Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with computer.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help with computer.

Unread postby GeorgeGamer » February 26th, 2014, 3:09 pm

Here are the files you requested.


____________OTL quickscan________________


OTL logfile created on: 2/26/2014 1:59:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 47.57% Memory free
5.50 Gb Paging File | 3.71 Gb Available in Paging File | 67.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.79 Gb Total Space | 368.61 Gb Free Space | 80.87% Space Free | Partition Type: NTFS
Drive D: | 9.87 Gb Total Space | 1.48 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
Drive E: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRAT | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/23 13:09:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/19 12:13:01 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 18:12:52 | 000,083,232 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
PRC - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) -- C:\Program Files (x86)\PureLeads\plsapp.exe
PRC - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 08:36:02 | 000,337,432 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


========== Modules (No Company Name) ==========

MOD - [2014/02/20 16:01:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/20 15:52:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/20 15:51:07 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/20 15:50:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/20 15:50:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/20 15:50:36 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
MOD - [2014/02/20 15:50:35 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/20 15:50:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/20 15:50:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/20 15:49:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/20 15:49:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/20 15:49:45 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2009/09/29 18:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 18:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/26 03:06:59 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2014/02/20 15:56:39 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 20:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\plsapp.exe -- (plsapp)
SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/09 01:31:54 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/07/17 02:02:04 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/27 08:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/13 06:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5C AB E4 00 32 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{76798B12-AE0C-4108-8737-A53950CC1A1E}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =586383&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/19 12:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/19 12:13:38 | 000,000,000 | ---D | M]

[2013/04/16 20:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx? ... 7739819&q={searchTerms}&SSPV=
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://search.conduit.com/?ctid=CT33147 ... 9819&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Surf Canyon = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\5.2.2_0\
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4091BD3D-4A59-48F8-8FA7-C0E933889BDD}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/26 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Malwarebytes
[2014/02/26 09:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/26 09:31:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/26 09:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/26 09:30:02 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nathan\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/26 03:02:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/25 13:47:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:42:51 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Nathan\Desktop\JRT.exe
[2014/02/25 03:07:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/24 13:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/02/24 13:46:29 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\MoboGenie
[2014/02/24 13:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 11:23:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/24 11:17:00 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/24 11:10:10 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\VirtualStore
[2014/02/24 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/24 10:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/23 21:15:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\Games for Windows - LIVE Demos
[2014/02/23 21:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2014/02/23 21:08:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2014/02/23 21:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2014/02/23 21:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2014/02/23 13:09:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2014/02/23 13:02:12 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/02/22 12:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/02/21 20:51:05 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HP Support Assistant
[2014/02/21 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HpUpdate
[2014/02/20 06:07:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/20 04:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Apple Computer
[2014/02/20 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\dvd
[2014/02/20 01:28:09 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\DVD Flick
[2014/02/20 01:28:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\ImgBurn
[2014/02/19 21:57:51 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/19 21:57:49 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/02/19 21:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/02/19 21:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/02/19 21:55:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/02/19 21:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/02/19 21:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2014/02/19 21:39:29 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll
[2014/02/19 21:39:29 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx
[2014/02/19 21:39:29 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx
[2014/02/19 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[2014/02/19 21:11:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
[2014/02/19 21:11:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Vso
[2014/02/19 21:11:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\PcSetup
[2014/02/19 21:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2014/02/19 21:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2014/02/19 15:44:07 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/02/19 15:44:02 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/19 15:44:02 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/19 15:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2014/02/19 13:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/02/19 12:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/19 12:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/19 12:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/19 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\RealNetworks
[2014/02/19 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Real
[2014/02/19 12:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/02/19 12:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/02/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/02/19 12:13:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/02/19 12:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/02/19 12:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Real
[2014/02/19 12:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/19 12:11:54 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Google
[2014/02/19 12:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/19 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Nathan\.android
[2014/02/19 12:11:09 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\cache
[2014/02/19 12:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/02/19 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\genienext
[2014/02/19 12:10:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\MovieMode
[2014/02/19 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs
[2014/02/19 12:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/02/19 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Apple
[2014/02/19 11:23:12 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Macromedia
[2014/02/17 20:37:40 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
[2014/02/17 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Adobe
[2014/02/17 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\WildTangent
[2014/02/17 19:22:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2014/02/17 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Hewlett-Packard
[2014/02/17 19:22:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Hewlett-Packard
[2014/02/17 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Zemana
[2014/02/17 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\ID Vault
[2014/02/17 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Apple Computer
[2014/02/17 19:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/17 19:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Searches
[2014/02/17 19:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/17 19:21:51 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/17 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Identities
[2014/02/17 19:21:40 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Contacts
[2014/02/17 19:21:35 | 000,000,000 | --SD | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Videos
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Saved Games
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Pictures
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Music
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Links
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Favorites
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Downloads
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Documents
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Desktop
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\Temporary Internet Files
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Templates
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Start Menu
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\SendTo
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Recent
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\PrintHood
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\NetHood
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Videos
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Pictures
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Music
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\My Documents
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Local Settings
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\History
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Cookies
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Application Data
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\Application Data
[2014/02/17 19:21:35 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData
[2014/02/17 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Temp
[2014/02/17 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Microsoft
[2014/02/17 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/02/26 13:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/26 13:55:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/26 13:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/26 13:55:13 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/26 13:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/26 09:53:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/26 09:53:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/26 09:31:46 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 09:30:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nathan\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/26 03:07:00 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/26 03:06:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/26 03:01:45 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 03:01:45 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/26 03:01:45 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 03:01:32 | 000,774,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/26 01:01:49 | 000,000,032 | ---- | M] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
[2014/02/25 19:26:02 | 000,096,256 | ---- | M] () -- C:\Users\Nathan\Desktop\SystemLook_x64.exe
[2014/02/25 13:43:00 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Nathan\Desktop\JRT.exe
[2014/02/24 11:21:19 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 11:16:38 | 001,241,834 | ---- | M] () -- C:\Users\Nathan\Desktop\adwcleaner.exe
[2014/02/24 10:51:11 | 000,002,201 | ---- | M] () -- C:\Users\Nathan\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/23 13:09:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2014/02/23 13:07:17 | 001,414,034 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.scr
[2014/02/23 13:07:13 | 001,414,034 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.com
[2014/02/23 12:58:50 | 001,284,608 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.exe
[2014/02/23 10:12:58 | 000,140,300 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/22 12:27:26 | 000,001,937 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/21 13:09:35 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/20 15:35:04 | 000,330,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/19 21:55:08 | 000,001,831 | ---- | M] () -- C:\Users\Nathan\Desktop\ImgBurn.lnk
[2014/02/19 21:39:32 | 000,001,880 | ---- | M] () -- C:\Users\Nathan\Desktop\DVD Flick.lnk
[2014/02/19 21:11:30 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
[2014/02/19 21:11:30 | 000,007,859 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.cat
[2014/02/19 21:11:30 | 000,001,167 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.inf
[2014/02/19 21:11:27 | 000,001,186 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/19 16:24:06 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/02/19 16:15:10 | 000,002,245 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 13:34:30 | 000,000,856 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/02/19 13:32:02 | 000,002,430 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/02/19 13:31:15 | 000,002,660 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - wildgames.lnk
[2014/02/19 12:13:42 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2014/02/19 12:13:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/02/19 11:17:42 | 000,001,403 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/17 18:33:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLeigh.job
[2014/02/17 18:32:33 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2014/02/10 18:32:54 | 001,152,656 | ---- | M] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll

========== Files Created - No Company Name ==========

[2014/02/26 09:31:46 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 03:07:00 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/26 03:06:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/25 19:26:01 | 000,096,256 | ---- | C] () -- C:\Users\Nathan\Desktop\SystemLook_x64.exe
[2014/02/24 11:21:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 11:16:32 | 001,241,834 | ---- | C] () -- C:\Users\Nathan\Desktop\adwcleaner.exe
[2014/02/24 10:51:11 | 000,002,201 | ---- | C] () -- C:\Users\Nathan\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/23 12:58:33 | 001,284,608 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.exe
[2014/02/23 10:12:58 | 000,140,300 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/19 21:55:08 | 000,001,861 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2014/02/19 21:55:08 | 000,001,831 | ---- | C] () -- C:\Users\Nathan\Desktop\ImgBurn.lnk
[2014/02/19 21:39:32 | 000,001,880 | ---- | C] () -- C:\Users\Nathan\Desktop\DVD Flick.lnk
[2014/02/19 21:11:30 | 000,007,859 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.cat
[2014/02/19 21:11:30 | 000,001,167 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.inf
[2014/02/19 21:11:27 | 000,001,186 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/19 13:34:30 | 000,000,856 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/02/19 13:32:01 | 000,002,430 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/02/19 13:31:14 | 000,002,660 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - wildgames.lnk
[2014/02/19 12:25:20 | 000,000,032 | ---- | C] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
[2014/02/19 12:24:41 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/19 12:13:42 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2014/02/19 12:12:33 | 000,002,245 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 12:12:33 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/19 12:12:02 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/19 12:12:00 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 11:17:42 | 000,001,403 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/17 19:21:52 | 000,001,419 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/17 19:21:35 | 000,000,290 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/02/17 19:21:35 | 000,000,272 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/02/17 18:32:33 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2014/02/17 08:23:48 | 001,414,034 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.scr
[2014/02/17 08:23:48 | 001,414,034 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.com
[2014/02/10 18:32:54 | 001,152,656 | ---- | C] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
[2013/09/02 01:32:19 | 000,000,023 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2010/10/08 17:56:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/17 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2014/02/17 19:21:59 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ID Vault
[2014/02/20 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ImgBurn
[2014/02/19 21:11:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Vso
[2014/02/19 13:31:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >



___________otl fix____________



All processes killed
========== FILES ==========
C:\ProgramData\MovieMode\MovieMode.exe moved successfully.
C:\ProgramData\MovieMode\MovieModeService.exe moved successfully.
File\Folder C:\Users\All Users\MovieMode\MovieMode.exe not found.
File\Folder C:\Users\All Users\MovieMode\MovieModeService.exe not found.
C:\Users\Leigh\Downloads\ccsetup316.exe moved successfully.
File\Folder C:\Users\Leigh\Downloads\YontooClientSetup.exe multiple threats not found.
C:\Users\Leigh\Downloads\backups\backup-20130416-221336-268.dll moved successfully.
C:\Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481 (1).exe moved successfully.
C:\Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481 (2).exe moved successfully.
C:\Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481.exe moved successfully.
C:\Users\Nathan\Downloads\FirefoxSetup.exe moved successfully.
C:\Users\Nathan\Downloads\zafwSetupWeb_120_121_000.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nathan\Desktop\cmd.bat deleted successfully.
C:\Users\Nathan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Leigh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nathan
->Temp folder emptied: 371403 bytes
->Temporary Internet Files folder emptied: 416157 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 296871256 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61205 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 27335 bytes

Total Files Cleaned = 284.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02262014_135348

Files\Folders moved on Reboot...
C:\Users\Nathan\AppData\Local\Temp\is1242154493\1797714_stp.EXE moved successfully.
C:\Users\Nathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\plsapp.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
GeorgeGamer
Active Member
 
Posts: 12
Joined: February 21st, 2014, 2:39 pm
Advertisement
Register to Remove

Re: Need help with computer.

Unread postby Cypher » February 27th, 2014, 6:27 am

Hi,
Your logs look much better but we need to run one more fix.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :otl
    CHR - default_search_provider: Conduit Search (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx? ... 7739819&q= {searchTerms}&SSPV=
    CHR - homepage: http://search.conduit.com/?ctid=CT33147 ... 9819&SSPV=
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with computer.

Unread postby GeorgeGamer » February 27th, 2014, 10:27 am

here is as you requested. Is my computer pretty bad? I just hope we are making progress.



