[saleenboy87146]

Hello,

This is the girl friend's computer. She said she had a virus.

It seems that she gets a lot of pop up ads and new tabs( redirects ) opening up almost every time you click on something.

I have run Malwarebytes, S&D and Microsoft Essentials. S&D found some stuff, but nothing has really changed.

Any help would be greatly appreciated, Thank you.

See below the OTL log:



OTL logfile created on: 2/3/2014 8:57:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Crystal\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.69% Memory free
4.00 Gb Paging File | 2.20 Gb Available in Paging File | 55.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 68.34 Gb Free Space | 73.43% Space Free | Partition Type: NTFS
Drive E: | 14.53 Gb Total Space | 13.29 Gb Free Space | 91.47% Space Free | Partition Type: FAT32

Computer Name: CRYSTAL-PC | User Name: Crystal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/03 20:44:39 | 001,211,672 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_2BADF.tmp\setup.exe
PRC - [2014/01/27 11:53:00 | 000,981,160 | ---- | M] () -- C:\Program Files\Google\Update\Install\{C0F13303-7662-48E4-AE66-160E527B004D}\32.0.1700.102_32.0.1700.76_chrome_updater.exe
PRC - [2014/01/11 04:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/04 12:16:16 | 000,556,544 | ---- | M] () -- C:\Users\Crystal\AppData\Local\GCC\Controller.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/09 19:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Crystal\Downloads\OTL.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 05:54:00 | 001,667,368 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2013/04/23 05:54:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2013/04/17 21:19:58 | 000,134,896 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/11 04:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 04:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 04:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 04:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/04 12:16:16 | 000,556,544 | ---- | M] () -- C:\Users\Crystal\AppData\Local\GCC\Controller.exe
MOD - [2013/08/13 06:15:50 | 000,206,336 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Temp\GC\Profiles\{47AD4B5E-12F8-4CD3-B2E6-515EADAE8DF5}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2013/04/23 05:54:00 | 000,084,480 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/12/11 11:26:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/26 02:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 05:54:00 | 001,667,368 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2013/04/23 05:54:00 | 001,664,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2013/04/23 05:54:00 | 000,280,640 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2013/04/11 14:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/27 13:11:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/23 05:54:00 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2013/04/23 05:54:00 | 000,019,712 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/29 14:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/09/06 09:49:06 | 000,020,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2012/07/23 10:11:44 | 000,129,384 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2012/03/07 09:56:22 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2009/10/09 01:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/12/01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/02/18 23:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2006/11/27 16:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D AD 57 CA 26 A4 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7AURU_enUS571
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/07/12 14:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...A8F988ED3&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Nature 1680x1050 = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coebdbneamkocmoheankmhfdihbcdbmg\1_0\
CHR - Extension: Google Search = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We-Care.com Reminder = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.36_0\
CHR - Extension: Google Wallet = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{136C5C74-A7FA-4A34-BAB6-ABE19FEFAD6A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75D1275C-C2BD-4F8E-ABFC-5990EA302EE2}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e018c6c-9fe4-11e2-b1ba-00197ef8398e}\Shell - "" = AutoRun
O33 - MountPoints2\{3e018c6c-9fe4-11e2-b1ba-00197ef8398e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/16 12:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[1 C:\Users\Crystal\AppData\Local\*.tmp files -> C:\Users\Crystal\AppData\Local\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/03 21:01:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/03 20:54:03 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 20:54:03 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 20:53:12 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/03 20:53:12 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/03 20:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/03 20:43:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/28 20:57:04 | 000,072,444 | ---- | M] () -- C:\Users\Crystal\Documents\memtest86+-4.20.iso.zip
[2014/01/28 20:28:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/28 20:27:18 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 18:32:44 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/16 15:29:38 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/16 07:20:07 | 000,288,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/12 20:56:21 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[1 C:\Users\Crystal\AppData\Local\*.tmp files -> C:\Users\Crystal\AppData\Local\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/05 09:08:29 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/07/27 14:23:55 | 000,000,056 | ---- | C] () -- C:\Users\Crystal\AppData\Roaming\WB.CFG
[2013/07/12 15:23:12 | 000,000,005 | ---- | C] () -- C:\Users\Crystal\AppData\Roaming\WBPU-TTL.DAT
[2013/05/21 21:30:24 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012/09/12 17:42:43 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2012/08/30 21:05:50 | 000,000,071 | ---- | C] () -- C:\Windows\ENX330.ini
[2012/08/30 16:10:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/08/27 13:04:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/29 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\CvgQuickConnect
[2014/01/03 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\DriverCure
[2013/07/12 14:23:34 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\DSite
[2012/08/31 04:19:24 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Epson
[2012/08/30 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Leadertech
[2014/01/03 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\ParetoLogic
[2013/05/21 21:23:56 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\PwrMgr
[2013/10/06 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Systweak
[2013/07/12 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Zip Opener Packages

========== Purity Check ==========



< End of report >

[Advertisements]

Disable Teatimer
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Don't forget to re-enable it, when your computer is clean.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.



Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[JSntgRvr]

Disable Teatimer
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Don't forget to re-enable it, when your computer is clean.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.



Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[saleenboy87146]

JRT log below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x86
Ran by Crystal on Tue 02/04/2014 at 16:07:28.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2324023964-604813284-227836963-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\dsite
Successfully deleted: [File] C:\Windows\Tasks\dsite.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Crystal\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Crystal\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Crystal\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Crystal\AppData\Roaming\zip opener packages"
Successfully deleted: [Folder] "C:\Users\Crystal\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Crystal\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at 16:09:57.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[saleenboy87146]

AdwCleaner log below:

# AdwCleaner v3.018 - Report created 04/02/2014 at 16:16:08
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Crystal - CRYSTAL-PC
# Running from : C:\Users\Crystal\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Crystal\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F79489-BA4C-4525-B6C5-8D58E0E36486}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53F79489-BA4C-4525-B6C5-8D58E0E36486}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{586AC247-1926-445F-8133-B75B605E0E13}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{586AC247-1926-445F-8133-B75B605E0E13}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E5F07CA-BE13-4331-AFCE-1ECED173AD23}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E5F07CA-BE13-4331-AFCE-1ECED173AD23}
Key Deleted : HKCU\Software\5bedc8ae03bbe15
Key Deleted : HKLM\SOFTWARE\5bedc8ae03bbe15
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [2705 octets] - [04/02/2014 16:13:41]
AdwCleaner[S0].txt - [2816 octets] - [04/02/2014 16:16:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2876 octets] ##########

[saleenboy87146]

FRST log below:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Crystal (administrator) on CRYSTAL-PC on 04-02-2014 16:22:05
Running from C:\Users\Crystal\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Users\Crystal\AppData\Local\GCC\Controller.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [338216 2013-02-12] (Lenovo.)
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4451624 2013-04-23] (Lenovo Group Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2324023964-604813284-227836963-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-07] (Google Inc.)
HKU\S-1-5-21-2324023964-604813284-227836963-1001\...\MountPoints2: {3e018c6c-9fe4-11e2-b1ba-00197ef8398e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\autorun.bat

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4DAD57CA26A4CE01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3308837&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0238CE7F-18C9-4439-B5E3-2FBA8F988ED3&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-19]
CHR Extension: (Nature 1680x1050) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coebdbneamkocmoheankmhfdihbcdbmg [2014-01-05]
CHR Extension: (Google Search) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-19]

========================== Services (Whitelisted) =================

R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664808 2013-04-23] (Lenovo Group Limited)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()

==================== Drivers (Whitelisted) ====================

R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2012-03-07] (Intel Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 16:22 - 2014-02-04 16:22 - 00010101 _____ () C:\Users\Crystal\Downloads\FRST.txt
2014-02-04 16:21 - 2014-02-04 16:22 - 00000000 ____D () C:\FRST
2014-02-04 16:21 - 2014-02-04 16:21 - 01137152 _____ (Farbar) C:\Users\Crystal\Downloads\FRST.exe
2014-02-04 16:12 - 2014-02-04 16:16 - 00000000 ____D () C:\AdwCleaner
2014-02-04 16:12 - 2014-02-04 16:12 - 01166132 _____ () C:\Users\Crystal\Downloads\AdwCleaner.exe
2014-02-04 16:09 - 2014-02-04 16:09 - 00003320 _____ () C:\Users\Crystal\Desktop\JRT.txt
2014-02-04 16:07 - 2014-02-04 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 16:06 - 2014-02-04 16:06 - 01037530 _____ (Thisisu) C:\Users\Crystal\Downloads\JRT.exe
2014-02-03 21:14 - 2014-02-03 21:15 - 00000000 ____D () C:\Users\Crystal\Desktop\Infection 2-03-2014
2014-02-03 21:06 - 2014-02-03 21:06 - 00031736 _____ () C:\Users\Crystal\Downloads\Extras.Txt
2014-02-03 21:04 - 2014-02-03 21:04 - 00050746 _____ () C:\Users\Crystal\Downloads\OTL.Txt
2014-02-03 20:55 - 2013-10-09 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\Crystal\Downloads\OTL.exe
2014-01-20 07:03 - 2014-01-20 07:04 - 00626384 _____ (Java) C:\Users\Crystal\Downloads\java.exe
2014-01-16 15:30 - 2014-01-16 15:31 - 00861600 _____ (AirInstaller ) C:\Users\Crystal\Downloads\hdplayer_setup.exe
2014-01-16 15:28 - 2014-01-16 15:29 - 11125072 _____ (Microsoft Corporation) C:\Users\Crystal\Downloads\mseinstall.exe
2014-01-16 14:42 - 2014-01-16 14:42 - 00402472 _____ (Amônétízé Ltd) C:\Users\Crystal\Downloads\FlashPlayersetup__3720_i269202470_il25.exe
2014-01-16 14:42 - 2014-01-16 14:42 - 00402472 _____ (Amônétízé Ltd) C:\Users\Crystal\Downloads\FlashPlayersetup__3720_i269202143_il25.exe
2014-01-16 12:41 - 2014-01-16 12:41 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 12:41 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 12:41 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 12:41 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 12:41 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-15 06:56 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:56 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:56 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:56 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:56 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:56 - 2013-11-26 19:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:56 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:56 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:56 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 06:50 - 2014-01-13 06:50 - 00460344 _____ () C:\Users\Crystal\Downloads\Setup.exe
2014-01-12 09:34 - 2014-01-12 09:35 - 00109192 _____ () C:\Users\Crystal\Downloads\Setup (2).exe
2014-01-10 23:43 - 2014-01-10 23:43 - 00109184 _____ () C:\Users\Crystal\Downloads\Setup (1).exe
2014-01-05 09:08 - 2014-01-12 20:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

2014-02-04 16:22 - 2014-02-04 16:22 - 00010101 _____ () C:\Users\Crystal\Downloads\FRST.txt
2014-02-04 16:22 - 2014-02-04 16:21 - 00000000 ____D () C:\FRST
2014-02-04 16:21 - 2014-02-04 16:21 - 01137152 _____ (Farbar) C:\Users\Crystal\Downloads\FRST.exe
2014-02-04 16:20 - 2012-08-27 13:09 - 01916222 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 16:17 - 2012-09-07 05:42 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 16:17 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 16:17 - 2009-07-13 22:39 - 00050521 _____ () C:\Windows\setupact.log
2014-02-04 16:16 - 2014-02-04 16:12 - 00000000 ____D () C:\AdwCleaner
2014-02-04 16:12 - 2014-02-04 16:12 - 01166132 _____ () C:\Users\Crystal\Downloads\AdwCleaner.exe
2014-02-04 16:10 - 2009-07-13 22:34 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 16:10 - 2009-07-13 22:34 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 16:09 - 2014-02-04 16:09 - 00003320 _____ () C:\Users\Crystal\Desktop\JRT.txt
2014-02-04 16:09 - 2010-11-20 15:01 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 16:07 - 2014-02-04 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 16:06 - 2014-02-04 16:06 - 01037530 _____ (Thisisu) C:\Users\Crystal\Downloads\JRT.exe
2014-02-04 16:00 - 2012-09-07 05:42 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 16:00 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-04 15:44 - 2012-09-07 05:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 05:22 - 2012-09-07 05:43 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 21:15 - 2014-02-03 21:14 - 00000000 ____D () C:\Users\Crystal\Desktop\Infection 2-03-2014
2014-02-03 21:06 - 2014-02-03 21:06 - 00031736 _____ () C:\Users\Crystal\Downloads\Extras.Txt
2014-02-03 21:04 - 2014-02-03 21:04 - 00050746 _____ () C:\Users\Crystal\Downloads\OTL.Txt
2014-01-28 20:57 - 2012-08-31 18:54 - 00072444 _____ () C:\Users\Crystal\Documents\memtest86+-4.20.iso.zip
2014-01-28 20:28 - 2012-08-30 11:04 - 00000000 ____D () C:\Users\Crystal
2014-01-27 21:54 - 2013-12-03 22:11 - 00000000 ____D () C:\Program Files\SpeedFan
2014-01-20 07:04 - 2014-01-20 07:03 - 00626384 _____ (Java) C:\Users\Crystal\Downloads\java.exe
2014-01-19 01:32 - 2012-08-27 12:55 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 17:15 - 2011-04-11 20:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 17:13 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-01-16 15:31 - 2014-01-16 15:30 - 00861600 _____ (AirInstaller ) C:\Users\Crystal\Downloads\hdplayer_setup.exe
2014-01-16 15:29 - 2014-01-16 15:28 - 11125072 _____ (Microsoft Corporation) C:\Users\Crystal\Downloads\mseinstall.exe
2014-01-16 15:29 - 2012-08-30 16:31 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-01-16 15:22 - 2012-08-27 11:47 - 00000000 ____D () C:\Users\tnr
2014-01-16 15:22 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-01-16 15:21 - 2013-08-14 06:17 - 00000000 ____D () C:\Program Files\Java
2014-01-16 15:21 - 2013-08-10 12:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-16 15:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration
2014-01-16 15:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2014-01-16 14:42 - 2014-01-16 14:42 - 00402472 _____ (Amônétízé Ltd) C:\Users\Crystal\Downloads\FlashPlayersetup__3720_i269202470_il25.exe
2014-01-16 14:42 - 2014-01-16 14:42 - 00402472 _____ (Amônétízé Ltd) C:\Users\Crystal\Downloads\FlashPlayersetup__3720_i269202143_il25.exe
2014-01-16 12:41 - 2014-01-16 12:41 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 07:20 - 2009-07-13 22:33 - 00288008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 07:17 - 2010-11-20 15:48 - 00143002 _____ () C:\Windows\PFRO.log
2014-01-16 07:05 - 2013-07-29 05:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 07:05 - 2009-07-13 20:04 - 00000499 _____ () C:\Windows\win.ini
2014-01-16 07:02 - 2012-08-27 12:59 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 06:48 - 2012-09-07 05:42 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Google
2014-01-13 06:50 - 2014-01-13 06:50 - 00460344 _____ () C:\Users\Crystal\Downloads\Setup.exe
2014-01-12 20:56 - 2014-01-05 09:08 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-01-12 20:55 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-01-12 09:35 - 2014-01-12 09:34 - 00109192 _____ () C:\Users\Crystal\Downloads\Setup (2).exe
2014-01-11 08:51 - 2009-07-13 22:53 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-10 23:43 - 2014-01-10 23:43 - 00109184 _____ () C:\Users\Crystal\Downloads\Setup (1).exe
2014-01-05 09:09 - 2012-10-08 20:30 - 00000000 ____D () C:\Users\Crystal\Desktop\Crystal Kantola_files
2014-01-05 09:08 - 2013-04-19 15:39 - 00000000 ____D () C:\Program Files\Lenovo

Some content of TEMP:
====================
C:\Users\Crystal\AppData\Local\Temp\BackupSetup.exe
C:\Users\Crystal\AppData\Local\Temp\GCSetup.exe
C:\Users\Crystal\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Crystal\AppData\Local\Temp\npxrkurymywgo.exe
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe
C:\Users\Crystal\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Crystal\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-04 05:37

==================== End Of Log ============================

[saleenboy87146]

Addition log below:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Crystal at 2014-02-04 16:22:55
Running from C:\Users\Crystal\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION
Epson Connect (Version: - )
Epson Customer Participation (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX330 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON Scan (Version: - Seiko Epson Corporation)
EpsonNet Print (Version: 2.4j - SEIKO EPSON CORPORATION)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Internet Explorer (Enable DEP) (Version: - )
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Lenovo Patch Utility (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo System Interface Driver (Version: 1.05 - )
Lenovo System Update (Version: 5.02.0011 - Lenovo)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Power Manager (Version: 6.54 - )
SaveTheChildren Reminder by We-Care.com v4.0.18.4 (Version: 4.0.18.4 - We-Care.com)
SpeedFan (remove only) (Version: - )
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
System Migration Assistant (Version: 6.00.0009 - Lenovo Group Limited.)
ThinkPad FullScreen Magnifier (Version: 2.40 - )
ThinkPad Modem (Version: 7.62.00 - )
ThinkPad Power Management Driver (Version: 1.43 - )
ThinkPad UltraNav Driver (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (Version: 1.77.0.11 - Lenovo)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Word Reader 6.24 (Version: - http://www.word-reader.com/)

==================== Restore Points =========================

20-01-2014 12:58:55 Windows Backup
20-01-2014 13:01:55 Windows Update
23-01-2014 02:32:33 Windows Update
23-01-2014 03:35:43 Windows Update
28-01-2014 02:39:52 Windows Update
28-01-2014 03:50:26 Windows Backup
29-01-2014 02:15:07 Windows Update
04-02-2014 03:02:11 Windows Backup
04-02-2014 03:10:06 Windows Update
04-02-2014 11:18:01 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {076DE60D-F44E-42B4-AA67-21F0A0E2D775} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2013-04-23] (Lenovo Group Limited)
Task: {1F9C81F8-034E-40A4-9277-6E77A946DE89} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3E34E42C-9BFD-4CB4-8A15-8F1ECEBB209D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-07] (Google Inc.)
Task: {558C927A-F716-4CD0-9AF8-C3FC8140FCAB} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {8B941911-950B-46C2-BD5A-13D4A1EB3824} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-07] (Google Inc.)
Task: {9A5D3415-323C-4369-A8DB-BB9C474F09F0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-17] (Synaptics Incorporated)
Task: {E450FFF4-66F7-45F2-8D02-0A2B44C412EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-21 20:21 - 2013-04-23 05:54 - 00084480 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2014-02-04 05:22 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 05:22 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 05:22 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2013-08-13 06:15 - 2013-08-13 06:15 - 00206336 _____ () C:\Users\Crystal\AppData\Local\Temp\GC\Profiles\{707625C2-42E4-4954-A7C3-23D87571DA2E}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2014-02-04 05:22 - 2014-02-01 17:42 - 13616456 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 04:17:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/04/2014 04:18:33 PM) (Source: DCOM) (User: Crystal-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Crystal-PCCrystalS-1-5-21-2324023964-604813284-227836963-1001LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (02/04/2014 04:17:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 73%
Total physical RAM: 2046.43 MB
Available physical RAM: 547.11 MB
Total Pagefile: 4092.86 MB
Available Pagefile: 2036.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:93.06 GB) (Free:69.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 93 GB) (Disk ID: 53303EC2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[JSntgRvr]

Download this file.

Save it in the same location FRST is. Run FRST and click on the Fix button and wait.

The tool will make a log (Fixlog.txt). Please post it to your reply.

[saleenboy87146]

Fixlog is below:


When I tried to remove coupon printer, it said that it had already been removed at an earlier time and asked if I wanted to remove it from thje program list. At any ragte, it is gone now.


Computer seems to be doing better. Not getting multiple windows opening up every time I click on something. Still getting a few pop up ads. Also the typing seems to have a little bit of a lag time.





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-02-2014
Ran by Crystal at 2014-02-04 21:11:47 Run:1
Running from C:\Users\Crystal\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-2324023964-604813284-227836963-1001\...\MountPoints2: {3e018c6c-9fe4-11e2-b1ba-00197ef8398e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\autorun.bat
SearchScopes: HKLM - DefaultScope value is missing.
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
C:\Users\Crystal\AppData\Local\Temp\BackupSetup.exe
C:\Users\Crystal\AppData\Local\Temp\GCSetup.exe
C:\Users\Crystal\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Crystal\AppData\Local\Temp\npxrkurymywgo.exe
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe
C:\Users\Crystal\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Crystal\AppData\Local\Temp\sfextra.dll
Task: {558C927A-F716-4CD0-9AF8-C3FC8140FCAB} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
End
*****************

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e018c6c-9fe4-11e2-b1ba-00197ef8398e} => Key not found.
HKCR\CLSID\{3e018c6c-9fe4-11e2-b1ba-00197ef8398e} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\GCSetup.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\npxrkurymywgo.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\sfextra.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{558C927A-F716-4CD0-9AF8-C3FC8140FCAB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{558C927A-F716-4CD0-9AF8-C3FC8140FCAB} => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => Key deleted successfully.

==== End of Fixlog ====

[saleenboy87146]

Another thing I just noticed, when I launch google, I get two tabs opening instead of just one.

[JSntgRvr]

• Launch and Update Malwarebytes' Anti-Malware.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[JSntgRvr]

You must refer to Google Chrome.

When Chrome is open, you should have a 3-bar symbol at the upper right. It lets you customize your Chrome. Click the bars, choose Settings from the menu. Then you will see some choices. Click "On Startup" and you get to tell it what you want to be your startup page... like google.com or your email page.

• Launch and Update Malwarebytes' Anti-Malware.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[saleenboy87146]

ESET Log below:

I didn't get the MBAM log. When I went back to the log tab and tried opening the log, it kept opening in something called "word reader" and just had the number "2" on the screen???



C:\FRST\Quarantine\GCSetup.exe04-02-2014_21-11-47 a variant of Win32/GigaClicks.AC potentially unwanted application
C:\FRST\Quarantine\npxrkurymywgo.exe04-02-2014_21-11-47 a variant of MSIL/DomaIQ.P potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector11.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector16.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector11.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector16.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector6.zip Win32/Bagle.gen.zip worm
C:\Users\Crystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUK2H6YQ\mypc[1].exe Win32/MyPCBackup.A potentially unwanted application
C:\Users\Crystal\AppData\Local\Temp\is-5AJ89.tmp\OptProCrash.dll a variant of Win32/SProtector.E potentially unwanted application

[saleenboy87146]

FYI: I have to take back the statement I made about not getting extra tabs opening up, still getting them along with pop up ads.

[JSntgRvr]

Download this file.

Save it in the same location FRST is. Run FRST and click on the Fix button and wait.

The tool will make a log (Fixlog.txt). Please post it to your reply.


Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• Install the Recovery Console if prompted.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

[saleenboy87146]

FRST fixlog attached below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-02-2014
Ran by Crystal at 2014-02-06 18:06:35 Run:2
Running from C:\Users\Crystal\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector11.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector16.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector11.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector16.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector6.zip
C:\Users\Crystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUK2H6YQ\mypc[1].exe
C:\Users\Crystal\AppData\Local\Temp\is-5AJ89.tmp
End
*****************

C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup4.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector11.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector16.zip => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector6.zip => Moved successfully.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup4.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector11.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector16.zip" => File/Directory not found.
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\SystweakAdvSysProtector6.zip" => File/Directory not found.
C:\Users\Crystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUK2H6YQ\mypc[1].exe => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\is-5AJ89.tmp => Moved successfully.

==== End of Fixlog ====