Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fairly sure coputer is infected. Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 23rd, 2014, 4:41 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Drathanis on Wed 04/23/2014 at 7:39:28.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldates
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-youcam_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-youcam_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-youcam_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-youcam_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Drathanis\AppData\Roaming\mozilla\firefox\profiles\w6ms07uj.default\prefs.js

user_pref("browser.bdtoolbar.search_searchbar", false);
Emptied folder: C:\Users\Drathanis\AppData\Roaming\mozilla\firefox\profiles\w6ms07uj.default\minidumps [423 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/23/2014 at 7:45:11.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.201 - Report created 23/04/2014 at 16:48:04
# Updated 22/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Drathanis - DRATHANIS-PC
# Running from : C:\Users\Drathanis\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Drathanis\AppData\Roaming\Mozilla\Firefox\Profiles\w6ms07uj.default\prefs.js ]

Line Deleted : user_pref("CT1561552.installerVersion", "1.3.7.3");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Drathanis\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://websearch.homesearchapp.info/?unqvl=17

*************************

AdwCleaner[R0].txt - [2673 octets] - [23/04/2014 16:47:09]
AdwCleaner[S0].txt - [2499 octets] - [23/04/2014 16:48:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2559 octets] ##########


SystemLook 30.07.11 by jpshortstuff
Log created at 16:52 on 23/04/2014 by Drathanis
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*ContentSAFER*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Babylon.Civ5Pkg --a---- 2261 bytes [02:44 13/07/2013] [02:44 13/07/2013] FD274854CE0CB75B692616553B516561
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Buildings_Babylon.xml --a---- 2083 bytes [02:44 13/07/2013] [02:44 13/07/2013] 8914E5FCA53AF9F02D0D93E7E1161EFD
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Civilization_Babylon.xml --a---- 11430 bytes [02:44 13/07/2013] [02:44 13/07/2013] 6EEE2EEC075CDF690411C2FF55002A3C
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Traits_Babylon.xml --a---- 551 bytes [02:44 13/07/2013] [02:44 13/07/2013] CF48A87E12528E1953D0A39C3454FD9A
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Units_Babylon.xml --a---- 3902 bytes [02:44 13/07/2013] [02:44 13/07/2013] 8039E1DDC2B3EEB84CD4A3C3AE0F47AA
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\Civ5CivlopediaDLC_Babylon.xml --a---- 20106 bytes [02:44 13/07/2013] [02:44 13/07/2013] 83572AB0420B17E878752A4C17F22BF3
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Babylon.xml --a---- 1801 bytes [02:44 13/07/2013] [02:44 13/07/2013] 4553C8F4F985218D1FE1A9B52AD6F710
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 321 bytes [02:44 13/07/2013] [02:44 13/07/2013] 08620D61D2296EA79F8168E24CFBCCB2
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 613 bytes [02:44 13/07/2013] [02:44 13/07/2013] C5BD763881A8169E175FE6C32CB6E50B
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Units_Babylon.xml --a---- 310 bytes [02:44 13/07/2013] [02:44 13/07/2013] 950D1EB917B36879E455E722E29F14A2
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameText_Cities_Babylon.xml --a---- 3489 bytes [02:44 13/07/2013] [02:44 13/07/2013] E2F86FD46188369278C7394973CB02D0
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\Civ5CivlopediaDLC_Babylon.xml --a---- 18037 bytes [02:44 13/07/2013] [02:44 13/07/2013] 8988EA31321F68AB94F539FFB1A3162E
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Babylon.xml --a---- 1572 bytes [02:44 13/07/2013] [02:44 13/07/2013] A691B3691EE7221170E223A815A6E0C7
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 441 bytes [02:44 13/07/2013] [02:44 13/07/2013] 154D406BB526F369B03AC53FFEE36233
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 447 bytes [02:44 13/07/2013] [02:44 13/07/2013] 5D04F84D479E5EEF09FF78522392A60F
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Units_Babylon.xml --a---- 393 bytes [02:44 13/07/2013] [02:44 13/07/2013] 8B011A5EFE739EF5248A9F47468658FD
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameText_Cities_Babylon.xml --a---- 3313 bytes [02:44 13/07/2013] [02:44 13/07/2013] 99EF73694DABD15E8096C2DE499C35A3
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\Civ5CivlopediaDLC_Babylon.xml --a---- 19999 bytes [02:44 13/07/2013] [02:44 13/07/2013] 54574BCE396E61B09E8A773B9653A1E9
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Babylon.xml --a---- 1802 bytes [02:44 13/07/2013] [02:44 13/07/2013] 727C591A7538E70DBC4322BA0B580D0D
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 422 bytes [02:44 13/07/2013] [02:44 13/07/2013] 53A5D7221B6945065251582BD6F886EA
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 748 bytes [02:44 13/07/2013] [02:44 13/07/2013] 0123A22A00BF8957E6C33CE51C450B23
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Units_Babylon.xml --a---- 365 bytes [02:44 13/07/2013] [02:44 13/07/2013] 0FB68CCC502FD9156E51598BF33332AC
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameText_Cities_Babylon.xml --a---- 6092 bytes [02:44 13/07/2013] [02:44 13/07/2013] C95953645B2B5D7E26E23681ED27BE8A
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\Civ5CivlopediaDLC_Babylon.xml --a---- 20396 bytes [02:44 13/07/2013] [02:44 13/07/2013] 2434FDAE080ED0A299DAFD633E81D816
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Babylon.xml --a---- 1818 bytes [02:44 13/07/2013] [02:44 13/07/2013] F7AF30850979376A387D1E6DF76BF51B
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 385 bytes [02:44 13/07/2013] [02:44 13/07/2013] C01EA5F024C17EE07945FF651BF01DAF
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 772 bytes [02:44 13/07/2013] [02:44 13/07/2013] A738A98EC0EB35585A87B50409DA3F01
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Units_Babylon.xml --a---- 403 bytes [02:44 13/07/2013] [02:44 13/07/2013] 7B17121788BC65223379968320B0B38A
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameText_Cities_Babylon.xml --a---- 6233 bytes [02:44 13/07/2013] [02:44 13/07/2013] 6575C982DDC0603D56319ABA9FC962E4
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\Civ5CivlopediaDLC_Babylon.xml --a---- 19669 bytes [02:44 13/07/2013] [02:44 13/07/2013] CE849561F06BF20E4CFA65643EBE7602
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Babylon.xml --a---- 1782 bytes [02:44 13/07/2013] [02:44 13/07/2013] 2E189DD669BE4B222A0CB683535B2B2B
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 421 bytes [02:44 13/07/2013] [02:44 13/07/2013] 62081941637917BBB1ECFEF695BBFE19
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 798 bytes [02:44 13/07/2013] [02:44 13/07/2013] 814501A0DCA764B4ACB82D588EB55009
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Units_Babylon.xml --a---- 502 bytes [02:44 13/07/2013] [02:44 13/07/2013] F34520B1F843ACBC728BE6BAE6978B5D
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameText_Cities_Babylon.xml --a---- 6095 bytes [02:44 13/07/2013] [02:44 13/07/2013] 573DAB91A2D59BADA04C1B228FB33AAB
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\Civ5CivlopediaDLC_Babylon.xml --a---- 22640 bytes [02:44 13/07/2013] [02:44 13/07/2013] EED30A5FCFE4D6131DCD9715B4E7C10C
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Babylon.xml --a---- 2076 bytes [02:44 13/07/2013] [02:44 13/07/2013] 541B2179E1BF8B8BB82C6E9576AE6320
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 324 bytes [02:44 13/07/2013] [02:44 13/07/2013] F8AA6A68FF984CA253E90C6769956E87
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 504 bytes [02:44 13/07/2013] [02:44 13/07/2013] 7D726EF5119184B59E3A5B46087A6C57
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Units_Babylon.xml --a---- 313 bytes [02:44 13/07/2013] [02:44 13/07/2013] 964317E998F9E14BA906F05E16061381
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameText_Cities_Babylon.xml --a---- 3768 bytes [02:44 13/07/2013] [02:44 13/07/2013] B2FA815BCF1AA43BA69B4F805724074A
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\Civ5CivlopediaDLC_Babylon.xml --a---- 20200 bytes [02:44 13/07/2013] [02:44 13/07/2013] 132F37C3DE0CFBBCD8252646AD45A1DD
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Babylon.xml --a---- 1932 bytes [02:44 13/07/2013] [02:44 13/07/2013] 212255750CEAD6148B03CE5CACEB10BC
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 319 bytes [02:44 13/07/2013] [02:44 13/07/2013] C6E3D4F7BBF7F15A03DC9DA08271D7C1
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 484 bytes [02:44 13/07/2013] [02:44 13/07/2013] 934A4B3A4CF074A9E214612C0BC2F8AA
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Units_Babylon.xml --a---- 298 bytes [02:44 13/07/2013] [02:44 13/07/2013] E6F4AE833A725A95BED4E02E4BC2A3B3
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameText_Cities_Babylon.xml --a---- 3630 bytes [02:44 13/07/2013] [02:44 13/07/2013] 256A50E9A9165754E621AAB3C6D87CAD
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\Civ5CivlopediaDLC_Babylon.xml --a---- 18843 bytes [02:44 13/07/2013] [02:44 13/07/2013] F6728E9F89BBD7F3EE6D1F96E2DBAFB2
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Babylon.xml --a---- 1642 bytes [02:44 13/07/2013] [02:44 13/07/2013] 602FC82EB1A456D2AE9168B9612FBF59
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 427 bytes [02:44 13/07/2013] [02:44 13/07/2013] 63E459EED1B08813B7C388C4541F9BC0
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 1011 bytes [02:44 13/07/2013] [02:44 13/07/2013] 25CA32818017A6573E647C09E9B69DF7
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Units_Babylon.xml --a---- 455 bytes [02:44 13/07/2013] [02:44 13/07/2013] A63AF646BA625B1A4E2DB6CD95C4B34C
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameText_Cities_Babylon.xml --a---- 6753 bytes [02:44 13/07/2013] [02:44 13/07/2013] E3F89A77BE29851098F6AE71DD656C3B
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\Civ5CivlopediaDLC_Babylon.xml --a---- 29230 bytes [02:44 13/07/2013] [02:44 13/07/2013] 5702A363639D66BF69D483A03F0C93B4
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Babylon.xml --a---- 2341 bytes [02:44 13/07/2013] [02:44 13/07/2013] 86136F6D5D226085C657FC6C4FCFE0AD
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 515 bytes [02:44 13/07/2013] [02:44 13/07/2013] 0378E6E775CD560E328FC5D6D0BFAC97
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 649 bytes [02:44 13/07/2013] [02:44 13/07/2013] 2F2736E0118D8F48161B4DF9CDD80F41
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Units_Babylon.xml --a---- 575 bytes [02:44 13/07/2013] [02:44 13/07/2013] 7A85ABCC3D6FA3C8030724D3DCE46ACD
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameText_Cities_Babylon.xml --a---- 6361 bytes [02:44 13/07/2013] [02:44 13/07/2013] 2F7D83B5E005CA6922D68B5737086358
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\Civ5CivlopediaDLC_Babylon.xml --a---- 16617 bytes [22:07 30/10/2013] [22:07 30/10/2013] DAFEA7BC6CF47DECC0C322936D42BE7B
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Babylon.xml --a---- 1551 bytes [22:07 30/10/2013] [22:07 30/10/2013] 14C9530960410826E0E75774782863BE
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Buildings_Babylon.xml --a---- 328 bytes [21:18 15/10/2013] [21:18 15/10/2013] AFAB96A21C37E4382E7D260F747BEC34
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Civilizations_Babylon.xml --a---- 493 bytes [21:18 15/10/2013] [21:18 15/10/2013] 8A1519E08BB15456A0D81323E9721E20
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Units_Babylon.xml --a---- 317 bytes [21:18 15/10/2013] [21:18 15/10/2013] AD692233917A1F4EB7D0E687A9668D47
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameText_Cities_Babylon.xml --a---- 3658 bytes [21:18 15/10/2013] [21:18 15/10/2013] F8A480E0C0B1D904312F5C1EF8EBEFF6
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\English\Dawn of Man\Babylon.mp3 --a---- 1075725 bytes [02:38 13/07/2013] [02:44 13/07/2013] E2ED48A41380B3CDFEB928D8E8C2B268
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\French\Dawn of Man\Babylon.mp3 --a---- 1109998 bytes [02:38 13/07/2013] [02:44 13/07/2013] AA98D6182ACD4A14F210D57281EC8B5C
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\German\Dawn of Man\Babylon.mp3 --a---- 1378745 bytes [02:38 13/07/2013] [02:44 13/07/2013] CFDF760EEDA1AD371F3D83132DC6B3BA
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Italian\Dawn of Man\Babylon.mp3 --a---- 1346563 bytes [02:38 13/07/2013] [02:44 13/07/2013] FBD20CDB150B22C542DEEF85AB3E1D75
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Polish\Dawn of Man\Babylon.mp3 --a---- 1108744 bytes [02:38 13/07/2013] [02:44 13/07/2013] D89E794AA49AA52381D15334DBE86FAC
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Russian\Dawn of Man\BABYLON.mp3 --a---- 1372476 bytes [02:38 13/07/2013] [02:44 13/07/2013] 34E7C2229FAC84F11F226332A597E8A6
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Spanish\Dawn of Man\Babylon.mp3 --a---- 1138001 bytes [02:38 13/07/2013] [02:44 13/07/2013] CF9EB9E2130806D649AD27D6F9B4254C
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\BabylonAudio2DScripts.xml --a---- 21104 bytes [02:44 13/07/2013] [02:44 13/07/2013] BD891F96324061659D5913B62169F26E
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\DawnOfMan_Speech_Babylon_Audio2DScripts.xml --a---- 552 bytes [02:44 13/07/2013] [02:44 13/07/2013] 6CB4B8118044177DF5662A62DC0D87D6
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\DawnOfMan_Speech_Babylon_AudioDefines.xml --a---- 434 bytes [02:44 13/07/2013] [02:44 13/07/2013] D45ED20C82021A1103959DEC5E01D3F5
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\UnitUISounds_Babylon.xml --a---- 406 bytes [02:44 13/07/2013] [02:44 13/07/2013] BA01D30F3624ABA5DAF4F209803E39F0
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\U_Babylonian_Bowman3DScripts.xml --a---- 46367 bytes [02:44 13/07/2013] [02:44 13/07/2013] 9ADF27DE766B4BA7989A5F259639E83B
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\CIV5Buildings_Babylon.xml --a---- 2132 bytes [02:45 13/07/2013] [02:45 13/07/2013] 59D5C1E38F2E4712A30ECB12541C140D
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\CIV5Civilization_Babylon.xml --a---- 12745 bytes [02:44 13/07/2013] [02:44 13/07/2013] 05F713E05A0AD6EA486C199B204641A1
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\CIV5Units_Babylon.xml --a---- 3884 bytes [02:45 13/07/2013] [02:45 13/07/2013] D48A84F632405255CD4EBCE9CA1BBE81
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1073 bytes [02:44 13/07/2013] [02:44 13/07/2013] 85DF5BA2048F59D33EC54BF363457501
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1168 bytes [02:45 13/07/2013] [02:45 13/07/2013] 4E9BDF4F2065BE6B8CFAB9CEBF324E86
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1835 bytes [02:45 13/07/2013] [02:45 13/07/2013] 5F24E7F95948C0FF7D9638DB1BF31E4D
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1336 bytes [02:45 13/07/2013] [02:45 13/07/2013] 711E5A126B174906172681FB243D2E8F
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1237 bytes [02:45 13/07/2013] [02:45 13/07/2013] F6E71C6F9531B5AB5B7C203F847612E7
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1164 bytes [02:44 13/07/2013] [02:44 13/07/2013] 552AC3B80B3D38BAA6E00B29CA93A625
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1125 bytes [02:45 13/07/2013] [02:45 13/07/2013] D1A0C346A6D2345327F07EC3FCA8CC37
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1960 bytes [02:45 13/07/2013] [02:45 13/07/2013] EBBC10D18631D04FC332A7B0159DCDEA
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1795 bytes [02:44 13/07/2013] [02:44 13/07/2013] E24C40E6CAABF5312EB32E3F81A91F24
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Spies_Babylon.xml --a---- 1139 bytes [22:07 30/10/2013] [22:07 30/10/2013] B8598585A3E2F9A51EA2EF49663F0159
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Resource\Common\BabylonianModels.fpk --a---- 6271324 bytes [02:38 13/07/2013] [02:44 13/07/2013] C9DF9772966C4B70D5A9536CC09BF7A7
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Resource\DX9\BabylonianNebuchadnezzarTextures.fpk --a---- 20449704 bytes [02:38 13/07/2013] [02:44 13/07/2013] CAD86E045788AE3E4D5E94380F567F1F
C:\Program Files (x86)\New Steam\SteamApps\common\Sid Meier's Civilization V\Resource\DX9_Low\BabylonianNebuchadnezzarTexturesDX9Low.fpk --a---- 166484 bytes [02:44 13/07/2013] [02:44 13/07/2013] 962519780C582C3792D052FDA0DEF99F
C:\Program Files (x86)\StepMania 5\Songs\Metal\Disciples of Babylon (Dog_E)\Disciples of Babylon.dwi --a---- 11157 bytes [10:33 25/04/2013] [21:25 14/09/2006] D70DA1BEFAC3C1B2F9D43B43E2F32419
C:\Program Files (x86)\StepMania 5\Songs\Metal\Disciples of Babylon (Dog_E)\Disciples of Babylon.sm --a---- 41065 bytes [10:33 25/04/2013] [03:47 22/10/2006] 17B2909BE5FAA5F6C658B590CBBC9A89
C:\Users\Drathanis\Documents\My Games\Sid Meier's Civilization 5\cache\Localization-Babylon.db --a---- 560128 bytes [06:53 13/07/2013] [01:01 12/09/2013] 3BA8F655B683B05495C7F14FAA207898
C:\Users\Drathanis\Music\Music\Dragonforce\The Valley of the Damned\Disciples of Babylon (dc3495362).mp3 --a---- 8739038 bytes [19:37 27/12/2011] [16:31 27/01/2010] FE7C425331AFC6B045B4E33B3C0220FA
C:\Users\Drathanis\Music\Music\Sermons\Mike Bickle\The Book of Revelation\20081129_Harlot_Babylon_A_Coming_One-World_Religion__455970.mp3 --a---- 31903412 bytes [19:26 27/12/2011] [19:59 20/07/2010] 737E4443CFB3C2E3B0A3F2206853AC20
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\StepMania 5\Cache\Banners\Songs_Metal_Disciples of Babylon (Dog_E)_disciples.png --a---- 16416 bytes [10:34 25/04/2013] [10:34 25/04/2013] DD151D062A633FC65762AA62BEFAAD80
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\StepMania 5\Cache\Songs\Songs_Metal_Disciples of Babylon (Dog_E) --a---- 1604 bytes [10:34 25/04/2013] [10:34 25/04/2013] 788C8505BA24F8693F03C10793D66B08

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [07:50 12/02/2014] [07:50 12/02/2014] 5A2B082A760722E08042E3892D07690E
C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_TB\ConduitInstaller.exe --a---- 73080 bytes [08:08 22/04/2014] [01:26 21/08/2012] 9A5E999C90861CE9B7906DBF429D4238

Searching for "*Coupons*"
No files found.

Searching for "*DP1815*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*facemoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*IMVU*"
No files found.

Searching for "*Mysearchdial*"
No files found.

Searching for "*PutLockerDownloader*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchou*"
No files found.

Searching for "*SearchProtect*"
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css --a---- 3132 bytes [14:22 11/04/2013] [14:22 11/04/2013] 3279886E300F877C284C578FCAA93314
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData --a---- 305 bytes [11:37 04/04/2013] [07:48 13/05/2013] A4859A8782BCAA2DACE7F4A73828BD78

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
C:\Program Files (x86)\StepMania 5\Songs\Custom\1000 words-shortened\Final Fantasy X-2 - 1000 Words (Jade from Sweetbox).mp3 --a---- 2328032 bytes [13:42 21/04/2013] [01:44 17/05/2004] 2E8E3864A7145D6357FD4CDD681C6528
C:\Program Files (x86)\StepMania 5\Songs\DDRei TournaMix Salvage\In The Groove 2\Sweet World\Sweet World.dwi --a---- 5697 bytes [13:43 21/04/2013] [16:41 17/03/2006] 5B8D78FFD12BE5CA0D048DC0A1E39466
C:\Program Files (x86)\StepMania 5\Songs\DDRei TournaMix Salvage\In The Groove 2\Sweet World\Sweet World.mp3 --a---- 1803120 bytes [13:43 21/04/2013] [16:42 17/03/2006] 5394DA4DB0BBC10D5AA18201FD90AF1D
C:\Program Files (x86)\StepMania 5\Songs\DDRei TournaMix Salvage\In The Groove 2\Sweet World\Sweet World.sm --a---- 11655 bytes [13:43 21/04/2013] [16:42 17/03/2006] 9AA1284E8EC46C72C86AE18B0FAAA8AA
C:\Program Files (x86)\StepMania 5\Songs\In the Groove 2\Sweet World\Sweet World.dwi --a---- 5697 bytes [13:43 21/04/2013] [05:21 24/04/2006] 9F91B2D54CD9F9BBA8554302D706574A
C:\Program Files (x86)\StepMania 5\Songs\In the Groove 2\Sweet World\Sweet World.mp3 --a---- 1803120 bytes [13:43 21/04/2013] [21:07 04/05/2006] CFA7ED82BDE9D1D522A2BB5DEFF9928C
C:\Program Files (x86)\StepMania 5\Songs\In the Groove 2\Sweet World\Sweet World.sm --a---- 11655 bytes [13:43 21/04/2013] [05:21 24/04/2006] C47DAE1EF4E41AA0FC2C7DF1246F9C13
C:\Users\Drathanis\Documents\Sweet corn.sfk --a---- 2440 bytes [14:36 27/04/2013] [14:36 27/04/2013] 938BAFC291ACCE1E90651DC7F9E1DC27
C:\Users\Drathanis\Documents\Sweet corn.wav --a---- 609668 bytes [14:36 27/04/2013] [14:36 27/04/2013] E470B8553A673619A957F9C30E621A0E
C:\Users\Drathanis\Documents\Sweet corn1.sfk --a---- 12120 bytes [14:37 27/04/2013] [14:37 27/04/2013] 3648B663FAEED1107ADE7445651BA011
C:\Users\Drathanis\Documents\Sweet corn1.wav --a---- 3088744 bytes [14:36 27/04/2013] [14:37 27/04/2013] 388A60E51B70F094E954C7619CCA4750
C:\Users\Drathanis\Pictures\Pictures\SweetCorn01.jpg --a---- 519938 bytes [14:35 27/04/2013] [14:35 27/04/2013] C0449FF1D45D7EDD92B311AE68858EA3
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\StepMania 5\Cache\Songs\Songs_In the Groove 2_Sweet World --a---- 1247 bytes [14:28 21/04/2013] [14:28 21/04/2013] 9A460AAAD3A89FA06D6E5EBE9A06F9DA

Searching for "*Tarma*"
No files found.

Searching for "*Trusteer*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*WiseConvert*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*FriendsChecker*"
No files found.

Searching for "*UnfriendApp*"
No files found.

Searching for "*ExFriendAlert*"
No files found.

Searching for "*RecordChecker*"
No files found.

Searching for "*InfoSeeker*"
No files found.

Searching for "*SecureWeb*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*ContentSAFER*"
No folders found.

Searching for "*Babylon*"
C:\Program Files (x86)\StepMania 5\Songs\Metal\Disciples of Babylon (Dog_E) d------ [10:33 25/04/2013]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\zoek_backup\C_PROGRA~2_Conduit d-a---- [08:08 22/04/2014]
C:\zoek_backup\C_Users_Drathanis_AppData_LocalLow_Conduit d-a---- [08:08 22/04/2014]
C:\zoek_backup\C_Users_Drathanis_AppData_Local_Conduit d-a---- [08:08 22/04/2014]

Searching for "*Coupons*"
No folders found.

Searching for "*DP1815*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*facemoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*IMVU*"
No folders found.

Searching for "*Mysearchdial*"
No folders found.

Searching for "*PutLockerDownloader*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchou*"
No folders found.

Searching for "*SearchProtect*"
C:\zoek_backup\C_PROGRA~2_SearchProtect d-a---- [08:08 22/04/2014]
C:\zoek_backup\C_SearchProtect d-a---- [08:08 22/04/2014]
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\SearchProtect d------ [09:14 04/04/2013]

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Sweet*"
C:\Program Files (x86)\StepMania 5\Songs\DDRei TournaMix Salvage\In The Groove 2\Sweet World d------ [13:43 21/04/2013]
C:\Program Files (x86)\StepMania 5\Songs\In the Groove 2\Sweet World d------ [13:43 21/04/2013]
C:\Users\Drathanis\Music\Music\Other crazy sweet sounds d------ [19:28 27/12/2011]

Searching for "*Tarma*"
No folders found.

Searching for "*Trusteer*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*WiseConvert*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*FriendsChecker*"
No folders found.

Searching for "*UnfriendApp*"
No folders found.

Searching for "*ExFriendAlert*"
No folders found.

Searching for "*RecordChecker*"
No folders found.

Searching for "*InfoSeeker*"
No folders found.

Searching for "*SecureWeb*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "ContentSAFER"
No data found.

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe"="HSS-2.88-install-zdnetcom-5-conduit(1)"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe"="HSS-2.88-install-zdnetcom-5-conduit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe"="HSS-2.74-install-download-394-conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\2D6317878F0F5264AAF3277D97A58C24]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe"="HSS-2.88-install-zdnetcom-5-conduit(1)"
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe"="HSS-2.88-install-zdnetcom-5-conduit"
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe"="HSS-2.74-install-download-394-conduit"
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe"="HSS-2.88-install-zdnetcom-5-conduit(1)"
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe"="HSS-2.88-install-zdnetcom-5-conduit"
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe"="HSS-2.74-install-download-394-conduit"

Searching for "Coupons"
No data found.

Searching for "DP1815"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "facemoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "IMVU"
No data found.

Searching for "Mysearchdial"
No data found.

Searching for "PutLockerDownloader"
No data found.

Searching for "searchab"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Searchou"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"tlbrSrchUrl"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"ds_url"="http://searchou.com/?q={searchTerms}&id=8c605eb100000000000000fff228c7e8&r=625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_url"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_chrm"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_ffx"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"nt_url"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"tlbrSrchUrl"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"ds_url"="http://searchou.com/?q={searchTerms}&id=8c605eb100000000000000fff228c7e8&r=625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_url"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_chrm"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_ffx"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"nt_url"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_searchou_mt_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"tlbrSrchUrl"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"ds_url"="http://searchou.com/?q={searchTerms}&id=8c605eb100000000000000fff228c7e8&r=625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_url"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_chrm"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"hp_ffx"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
"nt_url"="http://searchou.com/?id=8c605eb100000000000000fff228c7e8"

Searching for "SearchProtect"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

Searching for "Slick"
No data found.

Searching for "smartbar"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
No data found.

Searching for "Trusteer"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "WiseConvert"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "FriendsChecker"
No data found.

Searching for "UnfriendApp"
No data found.

Searching for "ExFriendAlert"
No data found.

Searching for "RecordChecker"
No data found.

Searching for "InfoSeeker"
No data found.