___________otl fix_________________

All processes killed
========== FILES ==========
File\Folder C:\ProgramData\MovieMode\MovieMode.exe not found.
File\Folder C:\ProgramData\MovieMode\MovieModeService.exe not found.
File\Folder C:\Users\All Users\MovieMode\MovieMode.exe not found.
File\Folder C:\Users\All Users\MovieMode\MovieModeService.exe not found.
File\Folder C:\Users\Leigh\Downloads\ccsetup316.exe not found.
File\Folder C:\Users\Leigh\Downloads\YontooClientSetup.exe multiple threats not found.
File\Folder C:\Users\Leigh\Downloads\backups\backup-20130416-221336-268.dll not found.
File\Folder C:\Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481 (1).exe not found.
File\Folder C:\Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481 (2).exe not found.
File\Folder C:\Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481.exe not found.
File\Folder C:\Users\Nathan\Downloads\FirefoxSetup.exe not found.
File\Folder C:\Users\Nathan\Downloads\zafwSetupWeb_120_121_000.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nathan\Desktop\cmd.bat deleted successfully.
C:\Users\Nathan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Leigh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nathan
->Temp folder emptied: 13566021 bytes
->Temporary Internet Files folder emptied: 4308354 bytes
->Java cache emptied: 6002050 bytes
->Google Chrome cache emptied: 392152934 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65148 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 397.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272014_090938

Files\Folders moved on Reboot...
C:\Users\Nathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\plsapp.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



_______otl quickscan____________


OTL logfile created on: 2/27/2014 9:16:47 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.45% Memory free
5.50 Gb Paging File | 3.82 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.79 Gb Total Space | 367.95 Gb Free Space | 80.73% Space Free | Partition Type: NTFS
Drive D: | 9.87 Gb Total Space | 1.48 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
Drive E: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRAT | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 10:57:00 | 004,539,680 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/02/24 10:57:00 | 002,982,688 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/02/24 10:57:00 | 002,363,168 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/02/23 13:09:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/19 12:13:01 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/01/28 16:13:54 | 000,418,808 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2014/01/28 16:13:52 | 001,177,592 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 18:12:52 | 000,083,232 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
PRC - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) -- C:\Program Files (x86)\PureLeads\plsapp.exe
PRC - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013/12/18 16:47:02 | 000,486,264 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/12/18 16:47:02 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/12/18 16:47:02 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/12/18 16:47:02 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 08:36:02 | 000,337,432 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


========== Modules (No Company Name) ==========

MOD - [2014/02/26 15:52:48 | 002,961,368 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
MOD - [2014/02/20 16:01:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/20 15:52:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/20 15:51:07 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/20 15:50:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/20 15:50:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/20 15:50:36 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
MOD - [2014/02/20 15:50:35 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/20 15:50:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/20 15:50:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/20 15:49:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/20 15:49:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/20 15:49:45 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2009/09/29 18:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 18:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2014/02/24 10:57:00 | 002,363,168 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/02/20 15:56:39 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 20:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\plsapp.exe -- (plsapp)
SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Start_Pending] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2014/01/14 20:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/09 01:31:54 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/07/17 02:02:04 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/27 08:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/13 06:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33237 ... 021A&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5C AB E4 00 32 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... 879021A&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{76798B12-AE0C-4108-8737-A53950CC1A1E}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =586383&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/19 12:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/19 12:13:38 | 000,000,000 | ---D | M]

[2014/02/26 15:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\extensions
[2014/02/26 15:52:25 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
[2013/04/16 20:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx? ... 879021A&q=%s&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms},
CHR - homepage: http://search.conduit.com/?ctid=CT33147 ... 021A&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Surf Canyon = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\5.2.2_0\
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Websteroids = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\
CHR - Extension: Google Wallet = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4091BD3D-4A59-48F8-8FA7-C0E933889BDD}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/26 18:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/26 16:05:26 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/02/26 16:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/02/26 16:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014/02/26 16:00:54 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\WinRAR
[2014/02/26 15:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/02/26 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\Optimizer Pro
[2014/02/26 15:53:00 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Optimizer Pro
[2014/02/26 15:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/02/26 15:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/02/26 15:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014/02/26 15:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2014/02/26 15:52:25 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Mozilla
[2014/02/26 15:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2014/02/26 15:52:12 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\SearchProtect
[2014/02/26 15:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/26 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2014/02/26 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Malwarebytes
[2014/02/26 09:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/26 09:31:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/26 09:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/26 09:30:02 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nathan\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/25 13:47:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:42:51 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Nathan\Desktop\JRT.exe
[2014/02/25 03:07:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/24 13:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/02/24 13:46:29 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\MoboGenie
[2014/02/24 13:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 11:23:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/24 11:17:00 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/24 11:10:10 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\VirtualStore
[2014/02/24 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/24 10:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/23 21:15:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\Games for Windows - LIVE Demos
[2014/02/23 21:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2014/02/23 21:08:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2014/02/23 21:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2014/02/23 21:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2014/02/23 13:09:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2014/02/23 13:02:12 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/02/22 12:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/02/21 20:51:05 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HP Support Assistant
[2014/02/21 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HpUpdate
[2014/02/20 06:07:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/20 04:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Apple Computer
[2014/02/20 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\dvd
[2014/02/20 01:28:09 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\DVD Flick
[2014/02/20 01:28:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\ImgBurn
[2014/02/19 21:57:51 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/19 21:57:49 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/02/19 21:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/02/19 21:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/02/19 21:55:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/02/19 21:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/02/19 21:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2014/02/19 21:39:29 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll
[2014/02/19 21:39:29 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx
[2014/02/19 21:39:29 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx
[2014/02/19 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[2014/02/19 21:11:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
[2014/02/19 21:11:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Vso
[2014/02/19 21:11:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\PcSetup
[2014/02/19 21:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2014/02/19 21:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2014/02/19 15:44:07 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/02/19 15:44:02 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/19 15:44:02 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/19 15:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2014/02/19 13:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/02/19 12:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/19 12:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/19 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\RealNetworks
[2014/02/19 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Real
[2014/02/19 12:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/02/19 12:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/02/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/02/19 12:13:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/02/19 12:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/02/19 12:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Real
[2014/02/19 12:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/19 12:11:54 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Google
[2014/02/19 12:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/19 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Nathan\.android
[2014/02/19 12:11:09 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\cache
[2014/02/19 12:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/02/19 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\genienext
[2014/02/19 12:10:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\MovieMode
[2014/02/19 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs
[2014/02/19 12:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/02/19 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Apple
[2014/02/19 11:23:12 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Macromedia
[2014/02/17 20:37:40 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
[2014/02/17 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Adobe
[2014/02/17 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\WildTangent
[2014/02/17 19:22:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2014/02/17 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Hewlett-Packard
[2014/02/17 19:22:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Hewlett-Packard
[2014/02/17 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Zemana
[2014/02/17 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\ID Vault
[2014/02/17 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Apple Computer
[2014/02/17 19:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/17 19:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Searches
[2014/02/17 19:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/17 19:21:51 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/17 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Identities
[2014/02/17 19:21:40 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Contacts
[2014/02/17 19:21:35 | 000,000,000 | --SD | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Videos
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Saved Games
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Pictures
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Music
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Links
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Favorites
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Downloads
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Documents
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Desktop
[2014/02/17 19:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\Temporary Internet Files
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Templates
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Start Menu
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\SendTo
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Recent
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\PrintHood
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\NetHood
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Videos
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Pictures
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Music
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\My Documents
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Local Settings
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\History
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Cookies
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Application Data
[2014/02/17 19:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\Application Data
[2014/02/17 19:21:35 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData
[2014/02/17 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Temp
[2014/02/17 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Microsoft
[2014/02/17 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/02/27 09:13:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/27 09:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/27 09:12:49 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/27 08:56:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/27 08:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/27 03:37:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 03:37:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 01:05:04 | 000,000,032 | ---- | M] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
[2014/02/26 16:13:40 | 000,002,430 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/02/26 16:05:26 | 000,000,999 | ---- | M] () -- C:\Users\Nathan\Desktop\WinRAR.lnk
[2014/02/26 15:52:47 | 000,001,028 | ---- | M] () -- C:\Users\Nathan\Desktop\Optimizer Pro.lnk
[2014/02/26 09:31:46 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 09:30:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nathan\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/26 03:07:00 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/26 03:06:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/26 03:01:45 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 03:01:45 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/26 03:01:45 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 03:01:32 | 000,774,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/25 19:26:02 | 000,096,256 | ---- | M] () -- C:\Users\Nathan\Desktop\SystemLook_x64.exe
[2014/02/25 13:43:00 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Nathan\Desktop\JRT.exe
[2014/02/24 11:21:19 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 11:16:38 | 001,241,834 | ---- | M] () -- C:\Users\Nathan\Desktop\adwcleaner.exe
[2014/02/24 10:51:11 | 000,002,201 | ---- | M] () -- C:\Users\Nathan\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/23 13:09:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2014/02/23 13:07:17 | 001,414,034 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.scr
[2014/02/23 13:07:13 | 001,414,034 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.com
[2014/02/23 12:58:50 | 001,284,608 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.exe
[2014/02/23 10:12:58 | 000,140,300 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/22 12:27:26 | 000,001,937 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/21 13:09:35 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/20 15:35:04 | 000,330,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/19 21:55:08 | 000,001,831 | ---- | M] () -- C:\Users\Nathan\Desktop\ImgBurn.lnk
[2014/02/19 21:39:32 | 000,001,880 | ---- | M] () -- C:\Users\Nathan\Desktop\DVD Flick.lnk
[2014/02/19 21:11:30 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
[2014/02/19 21:11:30 | 000,007,859 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.cat
[2014/02/19 21:11:30 | 000,001,167 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.inf
[2014/02/19 21:11:27 | 000,001,186 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/19 16:24:06 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/02/19 16:15:10 | 000,002,245 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 13:34:30 | 000,000,856 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/02/19 13:31:15 | 000,002,660 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - wildgames.lnk
[2014/02/19 12:13:42 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2014/02/19 12:13:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/02/19 11:17:42 | 000,001,403 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/17 18:33:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLeigh.job
[2014/02/17 18:32:33 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2014/02/10 18:32:54 | 001,152,656 | ---- | M] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll

========== Files Created - No Company Name ==========

[2014/02/26 16:18:55 | 009,680,896 | ---- | C] () -- C:\Users\Nathan\Desktop\Fate-WT.exe
[2014/02/26 16:18:55 | 000,001,195 | ---- | C] () -- C:\Users\Nathan\Desktop\Kindly.nfo
[2014/02/26 16:05:26 | 000,000,999 | ---- | C] () -- C:\Users\Nathan\Desktop\WinRAR.lnk
[2014/02/26 15:52:47 | 000,001,028 | ---- | C] () -- C:\Users\Nathan\Desktop\Optimizer Pro.lnk
[2014/02/26 09:31:46 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 03:07:00 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/26 03:06:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/25 19:26:01 | 000,096,256 | ---- | C] () -- C:\Users\Nathan\Desktop\SystemLook_x64.exe
[2014/02/24 11:21:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 11:16:32 | 001,241,834 | ---- | C] () -- C:\Users\Nathan\Desktop\adwcleaner.exe
[2014/02/24 10:51:11 | 000,002,201 | ---- | C] () -- C:\Users\Nathan\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/23 12:58:33 | 001,284,608 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.exe
[2014/02/23 10:12:58 | 000,140,300 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/19 21:55:08 | 000,001,861 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2014/02/19 21:55:08 | 000,001,831 | ---- | C] () -- C:\Users\Nathan\Desktop\ImgBurn.lnk
[2014/02/19 21:39:32 | 000,001,880 | ---- | C] () -- C:\Users\Nathan\Desktop\DVD Flick.lnk
[2014/02/19 21:11:30 | 000,007,859 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.cat
[2014/02/19 21:11:30 | 000,001,167 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.inf
[2014/02/19 21:11:27 | 000,001,186 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/19 13:34:30 | 000,000,856 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/02/19 13:32:01 | 000,002,430 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/02/19 13:31:14 | 000,002,660 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - wildgames.lnk
[2014/02/19 12:25:20 | 000,000,032 | ---- | C] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
[2014/02/19 12:24:41 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/19 12:13:42 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2014/02/19 12:12:33 | 000,002,245 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 12:12:33 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/19 12:12:02 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/19 12:12:00 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 11:17:42 | 000,001,403 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/17 19:21:52 | 000,001,419 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/17 19:21:35 | 000,000,290 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/02/17 19:21:35 | 000,000,272 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/02/17 18:32:33 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2014/02/17 08:23:48 | 001,414,034 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.scr
[2014/02/17 08:23:48 | 001,414,034 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.com
[2014/02/10 18:32:54 | 001,152,656 | ---- | C] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
[2013/09/02 01:32:19 | 000,000,023 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2010/10/08 17:56:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/17 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2014/02/17 19:21:59 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ID Vault
[2014/02/20 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ImgBurn
[2014/02/26 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Optimizer Pro
[2014/02/19 21:11:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Vso
[2014/02/19 13:31:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
GeorgeGamer
Active Member
 
Posts: 12
Joined: February 21st, 2014, 2:39 pm

Re: Need help with computer.

Unread postby Cypher » February 27th, 2014, 11:29 am

Hi,
Is my computer pretty bad? I just hope we are making progress.

We were making progress, but for some reason malware we removed is back on your computer.

Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :otl
    PRC - [2014/02/24 10:57:00 | 004,539,680 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
    PRC - [2014/02/24 10:57:00 | 002,982,688 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
    PRC - [2014/02/24 10:57:00 | 002,363,168 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
    SRV - [2014/02/24 10:57:00 | 002,363,168 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33237 ... 021A&SSPV=
    IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... 879021A&q= {searchTerms}&SSPV=
    CHR - default_search_provider: Conduit Search (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx? ... 879021A&q= %s&SSPV=
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSugg ... hx?prefix= {searchTerms},
    CHR - homepage: http://search.conduit.com/?ctid=CT33147 ... 021A&SSPV=
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
    O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
    [2014/02/26 15:52:12 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\SearchProtect
    [2014/02/26 15:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
    
    :files
    C:\Program Files (x86)\SearchProtect
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with computer.

Unread postby GeorgeGamer » February 27th, 2014, 4:20 pm

yes pc optimizer pro i have had problems with it before. It's a rogue virus is it not??


All processes killed
========== OTL ==========
No active process named cltmng.exe was found!
No active process named cltmngui.exe was found!
Process CltMngSvc.exe killed successfully!
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll deleted successfully.
c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll moved successfully.
C:\Users\Nathan\AppData\Local\SearchProtect\SearchProtect\STG folder moved successfully.
C:\Users\Nathan\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Nathan\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\Nathan\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect folder moved successfully.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\SearchProtect\UI\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\Logs folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nathan\Desktop\cmd.bat deleted successfully.
C:\Users\Nathan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Leigh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nathan
->Temp folder emptied: 65057 bytes
->Temporary Internet Files folder emptied: 416072 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 280859154 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62779 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 268.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272014_151109

Files\Folders moved on Reboot...
C:\Users\Nathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\plsapp.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
GeorgeGamer
Active Member
 
Posts: 12
Joined: February 21st, 2014, 2:39 pm

Re: Need help with computer.

Unread postby Cypher » February 28th, 2014, 6:45 am

Hi,
yes pc optimizer pro i have had problems with it before. It's a rogue virus is it not??

Yes it is a rogue, we removed it and now it's back.
Apart from the tools we have used, have you downloaded and installed any other software in the last few days?
Ok i need you to rerun some scans, then post the resulting logs.

  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Junkware Removal Tool

  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • If you have trouble running this tool, try running it in safe mode.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, one Notepad file will open.
    • OTL.txt <-- Will be opened
  • Please post the contents of this Notepad file in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • JRT.txt
  • OTL log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with computer.

Unread postby GeorgeGamer » February 28th, 2014, 2:21 pm

um sorry for the inconvenience but when i went to run adwcleaner it said it needs to be updated and then removed it from my desktop and took me to some webpage but i cant figure out what to do. And as for downloading anything, i have not downloaded anything, but i am not the only one who plays on this computer, my sister as well as my girlfriend and mother go on here too. i have informed them not to download anything while i am trying to get it fixed.

I need help updated adwcleaner so i can use it.
GeorgeGamer
Active Member
 
Posts: 12
Joined: February 21st, 2014, 2:39 pm

Re: Need help with computer.

Unread postby Cypher » March 1st, 2014, 6:43 am

Hi,
Just download a fresh version of AdwCleaner from Here
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with computer.

Unread postby Cypher » March 4th, 2014, 5:46 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware