SmartView\Eap.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/18 13:58:58 | 000,904,704 | -HS- | M] () -- C:\Program Files\Best Free Keylogger\System.Data.SQLite.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013/11/26 09:07:09 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/17 11:56:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/18 16:40:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/15 13:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/12/15 13:54:30 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/11/09 12:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/25 03:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/25 17:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2013/10/28 01:12:12 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/10/28 01:12:12 | 000,087,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/12/15 13:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/15 13:38:10 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 13:35:56 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/26 19:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/03/26 19:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/11/11 21:59:00 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/02/23 15:55:34 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2008/05/29 13:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {B32C9E9C-0124-4F0F-A52A-D24B365C2ED8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = ${SEARCH_URL}{searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 03 5E 79 DB 0A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B32C9E9C-0124-4F0F-A52A-D24B365C2ED8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B32C9E9C-0124-4F0F-A52A-D24B365C2ED8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN33616430583141195&UM=2
IE - HKCU\..\SearchScopes\{F682F763-7825-4A07-B436-8299FC3BAD1B}: "URL" = http://isearch.avg.com/search?cid={1858FD46-4481-4DC7-B305-0152EBD30E88}&mid=6ca5dc8cb27647d0b389a9aaf3a301ab-7bc49c6e900ba0edbfe1386d418d0750b392f241&lang=en&ds=ft011&pr=sa&d=2012-04-01 21:34:06&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..CT3306058.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN98424756131794286&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..extensions.enabledAddons: nkcmbjnayi%40nkcmbjnayi.org:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI=UN98424756131794286&UM=2&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 14:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 11:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/02 12:30:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 11:57:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/02 12:30:18 | 000,000,000 | ---D | M]
 
[2011/10/25 11:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ersarem\AppData\Roaming\mozilla\Extensions
[2013/12/11 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions
[2013/11/24 22:49:44 | 000,000,000 | ---D | M] (Connect DLC 2) -- C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2013/11/17 12:45:58 | 000,000,000 | ---D | M] (Deal Slider) -- C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}
[2013/11/17 12:42:03 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\ersarem\AppData\Roaming\mozilla\firefox\profiles\yacvure5.default\extensions\[email protected]
[2013/11/17 08:22:34 | 000,001,003 | ---- | M] () -- C:\Users\ersarem\AppData\Roaming\mozilla\firefox\profiles\yacvure5.default\searchplugins\conduit.xml
[2013/03/19 20:05:08 | 000,002,090 | ---- | M] () -- C:\Users\ersarem\AppData\Roaming\mozilla\firefox\profiles\yacvure5.default\searchplugins\Searchou.xml
[2013/11/17 13:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 11:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/17 11:56:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2013/05/27 19:08:48 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
 
O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [syscres] C:\Program Files\Best Free Keylogger\syscres.exe (Freidea Solution)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\ersarem\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://10.6.1.254:4433/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab (GMNRev Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cds.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B17CDD-B52C-446F-B425-435C89B27155}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC71DCDE-BD28-472F-B944-8F259AEA64BD}: DhcpNameServer = 192.168.200.7 192.168.220.6 172.25.1.140
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/12/11 18:58:54 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\NPE
[2013/12/11 18:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/09 09:30:26 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\SearchProtect
[2013/12/03 17:00:20 | 000,000,000 | ---D | C] -- C:\Users\ersarem\.android
[2013/12/03 17:00:12 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Roaming\mgyun
[2013/12/03 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/12/03 16:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/11/25 11:20:38 | 000,000,000 | ---D | C] -- C:\Users\ersarem\Desktop\Tattoos
[2013/11/20 01:23:12 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\ESN
[2013/11/20 01:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2013/11/17 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/17 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/17 13:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/17 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\BenchUpdater
[2013/11/17 12:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bench
[2013/11/17 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\Freidea_Solution
[2013/11/17 08:24:12 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/17 08:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/17 08:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/17 08:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/11/17 08:22:34 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Roaming\SearchProtect
[2013/11/17 08:22:00 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\Programs
[2013/11/15 11:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/15 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\Macromedia
[2013/11/15 10:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/11/15 10:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/12/11 19:33:18 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 19:33:18 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 19:32:12 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/11 19:32:12 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/11 19:26:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/11 19:26:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/12/11 19:25:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/11 19:25:50 | 000,001,176 | ---- | M] () -- C:\ProgramData\SMRResults410.dat
[2013/12/11 19:25:46 | 2211,889,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/09 21:48:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2013/12/09 20:55:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\bench-S-1-5-21-3071392266-753195108-3516867006-1289.job
[2013/12/09 15:47:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/03 17:05:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/11/26 09:07:12 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/25 11:20:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/17 08:24:08 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/15 10:23:30 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/12/11 19:25:41 | 000,001,176 | ---- | C] () -- C:\ProgramData\SMRResults410.dat
[2013/12/03 17:05:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/11/26 09:07:12 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/17 12:45:46 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\bench-S-1-5-21-3071392266-753195108-3516867006-1289.job
[2013/11/17 12:45:44 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\bench-sys.job
[2013/11/15 10:23:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/15 10:23:30 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2011/10/25 10:29:30 | 000,000,488 | RHS- | C] () -- C:\Users\ersarem\ntuser.pol
[2011/09/26 16:13:14 | 000,003,204 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/12/02 13:46:25 | 000,000,000 | -HSD | M] -- C:\Users\ersarem\AppData\Roaming\8076CC
[2012/12/02 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Anmoc
[2013/11/17 12:42:04 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Ebdem
[2011/10/25 15:51:58 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\ICAClient
[2012/11/24 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Maus
[2013/12/03 17:01:19 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\mgyun
[2011/12/21 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\PrimoPDF
[2012/11/24 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Qeef
[2013/12/09 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\SearchProtect
[2012/12/02 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Vaicix
[2012/12/02 13:43:43 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Yftu
[2012/12/02 13:46:16 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Ygynz
[2012/11/24 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\ersarem\AppData\Roaming\Ylbiwe
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

#2
Valinorum

Posted 12 December 2013 - 04:21 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi Jrt2006,

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
Please do not install any new software while we are working on this system as it may hinder our process.
Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
Please do not try to fix anything without being ask.
Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
If you are confused about any instruction stop and ask. Do not keep on going.
Do not repeat the steps if you face any problems.
I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face.

Do not put the logs inside code/quote boxes as they make it difficult to interpret. That being said, post the Extras.txt generated by OTL.exe on its first run located in C:\Users\ersarem\Downloads.

Step #1 Scan with Security Check
- Download Security Check by screen317 to your Desktop from any of the following location;
- Link 1
- Link 2
Right click on the program and choose Run as Administrator;
After the checking a log will appear;
Copy and Paste the content of the log in your next reply.

Required Log(s):
Extras.txt;
Security Check Log

Regards,
Valinorum

#3
Jrt2006

Posted 12 December 2013 - 02:44 PM

Member

Topic Starter
Member
42 posts

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader XI
Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
ESET NOD32 Antivirus egui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

#4
Valinorum

Posted 13 December 2013 - 10:15 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi Jrt2006,

Step #2 Fix with AdwCleaner
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Step #3 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link
Disable your anti-virus to avoid potential conflicts. For more information please acknowlegde yourself this article;
Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
Please be patient as the tool cleans your system;
After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
Copy and Paste the contents of the log in your next reply.

Step #4 Scan with OTL
- Re-run OTL
- Copy and Paste the following code inside the Custom Scans/Fixes box;
```
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
```
- From the Extra Registry list put a check mark on Use Safe List;
- Click the Run Scan button;
- After the scan two logs will be produced;
- OTL.txt
- Extras.txt
Copy and paste the content of the logs in your next reply

Required Log(s):
AdwCleaner Log;
Junkware Removal Tool Log;
OTL Log(s)--
OTL.txt;
Extras.txt

[/list]
Regards,
Valinorum

#5
Jrt2006

Posted 13 December 2013 - 12:05 PM

Member

Topic Starter
Member
42 posts

# AdwCleaner v3.015 - Report created 13/12/2013 at 11:23:23
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : ersarem - CDS-20015
# Running from : C:\Users\ersarem\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Bench
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Users\ersarem\AppData\Local\Conduit
Folder Deleted : C:\Users\ersarem\AppData\Local\Searchprotect
Folder Deleted : C:\Users\ersarem\AppData\Local\torch
Folder Deleted : C:\Users\ersarem\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ersarem\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\ersarem\AppData\Roaming\Mozilla\Firefox\Profiles\yacvure5.default\CT3306058
Folder Deleted : C:\Users\ersarem\AppData\Roaming\Mozilla\Firefox\Profiles\yacvure5.default\Extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
File Deleted : C:\END
File Deleted : C:\Users\ersarem\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\ersarem\AppData\Roaming\Mozilla\Firefox\Profiles\yacvure5.default\searchplugins\Conduit.xml
File Deleted : C:\Users\ersarem\AppData\Roaming\Mozilla\Firefox\Profiles\yacvure5.default\searchplugins\Searchou.xml
File Deleted : C:\Users\ersarem\AppData\Roaming\Mozilla\Firefox\Profiles\yacvure5.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EDB1728-701C-43FD-A660-E25485A657AD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EDB1728-701C-43FD-A660-E25485A657AD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306058
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\CDS\AppData\Roaming\Mozilla\Firefox\Profiles\wjccqdk2.default\prefs.js ]

[ File : C:\Users\ersarem\AppData\Roaming\Mozilla\Firefox\Profiles\yacvure5.default\prefs.js ]

Line Deleted : user_pref("CT3306058.FF19Solved", "true");
Line Deleted : user_pref("CT3306058.UserID", "UN98424756131794286");
Line Deleted : user_pref("CT3306058.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306058.fullUserID", "UN98424756131794286.IN.20131117082221");
Line Deleted : user_pref("CT3306058.installDate", "17/11/2013 08:22:31");
Line Deleted : user_pref("CT3306058.installSessionId", "{A4D8A2B8-6B3F-4D7E-830F-04FA8A8C3804}");
Line Deleted : user_pref("CT3306058.installSp", "TRUE");
Line Deleted : user_pref("CT3306058.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306058.keyword", "true");
Line Deleted : user_pref("CT3306058.originalHomepage", "hxxp://isearch.avg.com/?cid={1858FD46-4481-4DC7-B305-0152EBD30E88}&mid=6ca5dc8cb27647d0b389a9aaf3a301ab-7bc49c6e900ba0edbfe1386d418d0750b392f241&lang=en&ds=ft0[...]
Line Deleted : user_pref("CT3306058.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306058.originalSearchEngine", "AVG Secure Search");
Line Deleted : user_pref("CT3306058.originalSearchEngineName", "AVG Secure Search");
Line Deleted : user_pref("CT3306058.searchRevert", "true");
Line Deleted : user_pref("CT3306058.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306058.searchUserMode", "2");
Line Deleted : user_pref("CT3306058.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306058.toolbarInstallDate", "17-11-2013 08:22:22");
Line Deleted : user_pref("CT3306058.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3306058.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306058&octid=CT3306058&SearchSource=61&CUI=UN98424756131794286&UM=2&UP=SP7EAD76F1-12F4-48AD-805C-D41B3515DD90");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN98424756131794286&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI=UN98424756131794286&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306058");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306058&CUI=UN98424756131794286&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306058&octid=CT3306058&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI=UN98424756131794286&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306058");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306058");
Line Deleted : user_pref("smartbar.machineId", "4LUEO9LMDMS4SV6X4EAGTUZRNQHUYUGMYIQNZTMJ6FEB+7QMPWGJ+WMNJ7T1NXMFEP9/RG8KFUCG1RV00UTUQA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306058&CUI=UN98424756131794286&UM=2&SearchSource=13");

[ File : C:\Users\Dwages\AppData\Roaming\Mozilla\Firefox\Profiles\6y3uenl5.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [9889 octets] - [13/12/2013 11:21:00]
AdwCleaner[S0].txt - [9941 octets] - [13/12/2013 11:23:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10001 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by ersarem on Fri 12/13/2013 at 11:34:00.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B32C9E9C-0124-4F0F-A52A-D24B365C2ED8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F682F763-7825-4A07-B436-8299FC3BAD1B}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\ersarem\AppData\Roaming\mozilla\firefox\profiles\yacvure5.default\extensions\[email protected] [Tracur]
Successfully deleted the following from C:\Users\ersarem\AppData\Roaming\mozilla\firefox\profiles\yacvure5.default\prefs.js

user_pref("browser.search.defaultengine", "Privitize VPN");
user_pref("browser.search.order.1", "Privitize VPN");
Emptied folder: C:\Users\ersarem\AppData\Roaming\mozilla\firefox\profiles\yacvure5.default\minidumps [9 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/13/2013 at 11:35:47.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 12/13/2013 11:37:52 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ersarem\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 61.35% Memory free
5.49 Gb Paging File | 4.39 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.34 Gb Total Space | 215.80 Gb Free Space | 78.95% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.93 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32

Computer Name: CDS-20015 | User Name: ersarem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/11 19:35:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ersarem\Downloads\OTL.exe
PRC - [2013/11/17 11:56:15 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/15 10:26:03 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/17 15:05:20 | 001,410,560 | -HS- | M] (Freidea Solution) -- C:\Program Files\Best Free Keylogger\syscres.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/01 18:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/30 12:54:48 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/15 13:54:46 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2010/12/15 13:54:44 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2010/12/15 13:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/11/09 12:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/09/25 03:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 03:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/25 03:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 03:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/25 17:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2009/03/25 17:05:16 | 000,710,480 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/17 11:56:02 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/15 10:26:01 | 016,237,448 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/10/14 18:28:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 18:27:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/04 21:26:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/25 17:13:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/08 15:50:44 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/09/08 14:25:33 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/09/08 14:25:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/09/08 14:25:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/09/08 14:24:50 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/08 14:24:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/08 14:23:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/22 02:41:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/26 16:21:59 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/12/15 13:55:28 | 000,120,128 | ---- | M] () -- C:\Program Files\Sprint\Sprint SmartView\Pac.dll
MOD - [2010/12/15 13:54:56 | 000,070,976 | ---- | M] () -- C:\Program Files\Sprint\Sprint SmartView\Eap.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/18 13:58:58 | 000,904,704 | -HS- | M] () -- C:\Program Files\Best Free Keylogger\System.Data.SQLite.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

========== Services (SafeList) ==========

SRV - [2013/11/26 02:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/17 11:56:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/18 16:40:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/15 13:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/12/15 13:54:30 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/11/09 12:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/25 03:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/25 17:05:18 | 000,304,976 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)

========== Driver Services (SafeList) ==========

DRV - [2013/10/28 01:12:12 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/10/28 01:12:12 | 000,087,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/12/15 13:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/15 13:38:10 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 13:35:56 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/26 19:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/03/26 19:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/11/11 21:59:00 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/02/23 15:55:34 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2008/05/29 13:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 03 5E 79 DB 0A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 14:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 11:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/02 12:30:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 11:57:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/02 12:30:18 | 000,000,000 | ---D | M]

[2011/10/25 11:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ersarem\AppData\Roaming\mozilla\Extensions
[2013/12/13 11:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions
[2013/11/17 12:45:58 | 000,000,000 | ---D | M] (Deal Slider) -- C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}
[2013/11/17 13:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 11:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/17 11:56:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [syscres] C:\Program Files\Best Free Keylogger\syscres.exe (Freidea Solution)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\ersarem\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://10.6.1.254:4433/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect1263.cab (GMNRev Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cds.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B17CDD-B52C-446F-B425-435C89B27155}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC71DCDE-BD28-472F-B944-8F259AEA64BD}: DhcpNameServer = 192.168.200.7 192.168.220.6 172.25.1.140
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/13 11:33:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/13 11:20:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/12 14:41:55 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 14:41:55 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/12 14:41:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 14:41:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/12 14:41:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 14:41:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/12 14:41:52 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/12 14:41:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/12 14:41:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/12 14:41:51 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 14:41:51 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/12 14:41:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/12 14:41:49 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 14:41:47 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 14:36:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/11 18:58:54 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\NPE
[2013/12/11 18:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/11 17:58:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/11 17:58:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/11 17:58:06 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 17:58:05 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 17:58:04 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 17:58:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/03 17:00:20 | 000,000,000 | ---D | C] -- C:\Users\ersarem\.android
[2013/12/03 17:00:12 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Roaming\mgyun
[2013/12/03 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/12/03 16:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/11/26 09:07:17 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/26 09:07:17 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/26 09:07:15 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/26 09:07:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/26 09:07:14 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/26 09:07:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/26 09:07:13 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/26 09:07:13 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/26 09:07:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/26 09:07:13 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/26 09:07:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/26 09:07:12 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/26 09:07:12 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/26 09:07:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/26 09:07:11 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/26 09:07:11 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/26 09:07:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/26 09:07:11 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/26 09:07:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/26 09:07:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/26 09:07:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/26 09:07:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/26 09:07:08 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/26 09:07:08 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/26 09:07:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/26 09:07:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/26 09:07:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/26 09:07:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/26 09:07:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/25 11:20:38 | 000,000,000 | ---D | C] -- C:\Users\ersarem\Desktop\Tattoos
[2013/11/20 01:23:12 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\ESN
[2013/11/20 01:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2013/11/17 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/17 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/17 13:04:35 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/11/17 13:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/17 13:04:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/11/17 13:04:26 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/11/17 13:04:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/11/17 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\BenchUpdater
[2013/11/17 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\Freidea_Solution
[2013/11/17 08:24:12 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/17 08:22:11 | 000,000,000 | -HSD | C] -- C:\Program Files\Best Free Keylogger
[2013/11/17 08:22:00 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\Programs
[2013/11/15 11:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/15 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\ersarem\AppData\Local\Macromedia
[2013/11/15 10:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/11/15 10:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/11/15 10:08:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/15 10:08:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/15 10:08:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/15 10:08:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/15 10:08:07 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/15 10:08:06 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll

========== Files - Modified Within 30 Days ==========

[2013/12/13 11:32:43 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/13 11:32:43 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/13 11:31:16 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/13 11:31:16 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/13 11:25:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/13 11:25:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/12/13 11:24:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/13 11:24:44 | 2211,889,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/13 09:48:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2013/12/13 08:55:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\bench-S-1-5-21-3071392266-753195108-3516867006-1289.job
[2013/12/12 19:00:11 | 000,434,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 19:25:50 | 000,001,176 | ---- | M] () -- C:\ProgramData\SMRResults410.dat
[2013/12/09 15:47:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/03 17:05:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/11/26 09:07:17 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/26 09:07:17 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/26 09:07:15 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/26 09:07:15 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/26 09:07:14 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/26 09:07:14 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/26 09:07:13 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/26 09:07:13 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/26 09:07:13 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/26 09:07:13 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/26 09:07:13 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/26 09:07:12 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/26 09:07:12 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/26 09:07:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/26 09:07:12 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/26 09:07:11 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/26 09:07:11 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/26 09:07:11 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/26 09:07:11 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/26 09:07:11 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/26 09:07:09 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/26 09:07:08 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/26 09:07:08 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/26 09:07:08 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/26 09:07:08 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/26 09:07:08 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/26 09:07:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/26 09:07:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/26 09:07:06 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/26 09:07:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/26 03:23:02 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/26 03:22:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/26 02:53:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/26 02:52:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/26 02:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/26 02:36:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/26 02:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/26 02:29:55 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/26 02:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/26 02:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/26 02:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/26 02:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/26 01:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/26 00:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/25 11:20:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/23 12:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/19 04:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/11/17 13:04:18 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/11/17 13:04:14 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/11/17 13:04:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/11/17 13:04:14 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/11/15 10:26:04 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/15 10:26:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/15 10:23:30 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/12/11 19:25:41 | 000,001,176 | ---- | C] () -- C:\ProgramData\SMRResults410.dat
[2013/12/03 17:05:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/11/26 09:07:12 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/17 12:45:46 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\bench-S-1-5-21-3071392266-753195108-3516867006-1289.job
[2013/11/17 12:45:44 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\bench-sys.job
[2013/11/15 10:23:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/15 10:23:30 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2011/10/25 10:29:30 | 000,000,488 | RHS- | C] () -- C:\Users\ersarem\ntuser.pol
[2011/09/26 16:13:14 | 000,003,204 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 19:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 22:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 19:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 06:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 06:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 15:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 06:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 23:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 19:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 06:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/13 19:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 19:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 10:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 19:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 04:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 23:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 19:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 06:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 06:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 19:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 19:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 06:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 06:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 22:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 06:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 06:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 06:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 06:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 06:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 06:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 06:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 19:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 06:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 19:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 06:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 0880-76CC
Directory of C:\
07/13/2009 10:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\CDS
04/18/2011 03:00 PM <JUNCTION> Application Data [C:\Users\CDS\AppData\Roaming]
04/18/2011 03:00 PM <JUNCTION> Cookies [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\Cookies]
04/18/2011 03:00 PM <JUNCTION> Local Settings [C:\Users\CDS\AppData\Local]
04/18/2011 03:00 PM <JUNCTION> My Documents [C:\Users\CDS\Documents]
04/18/2011 03:00 PM <JUNCTION> NetHood [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/18/2011 03:00 PM <JUNCTION> PrintHood [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/18/2011 03:00 PM <JUNCTION> Recent [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\Recent]
04/18/2011 03:00 PM <JUNCTION> SendTo [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\SendTo]
04/18/2011 03:00 PM <JUNCTION> Start Menu [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\Start Menu]
04/18/2011 03:00 PM <JUNCTION> Templates [C:\Users\CDS\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\CDS\AppData\Local
04/18/2011 03:00 PM <JUNCTION> Application Data [C:\Users\CDS\AppData\Local]
04/18/2011 03:00 PM <JUNCTION> History [C:\Users\CDS\AppData\Local\Microsoft\Windows\History]
04/18/2011 03:00 PM <JUNCTION> Temporary Internet Files [C:\Users\CDS\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\CDS\Documents
04/18/2011 03:00 PM <JUNCTION> My Music [C:\Users\CDS\Music]
04/18/2011 03:00 PM <JUNCTION> My Pictures [C:\Users\CDS\Pictures]
04/18/2011 03:00 PM <JUNCTION> My Videos [C:\Users\CDS\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Dwages
09/27/2011 09:51 AM <JUNCTION> Application Data [C:\Users\Dwages\AppData\Roaming]
09/27/2011 09:51 AM <JUNCTION> Cookies [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\Cookies]
09/27/2011 09:51 AM <JUNCTION> Local Settings [C:\Users\Dwages\AppData\Local]
09/27/2011 09:51 AM <JUNCTION> My Documents [C:\Users\Dwages\Documents]
09/27/2011 09:51 AM <JUNCTION> NetHood [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/27/2011 09:51 AM <JUNCTION> PrintHood [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/27/2011 09:51 AM <JUNCTION> Recent [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\Recent]
09/27/2011 09:51 AM <JUNCTION> SendTo [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\SendTo]
09/27/2011 09:51 AM <JUNCTION> Start Menu [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\Start Menu]
09/27/2011 09:51 AM <JUNCTION> Templates [C:\Users\Dwages\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dwages\AppData\Local
09/27/2011 09:51 AM <JUNCTION> Application Data [C:\Users\Dwages\AppData\Local]
09/27/2011 09:51 AM <JUNCTION> History [C:\Users\Dwages\AppData\Local\Microsoft\Windows\History]
09/27/2011 09:51 AM <JUNCTION> Temporary Internet Files [C:\Users\Dwages\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dwages\Documents
09/27/2011 09:51 AM <JUNCTION> My Music [C:\Users\Dwages\Music]
09/27/2011 09:51 AM <JUNCTION> My Pictures [C:\Users\Dwages\Pictures]
09/27/2011 09:51 AM <JUNCTION> My Videos [C:\Users\Dwages\Videos]
0 File(s) 0 bytes
Directory of C:\Users\ersarem
10/25/2011 10:28 AM <JUNCTION> Application Data [C:\Users\ersarem\AppData\Roaming]
10/25/2011 10:28 AM <JUNCTION> Cookies [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\Cookies]
10/25/2011 10:28 AM <JUNCTION> Local Settings [C:\Users\ersarem\AppData\Local]
10/25/2011 10:28 AM <JUNCTION> My Documents [C:\Users\ersarem\Documents]
10/25/2011 10:28 AM <JUNCTION> NetHood [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/25/2011 10:28 AM <JUNCTION> PrintHood [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/25/2011 10:28 AM <JUNCTION> Recent [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\Recent]
10/25/2011 10:28 AM <JUNCTION> SendTo [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\SendTo]
10/25/2011 10:28 AM <JUNCTION> Start Menu [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\Start Menu]
10/25/2011 10:28 AM <JUNCTION> Templates [C:\Users\ersarem\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\ersarem\AppData\Local
10/25/2011 10:28 AM <JUNCTION> Application Data [C:\Users\ersarem\AppData\Local]
10/25/2011 10:28 AM <JUNCTION> History [C:\Users\ersarem\AppData\Local\Microsoft\Windows\History]
10/25/2011 10:28 AM <JUNCTION> Temporary Internet Files [C:\Users\ersarem\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\ersarem\AppData\LocalLow
10/13/2013 01:03 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\ersarem\Documents
10/25/2011 10:28 AM <JUNCTION> My Music [C:\Users\ersarem\Music]
10/25/2011 10:28 AM <JUNCTION> My Pictures [C:\Users\ersarem\Pictures]
10/25/2011 10:28 AM <JUNCTION> My Videos [C:\Users\ersarem\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\test
09/26/2011 04:13 PM <JUNCTION> Application Data [C:\Users\test\AppData\Roaming]
09/26/2011 04:13 PM <JUNCTION> Cookies [C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies]
09/26/2011 04:13 PM <JUNCTION> Local Settings [C:\Users\test\AppData\Local]
09/26/2011 04:13 PM <JUNCTION> My Documents [C:\Users\test\Documents]
09/26/2011 04:13 PM <JUNCTION> NetHood [C:\Users\test\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/26/2011 04:13 PM <JUNCTION> PrintHood [C:\Users\test\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/26/2011 04:13 PM <JUNCTION> Recent [C:\Users\test\AppData\Roaming\Microsoft\Windows\Recent]
09/26/2011 04:13 PM <JUNCTION> SendTo [C:\Users\test\AppData\Roaming\Microsoft\Windows\SendTo]
09/26/2011 04:13 PM <JUNCTION> Start Menu [C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu]
09/26/2011 04:13 PM <JUNCTION> Templates [C:\Users\test\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\test\AppData\Local
09/26/2011 04:13 PM <JUNCTION> Application Data [C:\Users\test\AppData\Local]
09/26/2011 04:13 PM <JUNCTION> History [C:\Users\test\AppData\Local\Microsoft\Windows\History]
09/26/2011 04:13 PM <JUNCTION> Temporary Internet Files [C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\test\Documents
09/26/2011 04:13 PM <JUNCTION> My Music [C:\Users\test\Music]
09/26/2011 04:13 PM <JUNCTION> My Pictures [C:\Users\test\Pictures]
09/26/2011 04:13 PM <JUNCTION> My Videos [C:\Users\test\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
99 Dir(s) 232,940,040,192 bytes free

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/11/05 16:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\ersarem\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 20:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >

OTL Extras logfile created on: 12/13/2013 11:37:52 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ersarem\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 61.35% Memory free
5.49 Gb Paging File | 4.39 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.34 Gb Total Space | 215.80 Gb Free Space | 78.95% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.93 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32

Computer Name: CDS-20015 | User Name: ersarem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32FA267B-0EDB-4EBA-BC3A-D1C0CB880AB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35926EE4-60F3-43FD-9703-CD59AE3CF01B}" = lport=138 | protocol=17 | dir=in | app=system |
"{35C6D8CB-9D1C-477C-81CB-4912F7D17AB8}" = rport=139 | protocol=6 | dir=out | app=system |
"{3ADA1A9B-5BC5-44C6-B74C-C23916BFFF59}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B9E3B37-02B3-4E01-8930-8EBF57BCEF98}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{3CB628EC-5194-47FB-A51D-793B27148411}" = rport=138 | protocol=17 | dir=out | app=system |
"{4076F825-7075-4F37-997F-9DE6BE7DD712}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{54B515B1-0FF6-41D5-9613-50438B16378F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7D3E7AF6-B066-42F9-A967-3362560226EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C627966-5B84-4D8E-A6B1-F4A8E93E2550}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDD32885-2C39-4597-8998-42347A4A7B02}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{C6120B22-17F8-4B78-A295-D58142E5D664}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8A3B6D4-80DC-48A6-8A2D-1A3067E4DF4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF87359A-E796-4C9A-940B-4C94B97A64B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E4AFCD7F-378F-4701-89EC-29D8B04865DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E924F7C3-A169-492A-A3E9-401D7DF75AC6}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2587111C-11E4-404D-9BD7-95A9712136C3}" = protocol=6 | dir=in | app=c:\users\cds\appdata\local\temp\7zs12d1\easyinst.exe |
"{56C6B873-3249-4B3D-BD16-144446E9D1D6}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{682D73BF-45EC-4ED7-97EA-001634F37319}" = dir=in | app=c:\users\ersarem\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{6AAC3D74-5663-4574-8952-8BDBB1DEC0B2}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{7238AA78-4D7E-4E3B-9703-13406020D4D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{75DAC94C-8A54-4CF9-9D55-C7F4C7D30AC1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7D8ED3F7-9E37-4A78-8BCE-FBCC2A092902}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{89BDD0DA-EDC6-4E76-813D-0AF6E8BE5953}" = protocol=1 | dir=out | [email protected],-28544 |
"{97E7E5C2-5C29-4302-AACF-060D8C8191F1}" = protocol=17 | dir=in | app=c:\users\cds\appdata\local\temp\7zs12d1\easyinst.exe |
"{A33F4B0A-C5F6-4FFE-86E3-B51A4E893555}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C032C112-00B6-4A50-934C-ECA67A0504E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C46BAD74-C101-4C1C-91BD-3FDD73A9E916}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{C4A31E87-A86C-480B-8619-89E193F3AD53}" = protocol=58 | dir=in | [email protected],-28545 |
"{C7B8E341-9A99-44A0-827E-931B614124F3}" = protocol=58 | dir=out | [email protected],-28546 |
"{CA503527-CB5D-4A9D-9144-97465E558E42}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{F6697C86-CC07-4A86-8101-4969CF7E0748}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F91E7BDA-0106-4C70-B2F4-DDF1C4C20E91}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{286B09BC-F9BD-4F71-B767-2AE0CE2F8CE5}" = ScorpionSaver Services
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4647BF57-21C4-4BC8-BA1B-E57A30EE1D31}" = Sprint SmartView
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{61CEF73A-056A-492C-B6C6-51AD8013EF57}" = Superchips Easy Update
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A03BEDC-6390-440E-8D13-721A22F0BD1F}" = PhoenixRC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B639A4DE-A375-47D3-89C3-DDCF98D992F7}" = McAfee Agent
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"ESN Sonar-0.70.4" = ESN Sonar
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"LAN-Fax Utilities" = LAN-Fax Utilities
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

< End of report >

#6
Valinorum

Posted 14 December 2013 - 05:50 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi Jrt2006,

Did you install Sprint SmartView? If not, uninstall it.

Step #5 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
ScorpionSaver Services
ScorpionSaver

Step #6 Fix with OTL
Re-run OTL by right clicking and choosing Run as administrator;
Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

:Commands
[createrestorepoint]

:OTL
[2013/11/17 12:45:58 | 000,000,000 | ---D | M] (Deal Slider) -- C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}
[2013/12/13 11:25:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/13 11:25:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/12/13 09:48:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2013/12/13 08:55:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\bench-S-1-5-21-3071392266-753195108-3516867006-1289.job

:Files
C:\Program Files\ScorpionSaver Services

:Commands
[emptytemp]
Click on "Run Fix" and let the program run unhindered;
Your PC will reboot automatically and a log will be opened;
Please post it in your next reply.

How is your system running?

Required Log(s):
OTL Fix Log

Regards,
Valinorum

#7
Jrt2006

Posted 15 December 2013 - 08:12 AM

Member

Topic Starter
Member
42 posts

I didn't install sprint smart view, but i have uninstalled it. It was installed 9/26/2011 so I am assuming my girlfriend did, but she doesn't use the laptop anymore.

ScorpionSaver (both) cannot be installed. When trying, i get the following message:

'The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package ScorpionSaver.msi in the box below'

This laptop was a business laptop that was issued to her while she worked for a finance company, it has many security protocols and 6 network drives that it cannot connect to (I'm assuming because she is no longer with the company), not sure if that has anything to do with the error uninstalling the unwanted programs above.

I will continue with your instruction and post the results shortly

Thank You

#8
Valinorum

Posted 15 December 2013 - 08:18 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Acknowledged. :thumbsup:

#9
Jrt2006

Posted 15 December 2013 - 08:34 AM

Member

Topic Starter
Member
42 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\icons folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\framework-ui\theme\bubble folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\framework-ui\theme folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\framework-ui folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\framework folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\CanvasFramework folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C}\AppFramework folder moved successfully.
C:\Users\ersarem\AppData\Roaming\mozilla\Firefox\Profiles\yacvure5.default\extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C} folder moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job moved successfully.
C:\Windows\Tasks\bench-sys.job moved successfully.
C:\Windows\Tasks\bench-S-1-5-21-3071392266-753195108-3516867006-1289.job moved successfully.
========== FILES ==========
File\Folder C:\Program Files\ScorpionSaver Services not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CDS
->Temp folder emptied: 1116851 bytes
->Temporary Internet Files folder emptied: 192753627 bytes
->FireFox cache emptied: 50117582 bytes
->Flash cache emptied: 446 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dwages
->Temp folder emptied: 2917026 bytes
->Temporary Internet Files folder emptied: 25549407 bytes
->Java cache emptied: 4049 bytes
->FireFox cache emptied: 13605930 bytes
->Flash cache emptied: 718 bytes

User: ersarem
->Temp folder emptied: 4119039 bytes
->Temporary Internet Files folder emptied: 669174 bytes
->Java cache emptied: 2965570 bytes
->FireFox cache emptied: 150578015 bytes
->Flash cache emptied: 4344 bytes

User: Public

User: test
->Temp folder emptied: 4298503 bytes
->Temporary Internet Files folder emptied: 18689396 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 134 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36348225 bytes
RecycleBin emptied: 473596 bytes

Total Files Cleaned = 481.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12152013_081613

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

---System is running MUCH better. I can browse the internet uninterrupted which is what the problem was.
Very much appreciated

#10
Valinorum

Posted 15 December 2013 - 10:12 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi Jrt2006,

-System is running MUCH better. I can browse the internet uninterrupted which is what the problem was.
Very much appreciated

This is a swelling news. Let's clean out the remnants.

Step #7 Scan with Malwarebytes' Anti-Malware
Re-run Malwarebytes' Anti-Malware;
From the Update tab check for update. If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan. The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the Logs tab in the interface.
Copy and paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step #8 Run ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here then click on:
  
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Uncheck the box beside Remove Found Threats
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

If No Threats Were Found:
- Put a checkmark in "Uninstall application on close"
- Close the program
- Report to me that nothing was found
If Threats Were Found:
- Click on "list of threats found"
- Click on "export to text file" and save it to the desktop as ESET SCAN.txt
- Click on Back
- Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
- Click on Finish
- Close the program
- Copy and paste the report here

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Required Log(s):
MBAM Log;
ESET Log

Regards,
Valinorum

Edited by Valinorum, 15 December 2013 - 10:13 AM.

#11
Jrt2006

Posted 15 December 2013 - 10:37 PM

Member

Topic Starter
Member
42 posts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ersarem :: CDS-20015 [administrator]

12/15/2013 7:51:17 PM
mbam-log-2013-12-15 (19-51-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277993
Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\ersarem\AppData\Local\BenchUpdater (PUP.Optional.BenchUpdater.A) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\ersarem\AppData\Local\BenchUpdater\products.xml (PUP.Optional.BenchUpdater.A) -> Quarantined and deleted successfully.

(end)

C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\ersarem\AppData\Local\torch\User Data\Default\Cache\f_000017.vir a variant of Win32/Adware.MediaFinder.F application
C:\AdwCleaner\Quarantine\C\Users\ersarem\AppData\Local\torch\User Data\Default\Cache\f_000081.vir a variant of Win32/Adware.MediaFinder.F application
C:\AdwCleaner\Quarantine\C\Users\ersarem\AppData\Local\torch\User Data\Default\Cache\f_00008f.vir a variant of Win32/Adware.MediaFinder.F application
C:\AdwCleaner\Quarantine\C\Users\ersarem\AppData\Local\torch\User Data\Default\Cache\f_00015f.vir a variant of Win32/AirAdInstaller.A application
C:\AdwCleaner\Quarantine\C\Users\ersarem\AppData\Local\torch\User Data\Default\Cache\f_000167.vir a variant of Win32/AirAdInstaller.A application
C:\Users\ersarem\AppData\LocalLow\Connect_DLC_2\ldrtbConn.dll a variant of Win32/Toolbar.Conduit.P application
C:\Users\ersarem\AppData\LocalLow\Connect_DLC_2\tbConn.dll a variant of Win32/Toolbar.Conduit.B application
C:\Users\ersarem\Downloads\cbsidlm-cbsi134-Best_Free_Keylogger-SEO-75960974.exe a variant of Win32/CNETInstaller.B application
C:\Users\ersarem\Downloads\setup (1).exe a variant of Win32/AirAdInstaller.A application
C:\Users\ersarem\Downloads\setup(1).exe a variant of Win32/AirAdInstaller.A application
C:\Users\ersarem\Downloads\setup.exe a variant of Win32/AirAdInstaller.A application
C:\Users\ersarem\Downloads\Upgrade.exe a variant of Win32/AirAdInstaller.A application
C:\Users\ersarem\Downloads\Your_file_download (1).exe a variant of Win32/Adware.MediaFinder.F application
C:\Users\ersarem\Downloads\Your_file_download (2).exe a variant of Win32/Adware.MediaFinder.F application
C:\Users\ersarem\Downloads\Your_file_download.exe a variant of Win32/Adware.MediaFinder.F application

#12
Valinorum

Posted 16 December 2013 - 12:18 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi Jrt2006,

Step #9 Fix with OTL
Re-run OTL by right clicking and choosing Run as administrator;
Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

:Commands
[createrestorepoint]

:Files
C:\Users\ersarem\AppData\LocalLow\Connect_DLC_2
C:\Users\ersarem\Downloads\cbsidlm-cbsi134-Best_Free_Keylogger-SEO-75960974.exe
C:\Users\ersarem\Downloads\setup (1).exe
C:\Users\ersarem\Downloads\setup(1).exe
C:\Users\ersarem\Downloads\setup.exe
C:\Users\ersarem\Downloads\Upgrade.exe
C:\Users\ersarem\Downloads\Your_file_download (1).exe
C:\Users\ersarem\Downloads\Your_file_download (2).exe
C:\Users\ersarem\Downloads\Your_file_download.exe

:Commands
[emptytemp]
Click on "Run Fix" and let the program run unhindered;
Your PC will reboot automatically and a log will be opened;
Please post it in your next reply.

How is your system now? Any more issues?

Required Log(s):
OTL Fix Log

Regards,
Valinorum

#13
Essexboy

Posted 21 December 2013 - 12:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.