Searching for "SecureWeb"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am
Advertisement
Register to Remove

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 23rd, 2014, 4:41 am

OTL logfile created on: 4/23/2014 5:30:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Drathanis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.60 Gb Available Physical Memory | 83.42% Memory free
15.83 Gb Paging File | 13.90 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293.03 Gb Total Space | 90.09 Gb Free Space | 30.74% Space Free | Partition Type: NTFS
Drive D: | 380.60 Gb Total Space | 289.39 Gb Free Space | 76.03% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 465.65 Gb Total Space | 264.50 Gb Free Space | 56.80% Space Free | Partition Type: FAT32

Computer Name: DRATHANIS-PC | User Name: Drathanis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/21 18:13:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Drathanis\Desktop\OTL.exe
PRC - [2014/04/19 03:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\Drathanis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/19 03:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/26 06:24:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/12/25 16:25:50 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/03/14 03:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/01/26 04:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/11/16 03:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/10/15 07:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2010/10/08 07:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/09/24 09:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/18 07:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/12/16 03:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/20 03:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 03:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 10:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 10:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 14:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2008/02/10 09:53:46 | 000,405,504 | ---- | M] (DropShots) -- C:\Program Files (x86)\DropBox\DropBox\DropBox.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/23 16:50:17 | 000,041,984 | ---- | M] () -- c:\Users\Drathanis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjaacpk.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/03 12:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Drathanis\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 08:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Drathanis\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/09/24 09:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 17:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/04 09:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/17 09:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 10:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (14be225b)
SRV:64bit: - [2009/07/14 10:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (05837205)
SRV - [2014/04/09 16:27:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/02 16:55:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/26 06:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/19 03:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/21 22:44:34 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/08 13:32:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/26 06:24:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/14 03:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/14 03:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2009/12/16 03:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/16 10:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/11/21 22:44:34 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/04/08 13:32:30 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/22 10:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/11 01:30:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 23:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/22 06:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/14 03:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/14 03:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/14 03:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/14 03:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/14 03:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/14 03:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/14 03:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 20:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/23 16:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/04 03:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/04/17 09:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 18:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 05:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 05:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/24 10:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/07/27 06:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/03 10:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/?rd=1&ucc=JP&dcc=JP&opt=0
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 10 E7 14 A4 54 CF 01 [binary data]
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.130701
FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Drathanis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Drathanis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Drathanis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Drathanis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Drathanis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/02 16:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/02 16:55:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/25 19:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drathanis\AppData\Roaming\Mozilla\Extensions
[2014/04/23 17:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drathanis\AppData\Roaming\Mozilla\Firefox\Profiles\w6ms07uj.default\extensions
[2012/11/04 02:19:04 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Drathanis\AppData\Roaming\Mozilla\Firefox\Profiles\w6ms07uj.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2013/07/15 22:11:16 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Drathanis\AppData\Roaming\Mozilla\Firefox\Profiles\w6ms07uj.default\extensions\rikaichan-jpen@polarcloud.com
[2014/04/23 17:23:42 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\Drathanis\AppData\Roaming\Mozilla\Firefox\Profiles\w6ms07uj.default\extensions\mediahint@jetpack.xpi
[2014/04/23 17:23:18 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Drathanis\AppData\Roaming\Mozilla\Firefox\Profiles\w6ms07uj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/21 18:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/02 16:55:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/02 16:55:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/04/02 16:55:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/04/02 16:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/02 16:55:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/02 16:55:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Drathanis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Drathanis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Drathanis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Drathanis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [DropBoxUtility] C:\Program Files (x86)\DropBox\DropBox\DropBox.exe (DropShots)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Drathanis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Drathanis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C3949E2-5B59-4B93-9D9F-742801216F99}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E77CEE-EED7-420B-8C88-87785C2082E3}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\FastSys\FASTSY~1.DLL) - File not found
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll c:\progra~3\fastsys\fastsys.dll) - c:\windows\syswow64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58e091ec-7896-11e2-8045-14dae920f8e9}\Shell - "" = AutoRun
O33 - MountPoints2\{58e091ec-7896-11e2-8045-14dae920f8e9}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{8d49039c-30af-11e1-8b32-742f68358571}\Shell - "" = AutoRun
O33 - MountPoints2\{8d49039c-30af-11e1-8b32-742f68358571}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/23 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\Drathanis\AppData\Roaming\LolClient
[2014/04/23 16:49:28 | 000,000,000 | R--D | C] -- C:\Users\Drathanis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/04/23 16:47:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/23 07:39:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/23 07:38:16 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Drathanis\Desktop\JRT.exe
[2014/04/22 23:09:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/22 23:09:31 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/22 23:09:29 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/22 23:09:24 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/22 23:09:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/22 23:09:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/22 23:09:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/22 23:09:22 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/22 23:09:22 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/22 23:09:22 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/22 23:09:22 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/22 23:09:22 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/22 23:09:22 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/22 23:09:21 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/22 23:09:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/22 23:09:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/22 23:09:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/22 23:09:20 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/22 23:09:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/22 23:09:18 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/22 23:09:18 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/22 23:09:18 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/22 23:09:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/22 23:09:17 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/22 23:09:17 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/22 23:09:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/22 23:09:14 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/22 23:09:14 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/22 23:09:10 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/22 17:17:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/22 17:15:47 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/04/22 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\Drathanis\AppData\Local\Temp
[2014/04/22 16:56:34 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/04/22 16:44:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/21 18:13:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Drathanis\Desktop\OTL.exe
[2014/04/18 17:31:48 | 000,252,712 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll
[2014/04/17 16:30:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Drathanis\Desktop\dds.scr
[2014/04/10 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\Drathanis\AppData\Roaming\LavasoftStatistics
[2014/04/10 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/04/10 18:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/04/10 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/04/10 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/04/09 16:48:12 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/09 16:48:12 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/09 16:48:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/09 16:48:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/09 16:47:10 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 16:47:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 16:47:10 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 16:47:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 16:47:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 16:47:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 16:47:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 16:47:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 16:47:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 16:47:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/02 16:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/02 06:55:18 | 000,000,000 | ---D | C] -- C:\Users\Drathanis\AppData\Roaming\DropboxMaster

========== Files - Modified Within 30 Days ==========

[2014/04/23 17:22:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/23 17:01:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161124720-2244271395-4274727246-1001UA.job
[2014/04/23 16:57:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 16:57:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 16:49:24 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/04/23 16:49:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/23 16:49:16 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\PGAutoUpdate.job
[2014/04/23 16:49:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/23 16:48:54 | 2078,105,599 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/23 16:41:38 | 000,001,061 | ---- | M] () -- C:\Users\Drathanis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/23 16:41:34 | 000,001,037 | ---- | M] () -- C:\Users\Drathanis\Desktop\Dropbox.lnk
[2014/04/23 07:38:19 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Drathanis\Desktop\JRT.exe
[2014/04/23 07:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/23 07:35:30 | 000,165,376 | ---- | M] () -- C:\Users\Drathanis\Desktop\SystemLook_x64.exe
[2014/04/23 07:35:15 | 001,345,435 | ---- | M] () -- C:\Users\Drathanis\Desktop\adwcleaner.exe
[2014/04/22 16:56:34 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/04/22 16:54:53 | 001,285,120 | ---- | M] () -- C:\Users\Drathanis\Desktop\zoek.exe
[2014/04/22 16:36:14 | 000,000,000 | ---- | M] () -- C:\Users\Drathanis\defogger_reenable
[2014/04/22 16:35:21 | 000,050,477 | ---- | M] () -- C:\Users\Drathanis\Desktop\Defogger.exe
[2014/04/21 18:13:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Drathanis\Desktop\OTL.exe
[2014/04/20 10:01:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161124720-2244271395-4274727246-1001Core.job
[2014/04/20 09:28:46 | 000,468,480 | ---- | M] () -- C:\Users\Drathanis\Desktop\CKScanner.exe
[2014/04/19 13:52:31 | 002,307,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/19 13:43:20 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/17 16:30:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Drathanis\Desktop\dds.scr
[2014/04/17 16:25:00 | 000,797,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 16:25:00 | 000,674,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/17 16:25:00 | 000,126,222 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/11 07:35:39 | 000,001,602 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014/04/11 07:35:36 | 000,002,372 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2014/04/09 16:39:27 | 002,768,902 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/04/09 16:27:23 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/09 16:27:23 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/03 22:18:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2014/04/23 07:35:30 | 000,165,376 | ---- | C] () -- C:\Users\Drathanis\Desktop\SystemLook_x64.exe
[2014/04/23 07:35:14 | 001,345,435 | ---- | C] () -- C:\Users\Drathanis\Desktop\adwcleaner.exe
[2014/04/22 17:15:47 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/04/22 16:54:21 | 001,285,120 | ---- | C] () -- C:\Users\Drathanis\Desktop\zoek.exe
[2014/04/22 16:36:14 | 000,000,000 | ---- | C] () -- C:\Users\Drathanis\defogger_reenable
[2014/04/22 16:35:20 | 000,050,477 | ---- | C] () -- C:\Users\Drathanis\Desktop\Defogger.exe
[2014/04/20 09:28:45 | 000,468,480 | ---- | C] () -- C:\Users\Drathanis\Desktop\CKScanner.exe
[2014/04/19 13:52:00 | 002,307,008 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/13 19:57:13 | 000,007,594 | ---- | C] () -- C:\Users\Drathanis\AppData\Local\resmon.resmoncfg
[2014/01/31 07:36:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/11 10:25:36 | 000,007,168 | ---- | C] () -- C:\Users\Drathanis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 11:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 10:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby pgmigg » April 23rd, 2014, 2:06 pm

Hello Thumper,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/?rd=1&ucc=JP& ... &opt=0 
    FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.130701
    FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe"=-
    [HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe"=-
    [HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe"=-
    [HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe"=-
    [HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe"=-
    [HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe"=-
    [HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "tlbrSrchUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "ds_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_chrm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_ffx"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "nt_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "tlbrSrchUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "ds_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_chrm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_ffx"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "nt_url"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_searchou_mt_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "tlbrSrchUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "ds_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_chrm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "hp_ffx"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data]
    "nt_url"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "SearchProtect"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "SearchProtect"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech]
    
    :Files
    C:\Users\Drathanis\Downloads\HSS*.exe
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 24th, 2014, 7:20 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-1161124720-2244271395-4274727246-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: rikaichan-jpen%40polarcloud.com:2.01.130701 removed from extensions.enabledAddons
Prefs.js: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 removed from extensions.enabledAddons
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe not found.
Registry value HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe not found.
Registry value HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe not found.
Registry value HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit(1).exe not found.
Registry value HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.88-install-zdnetcom-5-conduit.exe not found.
Registry value HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Drathanis\Downloads\HSS-2.74-install-download-394-conduit.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\tlbrSrchUrl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\ds_url deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_url deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_chrm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_ffx deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\nt_url deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\tlbrSrchUrl not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\ds_url not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_url not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_chrm not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_ffx not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\nt_url not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_searchou_mt_RASAPI32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\tlbrSrchUrl not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\ds_url not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_url not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_chrm not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\hp_ffx not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{301966DF-A84B-4255-AAB9-574B5CE237E4}\instl\data\\nt_url not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1161124720-2244271395-4274727246-1001\Software\Trolltech\ not found.
========== FILES ==========
File\Folder C:\Users\Drathanis\Downloads\HSS*.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Drathanis
->Temp folder emptied: 13319060 bytes
->Temporary Internet Files folder emptied: 3745450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 410424228 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 997 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46852 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 717042 bytes

Total Files Cleaned = 408.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Drathanis
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Drathanis
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04242014_163712

Files\Folders moved on Reboot...
C:\Users\Drathanis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Drathanis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 24th, 2014, 7:20 am

C:\Users\Drathanis\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Drathanis\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Drathanis\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Drathanis\Downloads\rcsetup144.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Drathanis\Pictures\Pictures\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Drathanis\Pictures\Pictures\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\zoek_backup\C_Users_Drathanis_Downloads_FreeYouTubeToMP3Converter(1).exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\zoek_backup\C_PROGRA~2_COMMON~1_DVDVideoSoft_TB\ConduitInstaller.exe Win32/Toolbar.Conduit potentially unwanted application
C:\zoek_backup\C_PROGRA~2_MagniPic\uninstall.exe Win32/SProtector.B potentially unwanted application
C:\zoek_backup\C_PROGRA~2_SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A potentially unwanted application
C:\zoek_backup\C_PROGRA~3_Browser faster\Browserfaster_x64.dll a variant of Win64/SProtector.B potentially unwanted application
C:\zoek_backup\C_PROGRA~3_FastSys\FastSys_x64.dll a variant of Win64/SProtector.B potentially unwanted application
C:\zoek_backup\C_Users_Drathanis_AppData_Local_Google_Chrome_User Data_Default_Extensions_nifdefllacoploppflbmacejenfdjgam\1\5163e3e41776e8.85973290.js Win32/Adware.MultiPlug.H application
C:\_OTL\MovedFiles\04222014_164441\C_Users\Drathanis\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A potentially unwanted application
G:\Backup\Pictures\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\Backup\Pictures\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby pgmigg » April 24th, 2014, 11:31 am

Hello Thumper,

Do you see any changes in computer behavior?
This question, I posted every time, is a feedback and should not be ignored when you post your replies :( - it is important for me to know that something was changed and improved or not...

Please tell me how is your computer including browsers is working now?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 24th, 2014, 6:48 pm

Sorry about that pgmigg. I guess I just wasn't confident the subjective observations of an average computer user like me were of particular value when someone who speaks computer can just look at specific logs and say definitively "Yeah, it looks like you've got some malware to clear-up" or "No, it looks like you're all clean." Regardless, I apologize for ignoring your question.

Things are getting better I think. I haven't seen any pop-ups / other ads recently and overall the computer seems to be running smoother. I'm getting some errors logging on to Netflix but I don't think that has to do with Malware. I share an account with my family so I'm emailing them to ensure I've got the right email and password. Anyways, things are looking up! Thanks for all your hard work and I'll look forward to your next reply!

Regards,

~ Thumper
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 25th, 2014, 3:35 am

In other news, it seems the issue I had with a black box distorting the Netflix player seems to be resolved. Huzzah!

~ Thumper
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby pgmigg » April 25th, 2014, 11:43 am

Hello Thumper,

Things are getting better I think. I haven't seen any pop-ups / other ads recently and overall the computer seems to be running smoother.
In other news, it seems the issue I had with a black box distorting the Netflix player seems to be resolved.
Glad to read it! :D

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (8u5) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Check "Accept License Agreement"
  3. Locate the .exe entry for Windows x64, click on the associated file name, and save the jre-8u5-windows-x64.exe file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-8u5-windows-x64.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

Step 2.
OTL - Run Safe Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 4.
Re-enable your Emulation drivers by DeFogger
You should still have DeFogger on your desktop.
  1. Right click DeFogger And select " Run as administrator " to run the tool.
  2. The application window will appear
  3. Click the Re-enable button to re-enable your CD Emulation drivers
  4. Click Yes to continue
  5. A 'Finished!' message will appear
  6. Click OK
  7. DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Step 5.
Remove all used tools and their log files not removed by OTL if they remain on your desktop.
  • AdwCleaner
  • DDS
  • DeFogger
  • JRT
  • SystemLook
  • ZOEK

Then:
Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 25th, 2014, 11:12 pm

Thanks for all your help! The computer looks and feels much better, although I still seem to have problems entering advanced boot options / safe mode. Same as before, when I push f8 multiple times when the computer is starting up, I get stuck at an unresponsive black screen and am forced to do a hard shut-down. Any ideas as to what might be the issue / how I can resolve it? Also, knowing that programs can conflict with each other, are there any two types of programs from the guide you linked that I should NOT run together? Thanks again for all your help and I hope you have a wonderful day!

Regards,

~ Thumper
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby pgmigg » April 26th, 2014, 12:41 am

Hello Thumper,

Thanks for all your help!
You are welcome! :D
I still seem to have problems entering advanced boot options / safe mode. Same as before, when I push f8 multiple times when the computer is starting up, I get stuck at an unresponsive black screen and am forced to do a hard shut-down. Any ideas as to what might be the issue / how I can resolve it?
In normal life you don't need to boot your computer to Safe Mode at all - it is an excellent next step when starting Windows normally is not possible. I guess that your problems with the Safe Mode are most probably not-malware related. We cleaned everything showing in your scans, and there was nothing capable of causing the type of problems you are experiencing.

I'd like to refer you to a technical support forum like: Tech Support Guy.
Feel free to refer to this topic if malware gets mentioned during the helping process.
Also, knowing that programs can conflict with each other, are there any two types of programs from the guide you linked that I should NOT run together?
Actually there is no restrictions to run any programs simultaneously - every program runs separately from others even if it sheared system libraries. The ability to run many programs at the same time is limited only by system resources - and, above all, by RAM!
Another thing is that there are programs that should not have analogues as described above antivirus software.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fairly sure coputer is infected. Please help!

Unread postby Thumper » April 26th, 2014, 10:13 pm

Awesome! Thanks a lot for the information and helping my computer get back up to speed. Have a great day and best of luck in whatever you happen to be doing!

Regards,

~ Thumper
Thumper
Regular Member
 
Posts: 25
Joined: April 17th, 2014, 3:25 am

Re: Fairly sure coputer is infected. Please help!

Unread postby pgmigg » April 27th, 2014, 7:56 pm

Awesome! Thanks a lot for the information and helping my computer get back up to speed. Have a great day and best of luck in whatever you happen to be doing!
Thank you! You are very welcome, Thumper!

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fairly sure coputer is infected. Please help!

Unread postby NonSuch » April 27th, 2014, 10:12 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware