Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

green underlined words that lead to iluvvid ad [Solved]


  • This topic is locked This topic is locked

#1
Peacemaker2.0

Peacemaker2.0

    Member

  • Member
  • PipPip
  • 15 posts
so as i went onto a forum today i noticed that some random words are highlighted and then would lead to an iluvvid ad and sometime when i click a link (not the green ones) a new window would open with a diff ad example= http://i.imgur.com/rjQ1C7N.png?1 im not sure if this is from something i download but i only downloaded pics and gifs from memecenter for the last couple of days and my computer is only a couple of weeks old. OTL logfile created on: 1/26/2014 3:49:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicholas\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 48.65% Memory free
6.92 Gb Paging File | 4.94 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 208.82 Gb Free Space | 89.70% Space Free | Partition Type: NTFS
Drive E: | 93.92 Gb Total Space | 44.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive G: | 178.85 Gb Total Space | 178.28 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
Drive H: | 25.00 Gb Total Space | 12.78 Gb Free Space | 51.14% Space Free | Partition Type: NTFS

Computer Name: NICHOLAS-PC | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/26 15:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicholas\Downloads\OTL.exe
PRC - [2014/01/21 03:05:44 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014/01/11 04:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/23 15:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/15 13:09:52 | 000,090,112 | -H-- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/11 04:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 04:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 04:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 04:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 04:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 04:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - [2014/01/20 18:13:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/11/26 02:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/07/15 13:09:52 | 000,090,112 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2014/01/26 14:49:17 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B793BBD9-EB18-4F6B-A01E-F01E1CE3249F}\MpKslcc5c8f9c.sys -- (MpKslcc5c8f9c)
DRV - [2014/01/26 08:07:48 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B793BBD9-EB18-4F6B-A01E-F01E1CE3249F}\MpKsl426aad7a.sys -- (MpKsl426aad7a)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/07/24 11:30:12 | 000,040,832 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 17:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 16:02:52 | 000,164,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language},
CHR - homepage: about:Tabs
CHR - Extension: Google Docs = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: greatSSaaver = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibgmiiampohmckfdmgedoepdphcgdao\2.7\
CHR - Extension: Best Save = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi\242\
CHR - Extension: Google Wallet = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbgicdakccadnageapnakmhggidkao\1.1\
CHR - Extension: Gmail = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YoutubeAdblocker = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhifcklhmfpkjopafnomhlhphonlhoi\1.0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.50.64.78 69.50.64.70 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABED451C-0854-463F-A8E0-C14BDA2F910F}: DhcpNameServer = 69.50.64.78 69.50.64.70 8.8.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/08/12 10:35:03 | 000,000,000 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/25 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/01/25 15:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014/01/25 15:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\greatsavaer
[2014/01/25 15:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\greatsavaer
[2014/01/25 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Torch
[2014/01/25 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Comodo
[2014/01/25 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\5a5cc18011d38872
[2014/01/25 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/20 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DevPro
[2014/01/20 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\DevPro
[2014/01/20 21:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/01/20 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\DevPro, LLC
[2014/01/20 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Diagnostics
[2014/01/20 19:08:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2014/01/20 19:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/20 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Adobe
[2014/01/20 18:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/20 18:27:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/01/20 18:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/20 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Google
[2014/01/20 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Deployment
[2014/01/20 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Apps
[2014/01/20 18:13:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2014/01/19 21:59:45 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\uTorrent
[2014/01/19 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Macromedia
[2014/01/19 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Adobe
[2014/01/17 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Media Player Classic
[2014/01/15 19:56:23 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Microsoft Games
[2014/01/15 19:50:14 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/01/15 19:50:14 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Searches
[2014/01/15 19:50:14 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/01/15 19:50:14 | 000,000,000 | -H-D | C] -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/15 19:50:07 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Identities
[2014/01/15 19:50:06 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Contacts
[2014/01/15 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\VirtualStore
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\AppData\Local\Temporary Internet Files
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Templates
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Start Menu
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\SendTo
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Recent
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\PrintHood
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\NetHood
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Documents\My Videos
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Documents\My Pictures
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Documents\My Music
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\My Documents
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Local Settings
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\AppData\Local\History
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Cookies
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Application Data
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\AppData\Local\Application Data
[2014/01/15 19:48:02 | 000,000,000 | --SD | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Videos
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Saved Games
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Pictures
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Music
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Links
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Favorites
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Downloads
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Documents
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Desktop
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/15 19:48:02 | 000,000,000 | -H-D | C] -- C:\Users\Nicholas\AppData
[2014/01/15 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Temp
[2014/01/15 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Microsoft
[2014/01/15 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/01/26 15:42:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/26 14:15:48 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/26 14:15:48 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/26 14:12:55 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/26 14:12:55 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/26 14:08:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/26 14:08:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/26 14:08:36 | 2786,521,088 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/21 21:45:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/01/21 19:51:28 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/01/21 07:25:03 | 000,002,221 | ---- | M] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/21 04:20:57 | 000,268,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/20 22:05:51 | 000,000,898 | ---- | M] () -- C:\Users\Nicholas\Desktop\DevPro.exe.lnk
[2014/01/20 19:15:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/20 18:28:34 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/15 20:07:25 | 000,001,403 | ---- | M] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/15 17:51:32 | 000,108,227 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2014/01/21 21:45:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/01/21 19:51:28 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/01/21 03:25:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/01/20 22:05:51 | 000,000,898 | ---- | C] () -- C:\Users\Nicholas\Desktop\DevPro.exe.lnk
[2014/01/20 19:46:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/01/20 19:15:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/01/20 19:01:42 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/20 18:28:34 | 000,002,221 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/20 18:28:34 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/20 18:22:21 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 18:22:20 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 20:07:25 | 000,001,403 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/15 19:50:15 | 000,001,409 | ---- | C] () -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/15 19:48:02 | 000,000,290 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/15 19:48:02 | 000,000,272 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/15 16:31:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/03/20 11:22:54 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2013/03/20 11:22:50 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2013/03/20 11:22:50 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/03/20 11:22:40 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013/03/20 11:22:37 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/26 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\DevPro
[2014/01/20 22:06:05 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\DevPro, LLC
[2014/01/19 21:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

Edited by Peacemaker2.0, 26 January 2014 - 04:06 PM.

  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

The first steps are to run a special scan with OTL and another scan with a program called aswMBR. Please do the following:

Step 1

  • Download OTL and save to desktop or other convenient location.
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir C:\ /S /A:L /C
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL scan log
extras.txt
aswMBR log

  • 0

#3
Peacemaker2.0

Peacemaker2.0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
okay did as you said
OTL Scan Log:
OTL logfile created on: 1/26/2014 6:45:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicholas\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 29.48% Memory free
6.92 Gb Paging File | 4.38 Gb Available in Paging File | 63.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 208.56 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive E: | 93.92 Gb Total Space | 44.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive G: | 178.85 Gb Total Space | 178.28 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
Drive H: | 25.00 Gb Total Space | 12.78 Gb Free Space | 51.14% Space Free | Partition Type: NTFS

Computer Name: NICHOLAS-PC | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/26 18:44:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nicholas\Downloads\aswMBR.exe
PRC - [2014/01/26 15:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicholas\Downloads\OTL.exe
PRC - [2014/01/26 09:05:12 | 001,005,056 | ---- | M] (DevPro) -- C:\Users\Nicholas\AppData\Roaming\DevPro\DevPro.exe
PRC - [2014/01/21 03:05:44 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014/01/11 04:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/15 13:09:52 | 000,090,112 | -H-- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/21 04:04:55 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll
MOD - [2014/01/21 04:04:32 | 002,511,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f8eb1864adfa5be104c3b84177ab5427\System.Data.Linq.ni.dll
MOD - [2014/01/21 04:02:06 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2014/01/21 04:02:03 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll
MOD - [2014/01/21 04:01:54 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll
MOD - [2014/01/21 04:01:50 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll
MOD - [2014/01/21 04:01:48 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll
MOD - [2014/01/21 04:01:44 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2014/01/21 04:01:39 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2014/01/11 04:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 04:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 04:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 04:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 04:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 04:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - [2014/01/20 18:13:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/11/26 02:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/07/15 13:09:52 | 000,090,112 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Nicholas\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2014/01/26 14:49:17 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B793BBD9-EB18-4F6B-A01E-F01E1CE3249F}\MpKslcc5c8f9c.sys -- (MpKslcc5c8f9c)
DRV - [2014/01/26 08:07:48 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B793BBD9-EB18-4F6B-A01E-F01E1CE3249F}\MpKsl426aad7a.sys -- (MpKsl426aad7a)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/07/24 11:30:12 | 000,040,832 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 17:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 16:02:52 | 000,164,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-739588601-926540075-11685257-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-739588601-926540075-11685257-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-739588601-926540075-11685257-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language},
CHR - homepage: about:Tabs
CHR - Extension: Google Docs = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: greatSSaaver = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibgmiiampohmckfdmgedoepdphcgdao\2.7\
CHR - Extension: Best Save = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi\242\
CHR - Extension: Google Wallet = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbgicdakccadnageapnakmhggidkao\1.1\
CHR - Extension: Gmail = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YoutubeAdblocker = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhifcklhmfpkjopafnomhlhphonlhoi\1.0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.50.64.78 69.50.64.70 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABED451C-0854-463F-A8E0-C14BDA2F910F}: DhcpNameServer = 69.50.64.78 69.50.64.70 8.8.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/08/12 10:35:03 | 000,000,000 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/25 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/01/25 15:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014/01/25 15:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\greatsavaer
[2014/01/25 15:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\greatsavaer
[2014/01/25 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Torch
[2014/01/25 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Comodo
[2014/01/25 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\5a5cc18011d38872
[2014/01/25 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/20 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DevPro
[2014/01/20 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\DevPro
[2014/01/20 21:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/01/20 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\DevPro, LLC
[2014/01/20 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Diagnostics
[2014/01/20 19:08:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2014/01/20 19:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/20 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Adobe
[2014/01/20 18:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/20 18:27:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/01/20 18:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/20 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Google
[2014/01/20 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Deployment
[2014/01/20 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Apps
[2014/01/20 18:13:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2014/01/19 21:59:45 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\uTorrent
[2014/01/19 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Macromedia
[2014/01/19 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Adobe
[2014/01/17 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Media Player Classic
[2014/01/15 19:56:23 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Microsoft Games
[2014/01/15 19:50:14 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/01/15 19:50:14 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Searches
[2014/01/15 19:50:14 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/01/15 19:50:14 | 000,000,000 | -H-D | C] -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/15 19:50:07 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Identities
[2014/01/15 19:50:06 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Contacts
[2014/01/15 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\VirtualStore
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\AppData\Local\Temporary Internet Files
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Templates
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Start Menu
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\SendTo
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Recent
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\PrintHood
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\NetHood
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Documents\My Videos
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Documents\My Pictures
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Documents\My Music
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\My Documents
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Local Settings
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\AppData\Local\History
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Cookies
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\Application Data
[2014/01/15 19:48:03 | 000,000,000 | -HSD | C] -- C:\Users\Nicholas\AppData\Local\Application Data
[2014/01/15 19:48:02 | 000,000,000 | --SD | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Videos
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Saved Games
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Pictures
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Music
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Links
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Favorites
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Downloads
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Documents
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\Desktop
[2014/01/15 19:48:02 | 000,000,000 | R--D | C] -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/15 19:48:02 | 000,000,000 | -H-D | C] -- C:\Users\Nicholas\AppData
[2014/01/15 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Temp
[2014/01/15 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Local\Microsoft
[2014/01/15 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nicholas\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/01/26 18:42:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/26 14:15:48 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/26 14:15:48 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/26 14:12:55 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/26 14:12:55 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/26 14:08:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/26 14:08:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/26 14:08:36 | 2786,521,088 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/21 21:45:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/01/21 19:51:28 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/01/21 07:25:03 | 000,002,221 | ---- | M] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/21 04:20:57 | 000,268,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/20 22:05:51 | 000,000,898 | ---- | M] () -- C:\Users\Nicholas\Desktop\DevPro.exe.lnk
[2014/01/20 19:15:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/20 18:28:34 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/15 20:07:25 | 000,001,403 | ---- | M] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/15 17:51:32 | 000,108,227 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2014/01/21 21:45:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/01/21 19:51:28 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/01/21 03:25:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/01/20 22:05:51 | 000,000,898 | ---- | C] () -- C:\Users\Nicholas\Desktop\DevPro.exe.lnk
[2014/01/20 19:46:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/01/20 19:15:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/01/20 19:01:42 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/20 18:28:34 | 000,002,221 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/20 18:28:34 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/20 18:22:21 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 18:22:20 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 20:07:25 | 000,001,403 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/15 19:50:15 | 000,001,409 | ---- | C] () -- C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/15 19:48:02 | 000,000,290 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/15 19:48:02 | 000,000,272 | ---- | C] () -- C:\Users\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/15 16:31:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/03/20 11:22:54 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2013/03/20 11:22:50 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2013/03/20 11:22:50 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/03/20 11:22:40 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013/03/20 11:22:37 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/26 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\DevPro
[2014/01/20 22:06:05 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\DevPro, LLC
[2014/01/19 21:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 19:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 22:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 19:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 15:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 15:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 15:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 15:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 15:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 23:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 19:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 15:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/13 19:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 19:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 19:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 10:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 19:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 04:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 23:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 19:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 15:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 15:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 19:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/24 18:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 19:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 15:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 15:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 15:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 15:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 22:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 15:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 15:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 15:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 15:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 15:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 15:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 15:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 15:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 19:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 15:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 19:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 15:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 15:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/11 20:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2011/04/11 20:15:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/11 20:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2011/04/11 20:15:37 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 15:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 15:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 15:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2011/04/11 20:15:40 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\System32\en-US\wshelper.dll.mui
[2011/04/11 20:15:40 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_adb3c1d9fa188607\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/13 22:53:46 | 000,006,386 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 22:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014/01/20 18:22:20 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/01/20 18:22:21 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 9215-99D0
Directory of C:\
07/13/2009 10:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Nicholas
01/15/2014 07:48 PM <JUNCTION> Application Data [C:\Users\Nicholas\AppData\Roaming]
01/15/2014 07:48 PM <JUNCTION> Cookies [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Cookies]
01/15/2014 07:48 PM <JUNCTION> Local Settings [C:\Users\Nicholas\AppData\Local]
01/15/2014 07:48 PM <JUNCTION> My Documents [C:\Users\Nicholas\Documents]
01/15/2014 07:48 PM <JUNCTION> NetHood [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/15/2014 07:48 PM <JUNCTION> PrintHood [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/15/2014 07:48 PM <JUNCTION> Recent [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Recent]
01/15/2014 07:48 PM <JUNCTION> SendTo [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\SendTo]
01/15/2014 07:48 PM <JUNCTION> Start Menu [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu]
01/15/2014 07:48 PM <JUNCTION> Templates [C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Nicholas\AppData\Local
01/15/2014 07:48 PM <JUNCTION> Application Data [C:\Users\Nicholas\AppData\Local]
01/15/2014 07:48 PM <JUNCTION> History [C:\Users\Nicholas\AppData\Local\Microsoft\Windows\History]
01/15/2014 07:48 PM <JUNCTION> Temporary Internet Files [C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Nicholas\Documents
01/15/2014 07:48 PM <JUNCTION> My Music [C:\Users\Nicholas\Music]
01/15/2014 07:48 PM <JUNCTION> My Pictures [C:\Users\Nicholas\Pictures]
01/15/2014 07:48 PM <JUNCTION> My Videos [C:\Users\Nicholas\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Valued Customer
05/15/2013 03:47 PM <JUNCTION> Application Data [C:\Users\Valued Customer\AppData\Roaming]
05/15/2013 03:47 PM <JUNCTION> Cookies [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Cookies]
05/15/2013 03:47 PM <JUNCTION> Local Settings [C:\Users\Valued Customer\AppData\Local]
05/15/2013 03:47 PM <JUNCTION> My Documents [C:\Users\Valued Customer\Documents]
05/15/2013 03:47 PM <JUNCTION> NetHood [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/15/2013 03:47 PM <JUNCTION> PrintHood [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/15/2013 03:47 PM <JUNCTION> Recent [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Recent]
05/15/2013 03:47 PM <JUNCTION> SendTo [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\SendTo]
05/15/2013 03:47 PM <JUNCTION> Start Menu [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu]
05/15/2013 03:47 PM <JUNCTION> Templates [C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Valued Customer\AppData\Local
05/15/2013 03:47 PM <JUNCTION> Application Data [C:\Users\Valued Customer\AppData\Local]
05/15/2013 03:47 PM <JUNCTION> History [C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\History]
05/15/2013 03:47 PM <JUNCTION> Temporary Internet Files [C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Valued Customer\Documents
05/15/2013 03:47 PM <JUNCTION> My Music [C:\Users\Valued Customer\Music]
05/15/2013 03:47 PM <JUNCTION> My Pictures [C:\Users\Valued Customer\Pictures]
05/15/2013 03:47 PM <JUNCTION> My Videos [C:\Users\Valued Customer\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 223,727,095,808 bytes free

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: NICHOLAS-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 232 GB Healthy Boot
Volume 3 E OS NTFS Partition 93 GB Healthy
Volume 4 G DATA NTFS Partition 178 GB Healthy
Volume 5 H Recovery NTFS Partition 25 GB Healthy
Volume 6 SYSTEM FAT32 Partition 200 MB Healthy Hidden

< End of report >

extras.txt:
OTL Extras logfile created on: 1/26/2014 6:45:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicholas\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 29.48% Memory free
6.92 Gb Paging File | 4.38 Gb Available in Paging File | 63.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 208.56 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive E: | 93.92 Gb Total Space | 44.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive G: | 178.85 Gb Total Space | 178.28 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
Drive H: | 25.00 Gb Total Space | 12.78 Gb Free Space | 51.14% Space Free | Partition Type: NTFS

Computer Name: NICHOLAS-PC | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-739588601-926540075-11685257-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{CDADCBB2-DD4C-4A88-916B-2BB3255EE8F7}E:\program files (x86)\devpro\ygopro_vs_ai_debug.exe" = protocol=6 | dir=in | app=e:\program files (x86)\devpro\ygopro_vs_ai_debug.exe |
"TCP Query User{E032E725-3866-42C2-82A8-FEDA0FD2E182}C:\users\nicholas\appdata\roaming\devpro\devpro.dll" = protocol=6 | dir=in | app=c:\users\nicholas\appdata\roaming\devpro\devpro.dll |
"UDP Query User{71DAEAD4-6E67-4330-B1D8-FF96D1A356EE}E:\program files (x86)\devpro\ygopro_vs_ai_debug.exe" = protocol=17 | dir=in | app=e:\program files (x86)\devpro\ygopro_vs_ai_debug.exe |
"UDP Query User{86A9D865-8C80-45D1-B2ED-A719D7002600}C:\users\nicholas\appdata\roaming\devpro\devpro.dll" = protocol=17 | dir=in | app=c:\users\nicholas\appdata\roaming\devpro\devpro.dll |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{67787A65-AEE5-436B-B58C-538FBAE6374C}" = DevPro
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard)
"Microsoft Security Client" = Microsoft Security Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2014 8:35:31 PM | Computer Name = Nicholas-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\Users\jeff\Downloads\iTunes64Setup.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/19/2014 9:57:25 PM | Computer Name = Nicholas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ygopro_vs_ai_debug.exe, version: 1.0.3.1,
time stamp: 0x51ac888b Faulting module name: MSVCR100.dll, version: 10.0.40219.325,
time stamp: 0x4df2be1e Exception code: 0xc0000417 Fault offset: 0x0008af3e Faulting
process id: 0xfd4 Faulting application start time: 0x01cf157b1da3d3a7 Faulting application
path: E:\Program Files (x86)\DevPro\ygopro_vs_ai_debug.exe Faulting module path:
E:\Program Files (x86)\DevPro\MSVCR100.dll Report Id: 34f1531f-8176-11e3-8433-18a90531fba5

Error - 1/19/2014 10:42:19 PM | Computer Name = Nicholas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ygopro_vs_ai_debug.exe, version: 1.0.3.1,
time stamp: 0x51ac888b Faulting module name: MSVCR100.dll, version: 10.0.40219.325,
time stamp: 0x4df2be1e Exception code: 0xc0000417 Fault offset: 0x0008af3e Faulting
process id: 0xf24 Faulting application start time: 0x01cf158312997f5f Faulting application
path: E:\Program Files (x86)\DevPro\ygopro_vs_ai_debug.exe Faulting module path:
E:\Program Files (x86)\DevPro\MSVCR100.dll Report Id: 7aafd911-817c-11e3-8433-18a90531fba5

Error - 1/20/2014 8:18:56 PM | Computer Name = Nicholas-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/21/2014 6:22:15 AM | Computer Name = Nicholas-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/21/2014 6:26:39 AM | Computer Name = Nicholas-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/21/2014 6:57:58 AM | Computer Name = Nicholas-PC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0x80072EE7

Error - 1/21/2014 6:57:58 AM | Computer Name = Nicholas-PC | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0x80072EE7) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 1/21/2014 9:57:23 PM | Computer Name = Nicholas-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/22/2014 1:59:51 AM | Computer Name = Nicholas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: devpro.dll, version: 0.0.0.0, time stamp:
0x52ca9794 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
0x521ea91c Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
0xb4 Faulting application start time: 0x01cf173430b8a9cd Faulting application path:
C:\Users\Nicholas\AppData\Roaming\DevPro\devpro.dll Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 67e239fc-832a-11e3-abae-18a90531fba5

[ System Events ]
Error - 1/22/2014 8:06:30 PM | Computer Name = Nicholas-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 1/22/2014 8:06:30 PM | Computer Name = Nicholas-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 1/23/2014 8:52:55 PM | Computer Name = Nicholas-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 1/23/2014 9:49:40 PM | Computer Name = Nicholas-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 1/23/2014 11:38:17 PM | Computer Name = Nicholas-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 1/24/2014 8:55:13 PM | Computer Name = Nicholas-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.2427.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/24/2014 10:56:28 PM | Computer Name = Nicholas-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.2427.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/24/2014 10:57:14 PM | Computer Name = Nicholas-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 1/25/2014 12:12:43 PM | Computer Name = Nicholas-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:11:29 AM on ?1/?25/?2014 was unexpected.

Error - 1/25/2014 12:50:51 PM | Computer Name = Nicholas-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:48:34 AM on ?1/?25/?2014 was unexpected.


< End of report >

aswMBR log:aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-26 18:45:45
-----------------------------
18:45:45.752 OS Version: Windows 6.1.7601 Service Pack 1
18:45:45.752 Number of processors: 2 586 0x170A
18:45:45.753 ComputerName: NICHOLAS-PC UserName: Nicholas
18:45:47.755 Initialize success
18:55:47.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:55:47.051 Disk 0 Vendor: ST3250318AS HP34 Size: 238475MB BusType: 3
18:55:47.149 Disk 0 MBR read successfully
18:55:47.150 Disk 0 MBR scan
18:55:47.152 Disk 0 Windows 7 default MBR code
18:55:47.163 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:55:47.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
18:55:47.175 Disk 0 scanning sectors +488394752
18:55:47.329 Disk 0 scanning C:\Windows\system32\drivers
18:55:53.069 Service scanning
18:55:58.300 Service MpKslcc5c8f9c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B793BBD9-EB18-4F6B-A01E-F01E1CE3249F}\MpKslcc5c8f9c.sys **LOCKED** 32
18:56:08.275 Modules scanning
18:56:16.428 Disk 0 trace - called modules:
18:56:16.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:56:16.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860d1200]
18:56:16.773 3 CLASSPNP.SYS[8bfd459e] -> nt!IofCallDriver -> [0x85c30368]
18:56:16.777 5 ACPI.sys[8bccb3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85c2f908]
18:56:16.781 Scan finished successfully
18:59:28.101 Disk 0 MBR has been saved successfully to "C:\Users\Nicholas\Downloads\MBR.dat"
18:59:28.149 The log file has been saved successfully to "C:\Users\Nicholas\Downloads\aswMBR.txt"

Edited by Peacemaker2.0, 26 January 2014 - 07:19 PM.

  • 0

#4
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Peacemaker. Your OTL and aswMBR logs look clean. You probably have some adware lying around. Please run the following programs to get rid of any junk adware on your computer.

Step 1

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Step 2

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Things to see in your next post:
ADWCleaner log
JRT log

  • 0

#5
Peacemaker2.0

Peacemaker2.0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
alrighty

here they are

ADWCleaner log:
# AdwCleaner v3.010 - Report created 28/01/2014 at 18:09:02
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Nicholas - NICHOLAS-PC
# Running from : C:\Users\Nicholas\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Valued Customer\AppData\Local\torch
Folder Deleted : C:\Users\Nicholas\AppData\Local\torch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Softonic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1020 octets] - [28/01/2014 18:08:16]
AdwCleaner[S0].txt - [953 octets] - [28/01/2014 18:09:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1012 octets] ##########


JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x86
Ran by Nicholas on Tue 01/28/2014 at 18:14:06.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\youtubeadblocker"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/28/2014 at 18:15:14.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Try using your computer to see if the symptoms persist. Please let me know.
  • 0

#7
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Also are you getting these links on all web pages or just the forum?
  • 0

#8
Peacemaker2.0

Peacemaker2.0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Also are you getting these links on all web pages or just the forum?

yes the problem is still there and yes only on foums and forum based web sites
  • 0

#9
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
how about on this forum?
  • 0

#10
Peacemaker2.0

Peacemaker2.0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

how about on this forum?

even this one
  • 0

Advertisements


#11
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Try using other web browsers to see if the symptoms persists in the other browsers. So try Internet Explorer, Chrome, and Firefox and see which browsers have symptoms and let me know.
  • 0

#12
Peacemaker2.0

Peacemaker2.0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
yes its only on my default browser (Chrome)
  • 0

#13
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
try the instructions here and see if it fixes the problem
  • 0

#14
Peacemaker2.0

Peacemaker2.0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

try the instructions here and see if it fixes the problem

thanks a lot that really help and cured the problem (altho it took me changing my password to log back in here)anyway thats for the help ^_^
  • 0

#15
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
So resetting Chrome disabled all of your extensions. One of them was probably causing your problems. I'm thinking one of these:

CHR - Extension: greatSSaaver = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibgmiiampohmckfdmgedoepdphcgdao\2.7\
CHR - Extension: Best Save = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi\242\
CHR - Extension: No name found = C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbgicdakccadnageapnakmhggidkao\1.1\

If you want to play around and see which one it is you can navigate to chrome://extensions in your address bar in chrome and enable one at a time until you figure out which is the culprit. I will get back to you tomorrow with my final speech if you are free of symptoms now. We win :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP