Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Lots of pop ups and computer running slow!

Started by jp17315 , Apr 25 2014 09:35 PM

Please log in to reply

#16
zep516

Posted 28 April 2014 - 10:20 PM

Trusted Helper

Malware Removal
8,092 posts

Wow it's starting to look like a good OTL Log

Here's the fix for left overs.

We need to do a fix to delete some files using OTL

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/04/26 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2014/03/30 15:38:01 | 001,090,218 | ---- | C] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/28 20:47:53 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2014/04/25 19:07:53 | 000,001,162 | ---- | M] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/25 17:01:20 | 001,090,218 | ---- | M] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

In your next reply:

1- Post the fix log located here C:\_OTL\Moved Files or it may pop up in front of you.
2- Post the new OTL after quick scan.

Tell me what issues remain?

Thanks
Joe

#17
jp17315

Posted 29 April 2014 - 04:51 PM

Member

Topic Starter
Member
127 posts

Running alot better now Joe!! No pops up!

Heres the logs:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Prefs.js: "default-search.net" removed from browser.search.order.1
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\ProgramData\Strongvault Online Backup\Logs folder moved successfully.
C:\ProgramData\Strongvault Online Backup folder moved successfully.
C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe moved successfully.
C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job moved successfully.
C:\Users\jenktr\Desktop\Live PC Help.lnk moved successfully.
File C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jenktr\Downloads\cmd.bat deleted successfully.
C:\Users\jenktr\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jenktr
->Temp folder emptied: 1403595 bytes
->Temporary Internet Files folder emptied: 123071635 bytes
->FireFox cache emptied: 43829434 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 161.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04292014_152947

Files\Folders moved on Reboot...
C:\Users\jenktr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jenktr\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_JENKTR-PC$\1732 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 4/29/2014 3:32:23 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.39 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 73.95% Memory free
6.79 Gb Paging File | 5.84 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 400.72 Gb Free Space | 89.32% Space Free | Partition Type: NTFS

Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/25 19:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jenktr\Downloads\OTL.exe
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/09/23 21:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/06/30 01:09:46 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/11/10 00:30:00 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/06/29 08:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/04/29 13:41:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/01/27 18:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys -- ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 23:24:01 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 23:24:01 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 23:24:01 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/29 10:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 08:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 05:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 05:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/14 20:25:56 | 000,280,656 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: idmsq%40idmsq.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/11/05 10:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Extensions
[2014/04/26 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions
[2014/04/05 17:37:13 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2013/03/01 16:16:29 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/03/30 13:55:59 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/04/05 17:37:47 | 000,002,579 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml
[2014/04/26 17:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 23:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/26 17:29:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Wallet = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/04/27 07:01:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7C91D0-91FF-4815-A336-570C3EBB3890}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/28 20:50:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/04/28 20:50:13 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2014/04/27 17:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/27 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/27 06:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 18:14:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Malwarebytes
[2014/04/26 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/04/26 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 18:14:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/04/26 18:12:59 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:59:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 17:50:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 17:50:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 17:46:00 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/25 19:42:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/22 03:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/05 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\com
[2014/04/05 09:20:48 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\IsolatedStorage
[2014/03/30 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Google
[2014/03/30 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Real
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/30 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/03/30 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Real
[2014/03/30 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\cache
[2014/03/30 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Google
[2014/03/30 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/30 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

========== Files - Modified Within 30 Days ==========

[2014/04/29 15:31:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/29 15:30:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/29 15:30:48 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/29 14:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/29 14:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/29 13:45:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/29 13:45:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/27 17:41:11 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/27 07:01:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 18:14:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 18:13:08 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:51:46 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 17:46:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:44:56 | 001,329,501 | ---- | M] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/26 17:37:22 | 000,000,169 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/26 17:32:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/25 20:00:31 | 000,001,103 | ---- | M] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/21 14:15:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2014/04/27 17:41:11 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/26 18:14:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 17:44:50 | 001,329,501 | ---- | C] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/25 20:00:31 | 000,001,103 | ---- | C] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/03/30 15:38:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 15:38:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 14:04:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/03 09:36:07 | 000,000,088 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\WB.CFG
[2013/04/14 01:52:46 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/25 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Barnes & Noble
[2013/03/24 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2014/03/16 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\CompuClever
[2014/03/29 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2012/10/16 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\OEM
[2013/04/04 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\WildTangent
[2013/09/14 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

#18
zep516

Posted 29 April 2014 - 05:52 PM

Trusted Helper

Malware Removal
8,092 posts

Ok. No pop ups and that's a good sign. 2 More things to do, run an online scan called ESET. Then clean up all our tools.

This scan may take quite a while, it will also list things already quarantined.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

Thanks
Joe

#19
jp17315

Posted 29 April 2014 - 08:28 PM

Member

Topic Starter
Member
127 posts

Had to run it twice! The first time i forgot to take the monitor off of sleep mode! When i moved the mouse it stalled on me!

here is the log:

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir   a variant of Win32/AdWare.Adpeak.F application
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir   a variant of Win64/Adware.Adpeak.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir   Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir   a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir   Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll.vir   a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe.vir   Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll.vir   a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr.dll.vir   a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll.vir   a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemk.dll.vir   a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll.vir   a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\SystemkService.exe.vir   probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemku.exe.vir   a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe.vir   Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll.vir   a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll.vir   a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll.vir   a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll.vir   a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll.vir   a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir   Win64/Thinknice.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir   Win32/Thinknice.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir   Win64/Thinknice.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir   a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.31_0\extensionData\plugins\91.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.20_0\extensionData\plugins\91.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\00111B4D.exe.vir   a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Roaming\1H1Q\Acrobat Reader Packages\uninstaller.exe.vir   Win32/InstallCore.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Roaming\SupTab\SupTab.dll.vir   Win32/Thinknice.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Roaming\VOPackage\VOPackage.exe.vir   Win32/VOPackage.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jenktr\AppData\Roaming\VOPackage\VOsrv.exe.vir   a variant of Win32/VOPackage.D potentially unwanted application
C:\AI_RecycleBin\{1ED27DE2-7ABD-4AB3-B27D-0F5327D7337C}\4\Super Backup\SuperBackupApp.exe   a variant of MSIL/Adware.StrongVault.A application
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe   a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\ProgramData\comcastModemRelease\dtuser.exe   a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\temp\t.msi   Win32/AdWare.Adpeak.B application
C:\Users\All Users\comcastModemRelease\dtuser.exe   a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF10.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF11.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF12.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF13.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF14.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF15.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF16.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF17.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF18.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF19.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF2.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF20.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF21.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF22.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF23.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF24.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF25.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF26.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF27.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF4.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF5.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF6.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF7.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF8.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components\SystemKHlpFF9.dll   probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\jenktr\Downloads\AcrobatReaderSetup.exe   a variant of Win32/InstallCore.IK potentially unwanted application
C:\_OTL\MovedFiles\04292014_152947\C_Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe   Win32/AnyProtect.D potentially unwanted application

#20
zep516

Posted 29 April 2014 - 08:58 PM

Trusted Helper

Malware Removal
8,092 posts

Lets get rid of some of the ESET files found. Most have been quarantined, just a few left overs.

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
[2014/04/26 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions
[2014/04/05 17:37:13 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2013/03/01 16:16:29 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/03/30 13:55:59 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/04/05 17:37:47 | 000,002,579 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml


:Files
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites
C:\ProgramData\comcastModemRelease\dtuser.exe 
C:\temp\t.msi 
C:\Users\All Users\comcastModemRelease\dtuser.exe 
C:\Users\jenktr\Downloads\AcrobatReaderSetup.exe  

:Commands

[emptytemp]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

Thanks
Joe

#21
jp17315

Posted 02 May 2014 - 10:26 PM

Member

Topic Starter
Member
127 posts

Hey Joe sorry for the delay!

Here is the logs you requested:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\searchplugins folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\META-INF folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\defaults\preferences folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\defaults folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\chrome folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\content folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\components folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E} folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\chrome\content\modules folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected] folder moved successfully.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions folder moved successfully.
Folder C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}\ not found.
Folder C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\ not found.
Folder C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\ not found.
C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml moved successfully.
========== FILES ==========
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{E1EFF81F-E42D-4D52-8C56-3493C52D5641} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{D37C1D8F-C930-4005-BCD8-3715028461C0} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{C00D1E35-750C-4021-86E0-A088C6678DD9} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{B56633A3-7ADC-4CE5-A320-ACA0B65DA04B} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{A5D3B160-0EA1-4A57-8D82-C53A853AEB07} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{A4400125-0F4D-4B79-80B5-D85DADF61F7A} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{8D7309F4-C4B6-4408-8DA9-D3B0E7987822} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{88CDD09D-1B57-4BB4-A192-33BA0CBCB566} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{700CE99A-BF60-457F-9AFB-3CAA65A73D29} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{6BD3444F-03E6-4E21-BAD0-50E6A5820433} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{5CCCB5E2-D83C-42AD-B8BA-6C073D804247} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{4C6E12E5-5905-4aa5-B462-E7DFC4BD75E5} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{3D0986A7-2F13-4AD4-A35F-D167603DB43F} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{074EE22F-2485-4FED-83D1-AAC36C3D9ED0} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{046FDEE1-7615-4CE7-990D-19D4CC134D5F} folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\NDP30SP2-KB981107-x86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites folder moved successfully.
C:\ProgramData\comcastModemRelease\dtuser.exe moved successfully.
C:\temp\t.msi moved successfully.
File\Folder C:\Users\All Users\comcastModemRelease\dtuser.exe not found.
C:\Users\jenktr\Downloads\AcrobatReaderSetup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jenktr
->Temp folder emptied: 169483751 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 28928409 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67182 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05022014_212254

Files\Folders moved on Reboot...
C:\Users\jenktr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_JENKTR-PC$\1664 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ooops will post the new scan t reply - forgot to run it! LOL

#22
jp17315

Posted 02 May 2014 - 10:34 PM

Member

Topic Starter
Member
127 posts

here is the new OTL quick scan

OTL logfile created on: 5/2/2014 9:26:45 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.39 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 69.46% Memory free
6.79 Gb Paging File | 5.64 Gb Available in Paging File | 83.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 400.20 Gb Free Space | 89.20% Space Free | Partition Type: NTFS

Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/25 19:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jenktr\Downloads\OTL.exe
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/23 21:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/11/10 00:30:00 | 000,145,288 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2010/11/10 00:30:00 | 000,128,904 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2010/11/10 00:30:00 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/06/29 08:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/04/29 13:41:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/01/27 18:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys -- ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 23:24:01 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 23:24:01 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 23:24:01 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/29 10:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 08:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 05:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 05:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/14 20:25:56 | 000,280,656 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/11/05 10:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Extensions
[2014/04/26 17:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 23:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/26 17:29:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Wallet = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/04/27 07:01:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7C91D0-91FF-4815-A336-570C3EBB3890}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/28 20:50:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/04/28 20:50:13 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2014/04/27 17:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/27 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/27 06:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 18:14:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Malwarebytes
[2014/04/26 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/04/26 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 18:14:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/04/26 18:12:59 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:59:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 17:50:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 17:50:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 17:46:00 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/25 19:42:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/22 03:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/05 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\com
[2014/04/05 09:20:48 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\IsolatedStorage

========== Files - Modified Within 30 Days ==========

[2014/05/02 21:24:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 21:24:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/02 21:23:57 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/02 21:23:18 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 21:23:18 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/29 18:49:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/29 18:40:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/27 17:41:11 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/27 07:01:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 18:14:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 18:13:08 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:51:46 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 17:46:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:44:56 | 001,329,501 | ---- | M] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/26 17:37:22 | 000,000,169 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/26 17:32:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/25 20:00:31 | 000,001,103 | ---- | M] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/21 14:15:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2014/04/27 17:41:11 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/26 18:14:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 17:44:50 | 001,329,501 | ---- | C] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/25 20:00:31 | 000,001,103 | ---- | C] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/03/30 14:04:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/03 09:36:07 | 000,000,088 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\WB.CFG
[2013/04/14 01:52:46 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/25 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Barnes & Noble
[2013/03/24 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2014/03/16 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\CompuClever
[2014/03/29 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2012/10/16 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\OEM
[2013/04/04 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\WildTangent
[2013/09/14 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

Thanks Joe!

#23
zep516

Posted 03 May 2014 - 05:36 AM

Trusted Helper

Malware Removal
8,092 posts

Hello jp17315, You're welcome !

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.

OTL Clean-Up

Right click on the

icon on your desktop and choose Run as administrator to open the main window.

Next click on the

button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

Next

Double-click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
disc%20clean.JPG

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

That concludes the exercise.

Thanks
Joe