Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with malware removal

Unread postby rebeccabroke » March 18th, 2014, 4:07 pm

Well here are the DDS logs that Cypher requested. Malware is slowing down my computer.


DDS log:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Nathan at 15:47:48 on 2014-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.925 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT33237 ... CC29&SSPV=
uProxyServer = hxxp=127.0.0.1:13828
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: DioscountLoocator: {18887D94-91CA-106D-9149-2FA3110EA14E} - C:\ProgramData\DioscountLoocator\GT2Jn6.dll
BHO: Websteroids: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Updater] C:\ProgramData\Updater\updater.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [Facebook Update] "C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [InstallX Search Protect for Yahoo] "C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe"
uRun: [Exetender] "C:\Program Files (x86)\Hoopla\GPlayer.exe" /runonstartup
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [PureLeads Tray] "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
mRun: [PCTechHotline] "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
dRun: [Exetender] "C:\Program Files (x86)\Hoopla\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\Nathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Users\Nathan\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
StartupFolder: C:\Users\Nathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Users\Nathan\AppData\Local\WeatherAlerts\WeatherAlerts.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
LSP: C:\Windows\System32\plsapp.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{4091BD3D-4A59-48F8-8FA7-C0E933889BDD} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: DioscountLoocator: {18887D94-91CA-106D-9149-2FA3110EA14E} - C:\ProgramData\DioscountLoocator\GT2Jn6.x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-03-18 06:39:02 -------- d-----w- C:\ProgramData\cc792261f535a020
2014-03-18 06:38:58 -------- d-----w- C:\Users\Nathan\AppData\Local\Packages
2014-03-18 06:38:48 -------- d-----w- C:\ProgramData\DioscountLoocator
2014-03-18 05:58:28 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA7C2918-EC87-4D8F-AC1D-49ABF756A08E}\offreg.dll
2014-03-18 05:28:03 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA7C2918-EC87-4D8F-AC1D-49ABF756A08E}\mpengine.dll
2014-03-18 04:27:27 -------- d-----w- C:\Users\Nathan\.jagex_cache_32
2014-03-17 23:47:52 -------- d-----w- C:\Users\Nathan\AppData\Roaming\PC Tech Hotline
2014-03-17 23:47:51 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-03-17 23:47:21 -------- d-----w- C:\Program Files (x86)\PCTechHotline
2014-03-17 23:47:17 -------- d-----w- C:\Users\Nathan\AppData\Local\GCC
2014-03-17 23:47:15 -------- d-----w- C:\Users\Nathan\AppData\Roaming\PCFixSpeed
2014-03-17 23:47:14 -------- d-----w- C:\ProgramData\PCFixSpeed
2014-03-17 23:46:58 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
2014-03-17 06:25:52 -------- d-----w- C:\Program Files (x86)\Setup Support for Consumer Input
2014-03-17 06:23:31 -------- d-----w- C:\Users\Nathan\AppData\Local\Consumer Input
2014-03-17 06:23:25 -------- d-----w- C:\Program Files (x86)\Consumer Input
2014-03-17 06:23:11 -------- d-----w- C:\ProgramData\Hoopla
2014-03-17 06:23:08 -------- d-----w- C:\Remote Programs
2014-03-17 06:22:51 58264 ------w- C:\Windows\ExentInfo.exe
2014-03-17 06:22:51 -------- d-----w- C:\Program Files (x86)\Hoopla
2014-03-17 06:22:48 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-03-17 06:22:48 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-03-17 06:22:48 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-03-17 06:22:48 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-03-17 06:22:44 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-03-17 06:21:58 -------- d-----w- C:\Program Files (x86)\Re-Markable-soft
2014-03-17 06:21:45 -------- d-----w- C:\Users\Nathan\AppData\Local\Local_Weather_LLC
2014-03-17 06:21:11 -------- d-----w- C:\Users\Nathan\AppData\Local\WeatherAlerts
2014-03-17 06:20:42 -------- d-----w- C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo
2014-03-17 06:20:09 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-03-16 22:23:19 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-14 18:04:51 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{009DC049-436B-4974-A07A-FEC181FF5E51}\gapaengine.dll
2014-03-14 02:57:35 -------- d-----w- C:\Users\Nathan\AppData\Local\Facebook
2014-03-13 03:49:00 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 03:48:55 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 03:48:54 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-13 03:48:41 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 03:43:35 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 03:43:35 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 03:43:34 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 03:43:34 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-10 07:02:32 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-03-09 00:41:50 -------- d-----w- C:\Users\Nathan\AppData\Local\Logitech® Webcam Software
2014-03-09 00:39:51 -------- d-----w- C:\Users\Nathan\AppData\Local\LogiShrd
2014-03-09 00:37:53 53248 ----a-r- C:\Users\Nathan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-03-09 00:35:32 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2014-03-08 17:18:12 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-08 17:15:29 -------- d-----w- C:\Users\Nathan\AppData\Roaming\hpqLog
2014-03-05 21:01:56 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-03 04:50:03 -------- d-----w- C:\Users\Nathan\jagexcache
2014-03-01 17:08:02 -------- d-----w- C:\Users\Nathan\AppData\Roaming\FiestaOnline
2014-03-01 16:59:29 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-01 16:59:29 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-01 03:59:04 -------- d-----w- C:\Gamigo
2014-02-28 23:44:31 -------- d-----w- C:\Users\Nathan\AppData\Local\Gameforge4d
2014-02-28 23:44:10 -------- d-----w- C:\Program Files (x86)\GameforgeLive
2014-02-28 20:12:43 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-02-28 20:09:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-28 20:09:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-02-28 20:07:33 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-28 20:07:33 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-28 20:07:29 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-02-28 20:07:29 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-02-28 19:37:41 -------- d-----w- C:\Users\Nathan\jagexcache1
2014-02-28 18:26:57 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9419DF1-FA41-4892-A61C-E6AB4A10C516}\mpengine.dll
2014-02-28 07:02:42 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2014-02-28 07:02:34 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2014-02-28 07:00:28 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2014-02-28 06:53:00 -------- d-----w- C:\ProgramData\Turbine
2014-02-28 06:51:59 -------- d-----w- C:\ProgramData\HappyCloud
2014-02-27 19:12:39 -------- d-----w- C:\Users\Nathan\AppData\Local\CrashDumps
2014-02-27 08:02:04 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-27 08:02:04 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-26 23:47:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-26 21:02:39 -------- d-----w- C:\ProgramData\InternetUpdater
2014-02-26 20:53:00 -------- d-----w- C:\Users\Nathan\AppData\Roaming\Optimizer Pro
2014-02-26 20:52:44 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-02-26 20:52:25 -------- d-----w- C:\ProgramData\Updater
2014-02-26 20:52:25 -------- d-----w- C:\ProgramData\RHelpers
2014-02-26 20:52:15 -------- d-----w- C:\ProgramData\Websteroids
2014-02-26 20:52:12 -------- d-----w- C:\Users\Nathan\AppData\Local\SearchProtect
2014-02-26 20:51:32 -------- d-----w- C:\Program Files (x86)\sweetpacks bundle uninstaller
2014-02-26 14:31:50 -------- d-----w- C:\Users\Nathan\AppData\Roaming\Malwarebytes
2014-02-26 14:31:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-26 14:31:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 08:06:59 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-02-25 18:47:00 -------- d-----w- C:\Windows\ERUNT
2014-02-25 08:07:08 -------- d-----w- C:\Windows\Migration
2014-02-24 18:47:22 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-02-24 18:46:29 -------- d-----w- C:\Users\Nathan\AppData\Local\MoboGenie
2014-02-24 18:42:25 -------- d-----w- C:\_OTL
2014-02-24 16:23:27 -------- d-----w- C:\AdwCleaner
2014-02-24 16:17:00 -------- d-----w- C:\RegBackup
2014-02-24 16:10:10 -------- d-----w- C:\Users\Nathan\AppData\Local\VirtualStore
2014-02-24 15:51:11 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-02-24 02:10:36 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2014-02-24 02:10:26 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2014-02-24 02:10:26 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2014-02-24 02:10:24 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2014-02-24 02:08:45 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2014-02-24 02:08:44 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2014-02-24 02:08:10 -------- d-----w- C:\Windows\SysWow64\xlive
2014-02-24 02:07:56 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 18:02:12 -------- d-----w- C:\zoek_backup
2014-02-22 17:27:10 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-02-22 01:51:05 -------- d-----w- C:\Users\Nathan\AppData\Roaming\HP Support Assistant
2014-02-22 01:50:08 -------- d-----w- C:\Users\Nathan\AppData\Roaming\HpUpdate
2014-02-20 20:57:08 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-02-20 20:57:08 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-02-20 20:57:06 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-20 20:57:06 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-20 20:57:05 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-20 20:57:05 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-20 15:28:10 563989 ----a-w- C:\Users\Nathan\AppData\Local\Fiesta.bin
2014-02-20 11:36:05 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-02-20 11:35:42 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-20 11:35:31 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-20 11:35:28 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-20 11:21:08 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-20 11:21:08 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-20 11:21:07 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-02-20 11:21:06 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-02-20 11:07:03 -------- d-----w- C:\Windows\System32\MRT
2014-02-20 09:29:16 -------- d-----w- C:\Users\Nathan\AppData\Local\Apple Computer
2014-02-20 06:28:09 -------- d-----w- C:\Users\Nathan\AppData\Roaming\DVD Flick
2014-02-20 02:57:51 439296 ----a-w- C:\Windows\System32\plsapp64.dll
2014-02-20 02:57:49 354592 ----a-w- C:\Windows\SysWow64\plsapp.dll
2014-02-20 02:57:46 -------- d-----w- C:\ProgramData\PureLeads
2014-02-20 02:57:44 -------- d-----w- C:\Program Files (x86)\PureLeads
2014-02-20 02:39:29 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2014-02-20 02:39:29 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll
2014-02-20 02:39:29 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx
2014-02-20 02:39:29 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2014-02-20 02:39:29 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx
2014-02-20 02:39:29 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx
2014-02-20 02:39:28 -------- d-----w- C:\Program Files (x86)\DVD Flick
2014-02-20 02:11:30 82816 ----a-w- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
2014-02-20 02:11:20 -------- d-----w- C:\ProgramData\VSO
2014-02-20 02:11:20 -------- d-----w- C:\Program Files (x86)\VSO
2014-02-19 22:23:59 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-19 22:22:59 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-02-19 22:21:39 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-02-19 22:17:39 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-02-19 20:44:07 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-02-19 20:44:02 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-02-19 20:36:50 -------- d-----w- C:\ProgramData\CheckPoint
2014-02-19 18:32:24 -------- d-----w- C:\ProgramData\BlueStacks
2014-02-19 17:24:45 -------- d-----w- C:\ProgramData\Oracle
2014-02-19 17:14:11 -------- d-----w- C:\Users\Nathan\AppData\Roaming\RealNetworks
2014-02-19 17:14:04 -------- d-----w- C:\Users\Nathan\AppData\Local\Real
2014-02-19 17:13:38 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-02-19 17:13:34 -------- d-----w- C:\ProgramData\RealNetworks
2014-02-19 17:13:19 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-02-19 17:11:54 -------- d-----w- C:\Users\Nathan\AppData\Local\Google
2014-02-19 17:11:10 -------- d-----w- C:\Users\Nathan\.android
2014-02-19 17:11:09 -------- d-----w- C:\Users\Nathan\AppData\Local\cache
2014-02-19 17:11:06 -------- d-----w- C:\Users\Nathan\AppData\Local\genienext
2014-02-19 17:10:47 -------- d-----w- C:\Users\Nathan\AppData\Local\MovieMode
2014-02-19 17:10:40 -------- d-----w- C:\Users\Nathan\AppData\Local\Programs
2014-02-19 17:10:07 -------- d-----w- C:\ProgramData\MovieMode
2014-02-19 16:29:47 -------- d-----w- C:\Users\Nathan\AppData\Local\Apple
2014-02-18 01:37:40 -------- d-----w- C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2014-02-18 01:00:53 -------- d-----w- C:\Users\Nathan\AppData\Roaming\WildTangent
2014-02-18 00:22:32 -------- d-----w- C:\Users\Nathan\AppData\Roaming\.minecraft
2014-02-18 00:22:01 -------- d-----w- C:\Users\Nathan\AppData\Local\Hewlett-Packard
.
==================== Find3M ====================
.
2014-03-12 04:57:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:57:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-26 08:06:59 942592 ----a-w- C:\Windows\System32\jsIntl.dll
2014-02-20 10:03:41 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-19 17:12:57 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-02-19 17:12:57 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-02-10 23:32:54 1152656 ----a-w- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
.
============= FINISH: 16:00:00.82 ===============





@@@@@@@@@@@@@@@@@@@@@



Attach log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2010 5:42:26 PM
System Uptime: 3/18/2014 3:39:11 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Narra6
Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 349.192 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.479 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 12 ActiveX
Adobe Shockwave Player 11.6
Age of Empires Online
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
BitTorrent
Bonjour
CameraHelperMsi
CCleaner
Compatibility Pack for the 2007 Office system
Consumer Input
Consumer Input (remove only)
CyberLink DVD Suite Deluxe
D3DX10
DesktopWeatherAlerts
DioscountLoocator
DirectX for Managed Code Update (Summer 2004)
DivX Web Player
DVD Flick 1.3.0.7
EnhanceTronic
erLT
Facebook Video Calling 2.0.0.447
Fiesta Online NA
FileParade bundle uninstaller
Gameforge Live 1.10.1 "Legend"
GigaClicks Crawler
Google Chrome
Google Update Helper
Happy Cloud Client
Hewlett-Packard ACLM.NET v1.2.2.3
Hoopla
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
iCloud
ImgBurn
Internet Updater
iTunes
Java 7 Update 51
Java 7 Update 9 (64-bit)
Java Auto Updater
Junk Mail filter update
LabelPrint
LightScribe System Software
Logitech Vid HD
Logitech Webcam Software
LSI PCI-SV92EX Soft Modem
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mobogenie
Movie Mode
MSVCRT
MSVCRT_amd64
NVIDIA Display Control Panel
NVIDIA Drivers
Optimizer Pro v3.2
Pando Media Booster
PC Fix Speed 1.2.0.42
PC Tech Hotline
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
PowerISO
PureLeads
PVSonyDll
QuickTime
Re-Markable
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
RuneScape Launcher 1.2.3
S.K.I.L.L. - Special Force 2
Safari
Search Protect
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
swMSM
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab Detection
The Lord of the Rings Online
The weDownload Manager
Tweaking.com - Registry Backup
Update Installer for WildTangent Games App
Updater
Updater By SweetPacks 2.0.0.566
VC80CRTRedist - 8.0.50727.762
VSO ConvertXToDVD
Websteroids
WildTangent Games App
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (64-bit)
Yahoo! Toolbar
ZoneAlarm Antivirus
.
==== End Of File ===========================
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am
Advertisement
Register to Remove

Re: Need help with malware removal

Unread postby Cypher » March 19th, 2014, 12:26 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



There are signs of an infection in your logs, so i will need you to run further scans for me.

Registry Backup (TCRB)
You appear to have Tweaking.com - Registry Backup installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  • Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  • It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  • Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  • When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  • Close and exit the program.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
BitTorrent
DesktopWeatherAlerts
Java 7 Update 9 (64-bit)
McAfee Security Scan Plus
Optimizer Pro v3.2
PC Fix Speed 1.2.0.42
Search Protect
Updater By SweetPacks 2.0.0.566
Websteroids
ZoneAlarm Antivirus

Next.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Launch Malwarebytes, then click > Settings Tab > Scanner Settings > Under action for PUP > make sure Show in Results List and Check for removal is selected.
  • Now Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Logs/Information to Post in your Next Reply
  • Malwarebytes log.
  • zoek-results.log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with malware removal

Unread postby rebeccabroke » March 19th, 2014, 6:50 pm

I have done everything you have asked of me. One problem though, the extras.txt was not there not minimized didnt pop up at all. Here are the others though


malwarebytes log



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.19.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Nathan :: BRAT [administrator]

3/19/2014 4:36:18 PM
mbam-log-2014-03-19 (16-36-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284384
Time elapsed: 16 minute(s), 13 second(s)

Memory Processes Detected: 8
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdaterService.A) -> 1480 -> Delete on reboot.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 4720 -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 5152 -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 5432 -> Delete on reboot.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 3120 -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe (PUP.Optional.Consumer.Input.A) -> 6020 -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update\Install\{BE8DF344-813B-42A4-8670-DC793877E53B}\ConsumerInputUpdateSetup.exe (PUP.Optional.Consumer.Input.A) -> 10056 -> Delete on reboot.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe (PUP.Optional.InstallX.A) -> 4224 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 66
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater (PUP.Optional.InternetUpdaterService.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\consumerinput_update (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CONSUMERINPUTUPDATE.EXE (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{18887D94-91CA-106D-9149-2FA3110EA14E} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18887D94-91CA-106D-9149-2FA3110EA14E} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{18887D94-91CA-106D-9149-2FA3110EA14E} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54} (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCR\DynConIE.DynConIEObject.1 (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCR\DynConIE.DynConIEObject (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\dcabho.Dca.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\dcabho.Dca (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoCreateAsync (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoCreateAsync.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreClass (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreClass.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreMachineClass (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CoreMachineClass.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CredentialDialogMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.CredentialDialogMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.ProcessLauncher (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.ProcessLauncher.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3COMClassService (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3COMClassService.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachine (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachine.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebSvc (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\ConsumerInputUpdate.Update3WebSvc.1.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\consumerinput_updatem (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\Interface\{15527BF5-9729-49DC-889C-9F956983154C} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\CptUrlPassthru.HttpMonitor.1 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\CptUrlPassthru.HttpMonitor (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{294BC5A4-7157-4131-AB81-1DEC393D0F0A} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{95C8DE84-989C-4235-A5B1-84E8B6A4384A} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 1763663518884691967 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Data: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 1763663518884691967 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|InstallX Search Protect for Yahoo (PUP.Optional.InstallX.A) -> Data: "C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT33237 ... CC29&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 44
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Delete on reboot.
C:\ProgramData\Websteroids (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox\chrome (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox\chrome\content (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\IE (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed\News (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\CT3325809 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers (PUP.Optional.Searchagent) -> Delete on reboot.
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Delete on reboot.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0 (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Users\Nathan\AppData\Local\Consumer Input (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Consumer Input\CrashReports (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\CrashReports (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Firefox (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Monitoring (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149 (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update\Download (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{CC54C892-82DC-4D95-ACDE-8C84EF71C2CE} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{CC54C892-82DC-4D95-ACDE-8C84EF71C2CE}\0.0.0.0 (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Install (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update\Install\{BE8DF344-813B-42A4-8670-DC793877E53B} (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update\Offline (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Offline\{8EB6038F-5FDB-46EC-879D-D4918F492E9F} (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0 (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo (PUP.Optional.InstallX.A) -> Delete on reboot.

Files Detected: 195
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdaterService.A) -> Delete on reboot.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\ProgramData\DioscountLoocator\GT2Jn6.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\IE\common.dll (PUP.Optional.Radsteroids.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\ProgramData\DioscountLoocator\GT2Jn6.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\DioscountLoocator\GT2Jn6.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Windows\System32\MovieMode.48CA2AEFA22D.dll (Adware.SaMon) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\ConsumerInputSetup.exe (PUP.Optional.ConsumerInput) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\nsh602F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\nsr298F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\nsr659C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\nsrBDFB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\nswC211.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Local\Temp\nswAF37\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3779.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3B85.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM3CD1.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUM4B71.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMC4AB.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMDBF3.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUME654.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF5B9.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\ConsumerInputCrashHandler.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\ConsumerInputUpdate.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\ConsumerInputUpdateBroker.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\ConsumerInputUpdateOnDemand.exe (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\goopdate.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\psmachine.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\GUMF6EB.tmp\psuser.dll (PUP.Optional.ConsumerInput.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\FileOpenerSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\FLV_Media_Player.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\HD_Player__CD5MTCD15543_0_0_0_0_9b055f1df8531293ef539cbbda39810eca8dcd66-78-3.exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\HD_Player__CD5MTCD15543_0_0_0_22_8b59ac4935426094ca618b4432d3f054848246bf-78-3.exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\HijackThis_TSV26XXV7.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\iLividSetup-r400-n-bc (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\iLividSetup-r400-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Nathan\Downloads\WinRAR_TSV3577TG.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\Local Settings\Temporary Internet Files\Content.IE5\FYGN6NC0\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\Local Settings\Temporary Internet Files\Content.IE5\HJOSZSQF\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Re-Markable Update.job (PUP.Optional.ReMarkable.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\app.dat (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Uninstall.exe (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Websteroids.ico (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\common.crx (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\_common.crx (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\announce.js (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\background.html (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\common.js (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\contentscript.js (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\icon.png (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\icon128.png (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\icon16.png (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\icon48.png (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\iframecontentscript.js (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Chrome\unzip\manifest.json (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox\chrome.manifest (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox\install.rdf (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox\chrome\content\main.js (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\ProgramData\Websteroids\Firefox\chrome\content\overlay.xul (PUP.Optional.Websteroids.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed\faq.htm (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_MLM_horizontal.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_SO_horizontal.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_trialpay_tray_ads.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_uninstall_discount_offer.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Nathan\AppData\Local\Temp\CT3325809\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\announce.js (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\background.html (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\common.js (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\contentscript.js (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\icon128.png (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\icon16.png (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\icon48.png (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\iframecontentscript.js (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\manifest.json (PUP.Optional.MultiIE) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\CIuninstall.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\CIuninstall.ico (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Firefox\uninstall.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Firefox\uninstall.ico (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\cookie-retriever.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\cpturlpassthru.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-host.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca.js (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\logger.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\mozjs185-1.0.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.ico (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.log (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Monitoring\cinm-host.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Program Files (x86)\Consumer Input\Monitoring\manifest.json (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.ico (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputCrashHandler.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdate.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateBroker.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateHelper.msi (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateOnDemand.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdate.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_de.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_en.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_es-419.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_es.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_fr.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_ja.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_zh-CN.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\psmachine.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\psuser.dll (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12007.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\MonitoringTool-3.2.1-820.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0\ciff-3.2.0-749.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Download\{CC54C892-82DC-4D95-ACDE-8C84EF71C2CE}\0.0.0.0\ConsumerInputUpdateSetup.exe (PUP.Optional.Consumer.Input.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Consumer Input\Update\Install\{BE8DF344-813B-42A4-8670-DC793877E53B}\ConsumerInputUpdateSetup.exe (PUP.Optional.Consumer.Input.A) -> Delete on reboot.
C:\Users\Nathan\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\128.png (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\19.png (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\48.png (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\background.html (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\flavour.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\logger.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\main.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\manifest.json (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\mgHelperGC.dll (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\newtab.html (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\newtab.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\popup.html (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\popup.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\simapp.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\toolbar.js (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe (PUP.Optional.InstallX.A) -> Delete on reboot.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log (PUP.Optional.InstallX.A) -> Delete on reboot.
C:\Users\Nathan\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor~1.log (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully.

(end)



zoek log here




Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Nathan on Wed 03/19/2014 at 18:10:03.48.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nathan\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

3/19/2014 6:13:57 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{76798B12-AE0C-4108-8737-A53950CC1A1E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MgAssistService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MgAssistService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Re-Markable deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Re-Markable deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util EnhanceTronic deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util EnhanceTronic deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util EnhanceTronic deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util EnhanceTronic deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update EnhanceTronic deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update EnhanceTronic deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Leigh\AppData\Roaming\Mozilla\Firefox\Profiles\0

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140319_0624_.backup

ProfilePath: C:\Users\Leigh\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140319_0624_.backup

==== Deleting Files \ Folders ======================

C:\Users\Nathan\AppData\LocalLow\{18887D94-91CA-106D-9149-2FA3110EA14E} deleted
C:\Users\Nathan\AppData\Local\Packages\windows_ie_ac_001\AC\{18887D94-91CA-106D-9149-2FA3110EA14E} deleted
C:\PROGRA~3\cc792261f535a020 deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\Users\Nathan\AppData\Local\genienext deleted
C:\Users\Leigh\daemonprocess.txt deleted
C:\Users\Nathan\daemonprocess.txt deleted
C:\Users\Nathan\.android deleted
C:\PROGRA~3\DioscountLoocator deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\1ClickDownload deleted
C:\PROGRA~2\sweetpacks bundle uninstaller deleted
C:\PROGRA~2\Chrome deleted
C:\Users\Leigh\AppData\Roaming\Yontoo deleted
C:\Users\Nathan\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Updater deleted
C:\Users\Leigh\AppData\Local\SavingsApp deleted
C:\Users\Leigh\AppData\Local\MoboGenie deleted
C:\Users\Leigh\AppData\Local\Conduit deleted
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\Users\Nathan\AppData\Local\MoboGenie deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Guest\AppData\LocalLow\SweetIM deleted
C:\Users\Leigh\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Users\Leigh\AppData\LocalLow\comcasttb deleted
C:\Users\Leigh\AppData\LocalLow\FunWebProducts deleted
C:\Users\Nathan\AppData\LocalLow\Yahoo! deleted
C:\Users\Nathan\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\tasks\Re-Markable_wd.job deleted
C:\Windows\tasks\PC Optimizer Pro64 startups.job deleted
C:\windows\SysNative\tasks\PC Optimizer Pro64 startups deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Nathan\Documents\Optimizer Pro deleted
C:\Users\Leigh\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi deleted
"C:\Users\Nathan\AppData\Roaming\Vso" deleted
"C:\Users\Nathan\AppData\Local\cache" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"="C:\Program Files\Updater By SweetPacks\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [02/19/2014 01:13 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"ConsumerInput@Compete"="C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi" []

==== Firefox Extensions ======================

ExtDir: C:\Users\Leigh\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- HDvid Codec - %ExtDir%\hdvc@hdvc.com.xpi

==== Firefox Plugins ======================


==== Deleted Firefox Extensions ======================

C:\Users\Leigh\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\hdvc@hdvc.com.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bcjagnifjocnddgeknajocbkkhlgibem - C:\Program Files (x86)\Chrome\surfcanyon.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 04:24 PM]
kpkbnefaikfaeadgidhpoanckoiaheli - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx[]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]

Surf Canyon - Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Yahoo Toolbar for Chrome - Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag
RealDownloader - Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
tperfectcoupon - Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfcdknpgajljijchkglgnkcncjnpejfl

==== Chrome Fix ======================

C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fate.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcjagnifjocnddgeknajocbkkhlgibem_0.localstorage deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcjagnifjocnddgeknajocbkkhlgibem_0.localstorage-journal deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfcdknpgajljijchkglgnkcncjnpejfl deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfcdknpgajljijchkglgnkcncjnpejfl_0.localstorage deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfcdknpgajljijchkglgnkcncjnpejfl_0.localstorage-journal deleted successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-957906173-523527262-2365119751-1002\Software\Mozilla\Firefox\Extensions\ConsumerInput@Compete deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\e1241116-a0a2-47e9-983f-26659195f44e deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIDDesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Doctor for Windows localizer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leigh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leigh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=483 folders=76 16029290 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\hedev\AppData\Local\Temp emptied successfully
C:\Users\Leigh\AppData\Local\Temp emptied successfully
C:\Users\Nathan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nathan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 03/19/2014 at 18:34:11.35 ======================
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby rebeccabroke » March 19th, 2014, 6:51 pm

otl log




OTL logfile created on: 3/19/2014 6:38:35 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 41.45% Memory free
5.50 Gb Paging File | 3.06 Gb Available in Paging File | 55.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.79 Gb Total Space | 358.35 Gb Free Space | 78.62% Space Free | Partition Type: NTFS
Drive D: | 9.87 Gb Total Space | 1.48 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
Drive E: | 136.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BRAT | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/13 22:59:52 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2014/02/23 14:09:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2014/02/19 21:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/19 13:13:01 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/01/23 19:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 19:12:52 | 000,083,232 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
PRC - [2014/01/23 19:12:50 | 003,690,784 | ---- | M] (Sendori) -- C:\Program Files (x86)\PureLeads\plsapp.exe
PRC - [2014/01/23 19:12:50 | 000,024,352 | ---- | M] (sendori) -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 09:36:02 | 000,337,432 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 22:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/08 13:20:16 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2014/02/20 17:01:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/20 16:52:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/20 16:52:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/20 16:51:45 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/20 16:51:07 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/20 16:50:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/20 16:50:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/20 16:50:36 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
MOD - [2014/02/20 16:50:36 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll
MOD - [2014/02/20 16:50:35 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/20 16:50:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/20 16:50:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/20 16:50:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/20 16:49:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/20 16:49:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/20 16:49:45 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/19 21:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 21:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 21:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 21:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 21:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 21:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 21:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 21:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/29 19:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 19:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 19:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 19:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 19:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 19:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 19:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/09/29 19:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2014/03/12 00:57:42 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 21:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/01/23 19:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 19:12:50 | 003,690,784 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\plsapp.exe -- (plsapp)
SRV - [2014/01/23 19:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/09 02:31:54 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/17 03:02:04 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013/04/04 15:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/27 09:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/30 13:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 AF 99 B8 04 38 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nathan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/19 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/19 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b3ff0533-c7fb-4727-a4e7-3358482332ab}: C:\Program Files (x86)\Re-Markable-soft\157.xpi [2014/03/17 02:21:58 | 000,014,746 | ---- | M] ()

[2014/02/26 16:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\extensions
[2014/02/26 16:52:25 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
[2013/04/16 21:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx? ... A5DCC29&q={searchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms},
CHR - homepage: http://search.conduit.com/?ctid=CT33237 ... CC29&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DioscountLoocator) - {18887D94-91CA-106D-9149-2FA3110EA14E} - C:\ProgramData\DioscountLoocator\GT2Jn6.x64.dll File not found
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4091BD3D-4A59-48F8-8FA7-C0E933889BDD}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/10 22:16:19 | 000,000,075 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{fc73facf-4378-11df-84f5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fc73facf-4378-11df-84f5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/03/10 22:24:35 | 000,128,336 | R--- | M] (Logitech, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/19 18:34:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/19 18:29:59 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/03/19 18:29:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Temp
[2014/03/18 02:38:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Packages
[2014/03/18 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Nathan\.jagex_cache_32
[2014/03/17 19:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/03/17 02:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Consumer Input
[2014/03/17 02:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Re-Markable-soft
[2014/03/17 02:15:50 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\New folder
[2014/03/13 22:57:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Facebook
[2014/03/13 15:44:42 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\Government Corruption
[2014/03/10 13:32:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Template
[2014/03/10 03:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2014/03/08 20:41:50 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Logitech® Webcam Software
[2014/03/08 20:39:51 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\LogiShrd
[2014/03/08 20:37:54 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Leadertech
[2014/03/08 20:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2014/03/08 20:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2014/03/08 20:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/03/08 20:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/03/08 20:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2014/03/08 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/03/08 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/03/08 13:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2014/03/08 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/03/08 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\hpqLog
[2014/03/03 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/03/03 00:50:03 | 000,000,000 | ---D | C] -- C:\Users\Nathan\jagexcache
[2014/03/01 13:08:02 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\FiestaOnline
[2014/03/01 13:05:31 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamigo
[2014/02/28 23:59:04 | 000,000,000 | ---D | C] -- C:\Gamigo
[2014/02/28 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Gameforge4d
[2014/02/28 19:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
[2014/02/28 19:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameforgeLive
[2014/02/28 16:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/02/28 16:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/28 16:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/28 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nathan\jagexcache1
[2014/02/28 02:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\The Lord of the Rings Online
[2014/02/28 02:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Turbine
[2014/02/28 02:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud
[2014/02/27 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\CrashDumps
[2014/02/26 19:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/26 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/02/26 17:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/02/26 17:00:54 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\WinRAR
[2014/02/26 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Mozilla
[2014/02/26 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Malwarebytes
[2014/02/26 10:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/26 10:31:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/26 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/26 10:30:02 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nathan\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/25 14:47:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 14:42:51 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Nathan\Desktop\JRT.exe
[2014/02/25 04:07:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/24 14:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 12:23:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/24 12:17:00 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/24 12:10:10 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\VirtualStore
[2014/02/24 11:51:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/24 11:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/23 22:15:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\Games for Windows - LIVE Demos
[2014/02/23 22:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2014/02/23 22:08:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2014/02/23 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2014/02/23 22:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2014/02/23 14:09:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2014/02/23 14:02:12 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/02/21 21:51:05 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HP Support Assistant
[2014/02/21 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HpUpdate
[2014/02/20 07:07:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/20 05:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Apple Computer
[2014/02/20 02:37:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\dvd
[2014/02/20 02:28:09 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\DVD Flick
[2014/02/20 02:28:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\ImgBurn
[2014/02/19 22:57:51 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/19 22:57:49 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/02/19 22:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/02/19 22:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/02/19 22:55:08 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/02/19 22:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/02/19 22:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2014/02/19 22:39:29 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll
[2014/02/19 22:39:29 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx
[2014/02/19 22:39:29 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx
[2014/02/19 22:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[2014/02/19 22:11:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
[2014/02/19 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\PcSetup
[2014/02/19 22:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2014/02/19 22:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2014/02/19 16:44:07 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/02/19 16:44:02 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/19 16:44:02 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/19 16:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2014/02/19 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/02/19 13:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/19 13:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/19 13:14:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\RealNetworks
[2014/02/19 13:14:04 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Real
[2014/02/19 13:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/02/19 13:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/02/19 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/02/19 13:13:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/02/19 13:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/02/19 13:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Real
[2014/02/19 13:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/19 13:11:54 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Google
[2014/02/19 13:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/19 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/02/19 13:10:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\MovieMode
[2014/02/19 13:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs
[2014/02/19 13:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/02/19 12:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Apple
[2014/02/19 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Macromedia
[2014/02/17 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
[2014/02/17 21:01:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Adobe
[2014/02/17 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\WildTangent
[2014/02/17 20:22:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2014/02/17 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Hewlett-Packard
[2014/02/17 20:22:01 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Hewlett-Packard
[2014/02/17 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Zemana
[2014/02/17 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\ID Vault
[2014/02/17 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Apple Computer
[2014/02/17 20:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/17 20:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Searches
[2014/02/17 20:21:51 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/17 20:21:51 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/17 20:21:42 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Identities
[2014/02/17 20:21:40 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Contacts
[2014/02/17 20:21:35 | 000,000,000 | --SD | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Videos
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Saved Games
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Pictures
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Music
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Links
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Favorites
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Downloads
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Documents
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\Desktop
[2014/02/17 20:21:35 | 000,000,000 | R--D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\Temporary Internet Files
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Templates
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Start Menu
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\SendTo
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Recent
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\PrintHood
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\NetHood
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Videos
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Pictures
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Documents\My Music
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\My Documents
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Local Settings
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\History
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Cookies
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\Application Data
[2014/02/17 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\Nathan\AppData\Local\Application Data
[2014/02/17 20:21:35 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData
[2014/02/17 20:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Microsoft
[2014/02/17 20:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/03/19 18:43:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002.job
[2014/03/19 18:40:48 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 18:40:48 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 18:32:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/19 18:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/19 18:31:15 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/19 18:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/19 18:09:06 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/03/19 17:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/19 17:05:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA.job
[2014/03/19 15:36:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BRAT--(64-bit).dat
[2014/03/19 02:25:13 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core.job
[2014/03/18 20:02:03 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNathan.job
[2014/03/18 15:03:23 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLeigh.job
[2014/03/18 01:02:43 | 000,000,023 | ---- | M] () -- C:\Users\Nathan\jagexappletviewer.preferences
[2014/03/18 01:01:23 | 000,000,032 | ---- | M] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
[2014/03/17 02:23:13 | 000,000,066 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2014/03/17 02:21:59 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/14 18:34:35 | 000,000,433 | ---- | M] () -- C:\Users\Nathan\Desktop\New Rich Text Document.rtf
[2014/03/13 11:29:01 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/13 11:29:00 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/13 11:29:00 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/13 03:19:31 | 000,330,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/10 13:32:33 | 000,000,000 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\wklnhst.dat
[2014/03/08 20:38:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2014/03/08 20:35:02 | 000,001,590 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2014/03/08 13:26:50 | 000,002,183 | ---- | M] () -- C:\Users\Nathan\Desktop\HP Support Assistant.lnk
[2014/03/03 00:50:22 | 000,002,060 | ---- | M] () -- C:\Users\Nathan\Desktop\RuneScape.lnk
[2014/03/01 13:05:34 | 000,001,667 | ---- | M] () -- C:\Users\Nathan\Desktop\Fiesta Online NA.lnk
[2014/03/01 13:03:16 | 001,244,192 | ---- | M] () -- C:\Users\Nathan\Desktop\adwcleaner.exe
[2014/02/28 19:46:30 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
[2014/02/28 19:44:15 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
[2014/02/28 16:09:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/28 15:37:41 | 000,000,046 | ---- | M] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat
[2014/02/26 17:13:40 | 000,002,430 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/02/26 17:05:26 | 000,000,999 | ---- | M] () -- C:\Users\Nathan\Desktop\WinRAR.lnk
[2014/02/26 10:31:46 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 10:30:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nathan\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/26 04:07:00 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/26 04:06:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/26 04:01:45 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/25 20:26:02 | 000,096,256 | ---- | M] () -- C:\Users\Nathan\Desktop\SystemLook_x64.exe
[2014/02/25 14:43:00 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Nathan\Desktop\JRT.exe
[2014/02/24 12:21:19 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 11:51:11 | 000,002,201 | ---- | M] () -- C:\Users\Nathan\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/23 14:09:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2014/02/23 14:07:17 | 001,414,034 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.scr
[2014/02/23 14:07:13 | 001,414,034 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.com
[2014/02/23 13:58:50 | 001,284,608 | ---- | M] () -- C:\Users\Nathan\Desktop\zoek.exe
[2014/02/23 11:12:58 | 000,140,300 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/21 14:09:35 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/20 11:59:22 | 000,563,989 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Fiesta.bin
[2014/02/19 22:55:08 | 000,001,831 | ---- | M] () -- C:\Users\Nathan\Desktop\ImgBurn.lnk
[2014/02/19 22:39:32 | 000,001,880 | ---- | M] () -- C:\Users\Nathan\Desktop\DVD Flick.lnk
[2014/02/19 22:11:30 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Nathan\AppData\Roaming\pcouffin.sys
[2014/02/19 22:11:30 | 000,007,859 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.cat
[2014/02/19 22:11:30 | 000,001,167 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.inf
[2014/02/19 22:11:27 | 000,001,186 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/19 17:24:06 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/02/19 17:15:10 | 000,002,245 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 14:34:30 | 000,000,856 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/02/19 14:31:15 | 000,002,660 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - wildgames.lnk
[2014/02/19 13:13:42 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2014/02/19 13:13:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/02/19 12:17:42 | 000,001,403 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2014/03/19 18:30:01 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/03/19 15:36:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BRAT--(64-bit).dat
[2014/03/17 02:25:27 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002.job
[2014/03/17 02:23:13 | 000,000,066 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2014/03/17 02:21:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/14 17:21:54 | 000,000,433 | ---- | C] () -- C:\Users\Nathan\Desktop\New Rich Text Document.rtf
[2014/03/13 22:57:50 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA.job
[2014/03/13 22:57:48 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core.job
[2014/03/10 13:32:33 | 000,000,000 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\wklnhst.dat
[2014/03/08 20:38:49 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2014/03/08 20:35:02 | 000,001,590 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2014/03/08 13:28:05 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNathan.job
[2014/03/08 13:26:50 | 000,002,183 | ---- | C] () -- C:\Users\Nathan\Desktop\HP Support Assistant.lnk
[2014/03/03 00:53:13 | 000,000,023 | ---- | C] () -- C:\Users\Nathan\jagexappletviewer.preferences
[2014/03/03 00:50:22 | 000,002,090 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/03/03 00:50:22 | 000,002,060 | ---- | C] () -- C:\Users\Nathan\Desktop\RuneScape.lnk
[2014/03/01 13:02:56 | 001,244,192 | ---- | C] () -- C:\Users\Nathan\Desktop\adwcleaner.exe
[2014/03/01 00:12:36 | 000,001,667 | ---- | C] () -- C:\Users\Nathan\Desktop\Fiesta Online NA.lnk
[2014/02/28 19:46:30 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
[2014/02/28 19:44:15 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
[2014/02/28 16:09:34 | 000,002,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/02/28 15:37:41 | 000,000,046 | ---- | C] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat
[2014/02/26 17:18:55 | 009,680,896 | ---- | C] () -- C:\Users\Nathan\Desktop\Fate-WT.exe
[2014/02/26 17:18:55 | 000,001,195 | ---- | C] () -- C:\Users\Nathan\Desktop\Kindly.nfo
[2014/02/26 17:05:26 | 000,000,999 | ---- | C] () -- C:\Users\Nathan\Desktop\WinRAR.lnk
[2014/02/26 10:31:46 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 04:07:00 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/26 04:06:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/25 20:26:01 | 000,096,256 | ---- | C] () -- C:\Users\Nathan\Desktop\SystemLook_x64.exe
[2014/02/24 12:21:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/02/24 11:51:11 | 000,002,201 | ---- | C] () -- C:\Users\Nathan\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/23 13:58:33 | 001,284,608 | ---- | C] () -- C:\Users\Nathan\Desktop\zoek.exe
[2014/02/23 11:12:58 | 000,140,300 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/20 11:28:10 | 000,563,989 | ---- | C] () -- C:\Users\Nathan\AppData\Local\Fiesta.bin
[2014/02/19 22:55:08 | 000,001,861 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2014/02/19 22:55:08 | 000,001,831 | ---- | C] () -- C:\Users\Nathan\Desktop\ImgBurn.lnk
[2014/02/19 22:39:32 | 000,001,880 | ---- | C] () -- C:\Users\Nathan\Desktop\DVD Flick.lnk
[2014/02/19 22:11:30 | 000,007,859 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.cat
[2014/02/19 22:11:30 | 000,001,167 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\pcouffin.inf
[2014/02/19 22:11:27 | 000,001,186 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/19 14:34:30 | 000,000,856 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/02/19 14:32:01 | 000,002,430 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/02/19 14:31:14 | 000,002,660 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - wildgames.lnk
[2014/02/19 13:25:20 | 000,000,032 | ---- | C] () -- C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
[2014/02/19 13:13:42 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2014/02/19 13:12:33 | 000,002,245 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/19 13:12:33 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/19 13:12:02 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/19 13:12:00 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 12:17:42 | 000,001,403 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/17 20:21:52 | 000,001,419 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/17 20:21:35 | 000,000,290 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/02/17 20:21:35 | 000,000,272 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/02 02:32:19 | 000,000,023 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2010/10/08 18:56:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/17 20:22:35 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2014/03/01 13:10:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\FiestaOnline
[2014/02/17 20:21:59 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ID Vault
[2014/02/20 02:28:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ImgBurn
[2014/03/08 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Leadertech
[2014/03/10 13:32:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Template
[2014/02/19 14:31:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby Cypher » March 20th, 2014, 6:36 am

Hi,
Good work so far, how is your computer running now any improvement?

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :otl
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx? ... A5DCC29&q= {searchTerms}&SSPV=
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSugg ... hx?prefix= {searchTerms},
    CHR - homepage: http://search.conduit.com/?ctid=CT33237 ... CC29&SSPV=
    O2:64bit: - BHO: (DioscountLoocator) - {18887D94-91CA-106D-9149-2FA3110EA14E} - C:\ProgramData\DioscountLoocator\GT2Jn6.x64.dll File not found
    O33 - MountPoints2\{fc73facf-4378-11df-84f5-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc73facf-4378-11df-84f5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/03/10 22:24:35 | 000,128,336 | R--- | M] (Logitech, Inc.)
    [2014/02/19 14:34:30 | 000,000,856 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with malware removal

Unread postby rebeccabroke » March 20th, 2014, 9:44 pm

Well my computer runs a little faster i can watch videos now without it skipping and webpages load pretty quickly. That eset scan took a long time but it finished.



OTL



All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18887D94-91CA-106D-9149-2FA3110EA14E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18887D94-91CA-106D-9149-2FA3110EA14E}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc73facf-4378-11df-84f5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc73facf-4378-11df-84f5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc73facf-4378-11df-84f5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc73facf-4378-11df-84f5-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nathan\Desktop\cmd.bat deleted successfully.
C:\Users\Nathan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Leigh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nathan
->Temp folder emptied: 72786 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 8196 bytes
->Google Chrome cache emptied: 364771354 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67739 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 348.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03202014_175400

Files\Folders moved on Reboot...
File move failed. E:\Setup.exe scheduled to be moved on reboot.
C:\Users\Nathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\plsapp.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




eset



C:\Users\Leigh\Downloads\Fifty_Shades_of_Grey__Trilogy_.exe Win32/Adware.1ClickDownload application
C:\Users\Leigh\Downloads\Fifty_Shades_Trilogy_(Book_1)_E_L_James_(M4B_for_iPod).exe Win32/Adware.1ClickDownload application
C:\Users\Leigh\Downloads\YontooClientSetup.exe multiple threats
C:\zoek_backup\C_PROGRA~3_Updater\Uninstall.exe multiple threats
C:\_OTL\MovedFiles\02242014_134225\C_Program Files\Updater By SweetPacks\Extension32.dll a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\EnhanceTronic\EnhanceTronicBHO.dll a variant of Win32/BrowseFox.F potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\EnhanceTronic\EnhanceTronicUninstall.exe Win32/BrowseFox.C potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe a variant of Win32/BrowseFox.G potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\EnhanceTronic\bin\EnhanceTronicBrowserFilter.exe a variant of MSIL/BrowseFox.B potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe a variant of Win32/BrowseFox.G potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\49074.xpi JS/Toolbar.Crossrider.B potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-bg.exe Win32/Toolbar.CrossRider.Z potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll Win32/Toolbar.CrossRider.Z potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll a variant of Win64/Toolbar.Crossrider.D potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe a variant of Win32/Toolbar.CrossRider.X potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-enabler.exe a variant of Win32/Toolbar.CrossRider.X potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe a variant of Win32/Toolbar.CrossRider.Y potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe a variant of Win32/Toolbar.CrossRider.X potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Program Files (x86)\The weDownload Manager\utils.exe Win32/Packed.VMDetector.D potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Local\Temp\~nsu.tmp\Au_.exe probably a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A potentially unwanted application
C:\_OTL\MovedFiles\02242014_134225\C_Users\Nathan\AppData\Roaming\Search Protection\SearchProtection.exe probably a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\_OTL\MovedFiles\02262014_135348\C_ProgramData\MovieMode\MovieMode.exe a variant of MSIL/Adware.PullUpdate.D application
C:\_OTL\MovedFiles\02262014_135348\C_ProgramData\MovieMode\MovieModeService.exe a variant of MSIL/Adware.PullUpdate.A application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Leigh\Downloads\ccsetup316.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Leigh\Downloads\backups\backup-20130416-221336-268.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481 (2).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Nathan\Downloads\cbsidlm-cbsi176-ImgBurn-ORG-10847481.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Nathan\Downloads\FirefoxSetup.exe a variant of Win32/InstallCore.KD potentially unwanted application
C:\_OTL\MovedFiles\02262014_135348\C_Users\Nathan\Downloads\zafwSetupWeb_120_121_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\Main\bin\uninstall.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\_OTL\MovedFiles\02272014_151109\C_Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby Cypher » March 21st, 2014, 7:48 am

Hi,
Well my computer runs a little faster i can watch videos now without it skipping and webpages load pretty quickly.

Good to hear your computer is running better, but we still have some work to do.

  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Reset Chrome
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Logs/Information to Post in your Next Reply

  • zoek-results.log.
  • AdwCleaner log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with malware removal

Unread postby rebeccabroke » March 22nd, 2014, 5:26 am

Okay so i did as you asked and well for a while there the computer was doing really well it wasnt lagging and stuff but now it is kind of lagging again and being slow to load webpages. I dont know why it is so flip floppy with the way it acts. Here are the two logs you requested.



zoek log




Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Nathan on Sat 03/22/2014 at 5:05:25.78.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nathan\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-03-19-223411.log 16666 bytes

==== Reset Google Chrome ======================

C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Leigh\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=483 folders=76 16029290 bytes)

==== EOF on Sat 03/22/2014 at 5:07:34.35 ======================




and the adwcleaner log



# AdwCleaner v3.022 - Report created 22/03/2014 at 05:17:42
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nathan - BRAT
# Running from : C:\Users\Nathan\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MovieMode

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\MovieMode
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Leigh\AppData\Local\MovieMode
Folder Deleted : C:\Users\Nathan\AppData\Local\MovieMode
File Deleted : C:\Users\Leigh\Desktop\HDVidCodec.lnk

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\5ced68fbd35ef42
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [22470 octets] - [24/02/2014 12:23:38]
AdwCleaner[R1].txt - [22529 octets] - [24/02/2014 12:32:45]
AdwCleaner[R2].txt - [17583 octets] - [24/02/2014 14:55:40]
AdwCleaner[R3].txt - [17644 octets] - [24/02/2014 14:56:39]
AdwCleaner[R4].txt - [10105 octets] - [22/03/2014 05:11:58]
AdwCleaner[S0].txt - [9703 octets] - [22/03/2014 05:17:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9763 octets] ##########





you would think after it deleted those registeries that it would run better??? idk thats why your the smart guy (:
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby Cypher » March 22nd, 2014, 7:03 am

Hi,
you would think after it deleted those registeries that it would run better?

We have cleaned a lot of junk out of your computer so you should be seeing some improvement.
Run this scan please then give me another update.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with malware removal

Unread postby rebeccabroke » March 22nd, 2014, 11:37 pm

Here is the jrt text!!!! And okay well if you have helped with everything you can help with i dont think this computer has an anti virus program on it and can you direct me on how to remove all the programs we have downloaded?? help me get rid of the programs and then get an anti virus program and a firewall cause i dont think i have one yet!!!










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nathan on Sat 03/22/2014 at 23:28:07.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 23:35:30.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby Cypher » March 23rd, 2014, 6:53 am

Hi,
i dont think this computer has an anti virus program on it

Your logs show that you have Microsoft Security Essentials installed.
Microsoft Security Essentials *Enabled/Updated

okay well if you have helped with everything you can help with, can you direct me on how to remove all the programs we have downloaded

We will be removing all the tools we have used soon, but i would like you to run two more scans for me.
I would like to rule malware out as the cause of the slowness you're seeing.

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Next

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • checkup.txt.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with malware removal

Unread postby rebeccabroke » March 23rd, 2014, 7:41 am

Okay. I have done the next two scans for you. On a side note though lol i have no experience with microsoft essentials at all i use to use zone alarm and avast but i guess it doesnt matter :)
here are the logs you requested.


security check




Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.117
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````






frst



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nathan (administrator) on BRAT on 23-03-2014 07:36:35
Running from C:\Users\Nathan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-01-27] (Power Software Ltd)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-02-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PureLeads Tray] - C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-957906173-523527262-2365119751-1002\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-957906173-523527262-2365119751-1002\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKU\S-1-5-21-957906173-523527262-2365119751-1002\...\Run: [Facebook Update] - C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-13] (Facebook Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x50AF99B80438CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx? ... A5DCC29&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9-x64 01 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 02 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 03 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 04 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 15 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (RealDownloader) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-10-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 07:36 - 2014-03-23 07:37 - 00011427 _____ () C:\Users\Nathan\Downloads\FRST.txt
2014-03-23 07:36 - 2014-03-23 07:36 - 00000000 ____D () C:\FRST
2014-03-23 07:35 - 2014-03-23 07:36 - 02157056 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2014-03-23 07:34 - 2014-03-23 07:34 - 00000986 _____ () C:\Users\Nathan\Desktop\New Text Document.txt
2014-03-23 07:33 - 2014-03-23 07:33 - 00987448 _____ () C:\Users\Nathan\Downloads\SecurityCheck.exe
2014-03-23 00:21 - 2014-03-23 00:22 - 00000000 ____D () C:\Users\Nathan\Desktop\Backgrounds
2014-03-22 23:57 - 2014-03-22 23:57 - 00000000 ____D () C:\Users\Nathan\Desktop\Anti Virus Stuff
2014-03-22 23:52 - 2014-03-22 23:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-22 23:48 - 2014-03-22 23:50 - 00000000 ____D () C:\Users\Nathan\Desktop\Preperation
2014-03-22 05:07 - 2014-03-19 18:34 - 00016666 _____ () C:\zoek-results2014-03-19-223411.log
2014-03-20 18:04 - 2014-03-20 18:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-19 18:13 - 2014-03-22 05:07 - 00000999 _____ () C:\zoek-results.log
2014-03-19 15:36 - 2014-03-19 15:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRAT--(64-bit).dat
2014-03-18 09:48 - 2014-03-18 09:48 - 00000000 ____D () C:\Users\Leigh\AppData\Local\Logitech® Webcam Software
2014-03-18 09:47 - 2014-03-18 09:47 - 00000000 ____D () C:\Users\Leigh\AppData\Local\LogiShrd
2014-03-18 09:46 - 2014-03-18 09:46 - 00000000 ____D () C:\Users\Leigh\AppData\Roaming\PC Tech Hotline
2014-03-18 02:38 - 2014-03-18 02:38 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Packages
2014-03-18 00:27 - 2014-03-18 00:27 - 00000000 ____D () C:\Users\Nathan\.jagex_cache_32
2014-03-17 17:55 - 2014-03-23 00:09 - 00069144 _____ () C:\Windows\PFRO.log
2014-03-17 17:55 - 2014-03-23 00:09 - 00000560 _____ () C:\Windows\setupact.log
2014-03-17 17:55 - 2014-03-17 17:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 02:25 - 2014-03-23 07:37 - 00000362 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002.job
2014-03-17 02:25 - 2014-03-17 02:25 - 00003278 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002
2014-03-17 02:25 - 2014-03-17 02:25 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-03-17 02:23 - 2014-03-17 02:23 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-17 02:21 - 2014-03-17 02:22 - 00000000 ____D () C:\Program Files (x86)\Re-Markable-soft
2014-03-17 02:21 - 2014-03-17 02:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-13 22:57 - 2014-03-23 05:32 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA.job
2014-03-13 22:57 - 2014-03-22 23:05 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core.job
2014-03-13 22:57 - 2014-03-13 23:00 - 00003910 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA
2014-03-13 22:57 - 2014-03-13 23:00 - 00003542 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core
2014-03-13 22:57 - 2014-03-13 22:58 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Facebook
2014-03-13 15:44 - 2014-03-23 00:01 - 00000000 ____D () C:\Users\Nathan\Desktop\Government Corruption
2014-03-12 23:55 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 23:55 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 23:55 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 23:55 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 23:55 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 23:55 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 23:55 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 23:55 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 23:55 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 23:55 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 23:55 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 23:55 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 23:55 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 23:55 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 23:55 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 23:55 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 23:55 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 23:55 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 23:55 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 23:55 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 23:55 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 23:55 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 23:55 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 23:55 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 23:55 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 23:55 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 23:55 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 23:55 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 23:55 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 23:55 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 23:54 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 23:54 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 23:54 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 23:54 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 23:54 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 23:54 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 23:54 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 23:54 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 23:54 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 23:54 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 23:49 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 23:48 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 23:48 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 23:48 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 23:43 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 23:43 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 23:43 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 23:43 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Template
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 _____ () C:\Users\Nathan\AppData\Roaming\wklnhst.dat
2014-03-10 03:02 - 2014-03-10 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-03-08 20:41 - 2014-03-08 20:41 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Logitech® Webcam Software
2014-03-08 20:39 - 2014-03-08 20:39 - 00000000 ____D () C:\Users\Nathan\AppData\Local\LogiShrd
2014-03-08 20:38 - 2014-03-08 20:38 - 00001971 _____ () C:\Users\Public\Desktop\Logitech Vid HD.lnk
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Leadertech
2014-03-08 20:35 - 2014-03-08 20:35 - 00001590 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2014-03-08 20:35 - 2014-03-08 20:35 - 00000000 ____D () C:\ProgramData\Logitech
2014-03-08 20:34 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-03-08 20:34 - 2014-03-08 20:34 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-03-08 20:29 - 2014-03-08 20:37 - 00010684 _____ () C:\Windows\system32\lvcoinst.log
2014-03-08 20:29 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-03-08 13:28 - 2014-03-22 20:01 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNathan
2014-03-08 13:28 - 2014-03-22 20:01 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForNathan.job
2014-03-08 13:15 - 2014-03-08 13:15 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\hpqLog
2014-03-03 00:53 - 2014-03-18 01:02 - 00000023 _____ () C:\Users\Nathan\jagexappletviewer.preferences
2014-03-03 00:50 - 2014-03-03 00:50 - 00002090 _____ () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-03-03 00:50 - 2014-03-03 00:50 - 00002060 _____ () C:\Users\Nathan\Desktop\RuneScape.lnk
2014-03-03 00:50 - 2014-03-03 00:50 - 00000000 ____D () C:\Users\Nathan\jagexcache
2014-03-03 00:50 - 2014-03-03 00:50 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-03-01 13:08 - 2014-03-01 13:10 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\FiestaOnline
2014-03-01 12:59 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-01 12:59 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-01 00:12 - 2014-03-01 00:12 - 00001839 _____ () C:\Users\Leigh\Desktop\Fiesta Online NA.lnk
2014-03-01 00:12 - 2014-03-01 00:12 - 00001839 _____ () C:\Users\Guest\Desktop\Fiesta Online NA.lnk
2014-02-28 23:59 - 2014-02-28 23:59 - 00000000 ____D () C:\Gamigo
2014-02-28 16:12 - 2014-02-28 16:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-28 16:10 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-28 16:10 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-28 16:10 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-28 16:10 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-28 16:10 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-28 16:10 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-28 16:10 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-28 16:10 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-28 16:10 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-28 16:10 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-28 16:10 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-28 16:10 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-28 16:10 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-28 16:10 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-28 16:10 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-28 16:10 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-28 16:10 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-28 16:10 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-28 16:10 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-28 16:10 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-28 16:10 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-28 16:10 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-28 16:09 - 2014-02-28 16:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-28 16:09 - 2014-02-28 16:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-28 16:07 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-28 16:07 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-28 16:07 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-28 16:07 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-28 15:37 - 2014-02-28 15:37 - 00000046 _____ () C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat
2014-02-28 15:37 - 2014-02-28 15:37 - 00000000 ____D () C:\Users\Nathan\jagexcache1
2014-02-28 03:02 - 2014-02-28 02:54 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-28 03:02 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-28 03:00 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-02-28 02:53 - 2014-03-19 16:26 - 00000000 ____D () C:\ProgramData\Turbine
2014-02-28 02:51 - 2014-03-19 16:25 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-02-27 15:12 - 2014-03-17 16:25 - 00000000 ____D () C:\Users\Nathan\AppData\Local\CrashDumps
2014-02-27 04:02 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-27 04:02 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-26 19:48 - 2014-02-26 19:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-26 19:47 - 2014-02-26 19:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-26 19:47 - 2014-02-26 19:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-26 19:47 - 2014-02-26 19:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-26 17:05 - 2014-02-26 17:05 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-26 17:00 - 2014-02-26 17:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\WinRAR
2014-02-26 16:52 - 2014-02-26 16:52 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Mozilla
2014-02-26 10:31 - 2014-02-26 10:31 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Malwarebytes
2014-02-26 10:31 - 2014-02-26 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 10:31 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 04:09 - 2013-10-14 19:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-02-26 04:07 - 2014-02-26 04:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-26 04:07 - 2014-02-26 04:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-26 04:07 - 2014-02-26 04:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-26 04:07 - 2014-02-26 04:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-26 04:06 - 2014-02-26 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-26 04:06 - 2014-02-26 04:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-26 04:06 - 2014-02-26 04:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-25 14:47 - 2014-02-25 14:47 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 14:42 - 2014-02-24 14:42 - 00000000 ____D () C:\_OTL
2014-02-24 12:23 - 2014-03-22 05:17 - 00000000 ____D () C:\AdwCleaner
2014-02-24 12:21 - 2014-02-24 12:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-24 12:17 - 2014-02-24 12:17 - 00000000 ____D () C:\RegBackup
2014-02-24 12:10 - 2014-02-28 16:24 - 00000000 ____D () C:\Users\Nathan\AppData\Local\VirtualStore
2014-02-24 11:51 - 2014-02-24 11:51 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-24 11:51 - 2014-02-24 11:51 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-23 22:22 - 2014-03-22 23:58 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-957906173-523527262-2365119751-1002
2014-02-23 22:22 - 2014-03-22 23:58 - 00003202 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-957906173-523527262-2365119751-1002
2014-02-23 22:10 - 2008-10-15 07:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-02-23 22:10 - 2008-10-15 07:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-23 22:10 - 2008-10-15 07:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-23 22:08 - 2014-02-23 22:08 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-23 22:08 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-02-23 22:08 - 2007-04-04 19:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-23 22:07 - 2014-02-23 22:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 14:02 - 2014-03-19 18:27 - 00000000 ____D () C:\zoek_backup
2014-02-23 11:12 - 2014-02-23 11:12 - 00140300 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-02-23 09:42 - 2014-02-23 09:42 - 00000000 ____D () C:\Users\Leigh\AppData\Roaming\Real
2014-02-21 21:51 - 2014-03-07 20:08 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\HP Support Assistant
2014-02-21 21:50 - 2014-03-07 20:08 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\HpUpdate
2014-02-21 14:48 - 2014-02-28 22:00 - 00000284 _____ () C:\Users\Nathan\Desktop\passwords n stuff.txt

==================== One Month Modified Files and Folders =======

2014-03-23 07:37 - 2014-03-23 07:36 - 00011427 _____ () C:\Users\Nathan\Downloads\FRST.txt
2014-03-23 07:37 - 2014-03-17 02:25 - 00000362 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002.job
2014-03-23 07:36 - 2014-03-23 07:36 - 00000000 ____D () C:\FRST
2014-03-23 07:36 - 2014-03-23 07:35 - 02157056 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2014-03-23 07:34 - 2014-03-23 07:34 - 00000986 _____ () C:\Users\Nathan\Desktop\New Text Document.txt
2014-03-23 07:33 - 2014-03-23 07:33 - 00987448 _____ () C:\Users\Nathan\Downloads\SecurityCheck.exe
2014-03-23 07:27 - 2014-02-19 13:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 06:56 - 2012-06-01 18:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 05:32 - 2014-03-13 22:57 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA.job
2014-03-23 05:32 - 2011-05-28 19:12 - 01249279 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 03:03 - 2013-12-20 21:02 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLeigh.job
2014-03-23 00:22 - 2014-03-23 00:21 - 00000000 ____D () C:\Users\Nathan\Desktop\Backgrounds
2014-03-23 00:19 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 00:19 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 00:11 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-23 00:09 - 2014-03-17 17:55 - 00069144 _____ () C:\Windows\PFRO.log
2014-03-23 00:09 - 2014-03-17 17:55 - 00000560 _____ () C:\Windows\setupact.log
2014-03-23 00:09 - 2014-02-19 13:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 00:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 00:06 - 2013-04-08 20:35 - 00000000 ____D () C:\Users\Leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-03-23 00:06 - 2013-04-08 20:27 - 00000000 ____D () C:\Perfect World Entertainment
2014-03-23 00:01 - 2014-03-13 15:44 - 00000000 ____D () C:\Users\Nathan\Desktop\Government Corruption
2014-03-22 23:58 - 2014-02-23 22:22 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-957906173-523527262-2365119751-1002
2014-03-22 23:58 - 2014-02-23 22:22 - 00003202 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-957906173-523527262-2365119751-1002
2014-03-22 23:57 - 2014-03-22 23:57 - 00000000 ____D () C:\Users\Nathan\Desktop\Anti Virus Stuff
2014-03-22 23:56 - 2010-01-07 22:33 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-22 23:56 - 2010-01-07 22:15 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-22 23:54 - 2014-03-22 23:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-22 23:53 - 2014-02-17 20:21 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Apple Computer
2014-03-22 23:51 - 2014-02-20 05:29 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Apple Computer
2014-03-22 23:50 - 2014-03-22 23:48 - 00000000 ____D () C:\Users\Nathan\Desktop\Preperation
2014-03-22 23:44 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\WildTangent
2014-03-22 23:44 - 2013-12-10 18:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WildTangent
2014-03-22 23:44 - 2010-10-13 18:02 - 00000000 ____D () C:\Users\Leigh\AppData\Roaming\WildTangent
2014-03-22 23:44 - 2010-08-24 18:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-22 23:44 - 2010-01-07 22:42 - 00000000 ____D () C:\ProgramData\WildTangent
2014-03-22 23:05 - 2014-03-13 22:57 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core.job
2014-03-22 20:01 - 2014-03-08 13:28 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNathan
2014-03-22 20:01 - 2014-03-08 13:28 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForNathan.job
2014-03-22 05:17 - 2014-02-24 12:23 - 00000000 ____D () C:\AdwCleaner
2014-03-22 05:07 - 2014-03-19 18:13 - 00000999 _____ () C:\zoek-results.log
2014-03-21 19:48 - 2011-11-11 16:40 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-21 19:48 - 2010-05-03 10:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-20 18:04 - 2014-03-20 18:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-19 18:34 - 2014-03-22 05:07 - 00016666 _____ () C:\zoek-results2014-03-19-223411.log
2014-03-19 18:27 - 2014-02-23 14:02 - 00000000 ____D () C:\zoek_backup
2014-03-19 18:24 - 2014-02-17 20:21 - 00000000 ____D () C:\Users\Nathan
2014-03-19 18:24 - 2010-05-02 17:42 - 00000000 ____D () C:\Users\Leigh
2014-03-19 17:06 - 2010-01-07 22:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-19 16:26 - 2014-02-28 02:53 - 00000000 ____D () C:\ProgramData\Turbine
2014-03-19 16:25 - 2014-02-28 02:51 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-03-19 16:03 - 2014-02-17 20:21 - 00000000 ___RD () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 15:36 - 2014-03-19 15:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRAT--(64-bit).dat
2014-03-18 15:03 - 2013-12-20 21:02 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLeigh
2014-03-18 09:48 - 2014-03-18 09:48 - 00000000 ____D () C:\Users\Leigh\AppData\Local\Logitech® Webcam Software
2014-03-18 09:47 - 2014-03-18 09:47 - 00000000 ____D () C:\Users\Leigh\AppData\Local\LogiShrd
2014-03-18 09:46 - 2014-03-18 09:46 - 00000000 ____D () C:\Users\Leigh\AppData\Roaming\PC Tech Hotline
2014-03-18 09:46 - 2010-05-02 17:57 - 00001419 _____ () C:\Users\Leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 03:18 - 2014-02-20 07:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 03:05 - 2010-06-09 22:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 02:38 - 2014-03-18 02:38 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Packages
2014-03-18 01:02 - 2014-03-03 00:53 - 00000023 _____ () C:\Users\Nathan\jagexappletviewer.preferences
2014-03-18 01:01 - 2014-02-19 13:25 - 00000032 _____ () C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
2014-03-18 00:27 - 2014-03-18 00:27 - 00000000 ____D () C:\Users\Nathan\.jagex_cache_32
2014-03-17 17:55 - 2014-03-17 17:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 16:25 - 2014-02-27 15:12 - 00000000 ____D () C:\Users\Nathan\AppData\Local\CrashDumps
2014-03-17 16:25 - 2010-01-07 22:05 - 00000000 ____D () C:\Windows\Panther
2014-03-17 02:25 - 2014-03-17 02:25 - 00003278 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002
2014-03-17 02:25 - 2014-03-17 02:25 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-03-17 02:23 - 2014-03-17 02:23 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-17 02:22 - 2014-03-17 02:21 - 00000000 ____D () C:\Program Files (x86)\Re-Markable-soft
2014-03-17 02:21 - 2014-03-17 02:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-17 02:21 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-17 02:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-17 02:13 - 2009-07-14 01:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-13 23:00 - 2014-03-13 22:57 - 00003910 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA
2014-03-13 23:00 - 2014-03-13 22:57 - 00003542 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core
2014-03-13 22:58 - 2014-03-13 22:57 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Facebook
2014-03-13 11:29 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 03:19 - 2009-07-14 00:45 - 00330672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:18 - 2013-03-22 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:18 - 2013-03-22 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 00:57 - 2012-06-01 18:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 00:57 - 2012-06-01 18:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 00:57 - 2011-05-28 19:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 13:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Template
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 _____ () C:\Users\Nathan\AppData\Roaming\wklnhst.dat
2014-03-10 03:02 - 2014-03-10 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-03-08 20:41 - 2014-03-08 20:41 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Logitech® Webcam Software
2014-03-08 20:39 - 2014-03-08 20:39 - 00000000 ____D () C:\Users\Nathan\AppData\Local\LogiShrd
2014-03-08 20:38 - 2014-03-08 20:38 - 00001971 _____ () C:\Users\Public\Desktop\Logitech Vid HD.lnk
2014-03-08 20:38 - 2014-03-08 20:34 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Leadertech
2014-03-08 20:37 - 2014-03-08 20:29 - 00010684 _____ () C:\Windows\system32\lvcoinst.log
2014-03-08 20:37 - 2014-03-08 20:29 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-03-08 20:35 - 2014-03-08 20:35 - 00001590 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2014-03-08 20:35 - 2014-03-08 20:35 - 00000000 ____D () C:\ProgramData\Logitech
2014-03-08 20:34 - 2014-03-08 20:34 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-03-08 13:28 - 2014-02-17 20:22 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Hewlett-Packard
2014-03-08 13:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-03-08 13:15 - 2014-03-08 13:15 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\hpqLog
2014-03-08 13:14 - 2010-12-17 16:30 - 00000000 ____D () C:\swsetup
2014-03-07 20:08 - 2014-02-21 21:51 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\HP Support Assistant
2014-03-07 20:08 - 2014-02-21 21:50 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\HpUpdate
2014-03-03 00:53 - 2010-06-18 16:52 - 00000000 ____D () C:\.jagex_cache_32
2014-03-03 00:50 - 2014-03-03 00:50 - 00002090 _____ () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-03-03 00:50 - 2014-03-03 00:50 - 00002060 _____ () C:\Users\Nathan\Desktop\RuneScape.lnk
2014-03-03 00:50 - 2014-03-03 00:50 - 00000000 ____D () C:\Users\Nathan\jagexcache
2014-03-03 00:50 - 2014-03-03 00:50 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-03-01 13:10 - 2014-03-01 13:08 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\FiestaOnline
2014-03-01 02:05 - 2014-03-12 23:54 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-12 23:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-12 23:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-12 23:55 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-12 23:55 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-12 23:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-12 23:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-12 23:55 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-12 23:54 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-12 23:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:33 - 2014-03-12 23:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:32 - 2014-03-12 23:54 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-12 23:55 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-12 23:54 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-12 23:55 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:12 - 2014-03-01 00:12 - 00001839 _____ () C:\Users\Leigh\Desktop\Fiesta Online NA.lnk
2014-03-01 00:12 - 2014-03-01 00:12 - 00001839 _____ () C:\Users\Guest\Desktop\Fiesta Online NA.lnk
2014-03-01 00:11 - 2014-03-12 23:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-12 23:54 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:59 - 2014-02-28 23:59 - 00000000 ____D () C:\Gamigo
2014-02-28 23:54 - 2014-03-12 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-12 23:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-12 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 23:55 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-12 23:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 23:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-12 23:55 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-12 23:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-12 23:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-12 23:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-12 23:55 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-12 23:54 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-12 23:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-12 23:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-12 23:54 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-12 23:55 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 23:55 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 23:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-12 23:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-12 23:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-12 23:55 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-12 23:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 22:25 - 2014-03-12 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:00 - 2014-02-21 14:48 - 00000284 _____ () C:\Users\Nathan\Desktop\passwords n stuff.txt
2014-02-28 16:24 - 2014-02-24 12:10 - 00000000 ____D () C:\Users\Nathan\AppData\Local\VirtualStore
2014-02-28 16:21 - 2010-01-07 22:09 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-02-28 16:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-28 16:13 - 2014-02-28 16:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-28 16:13 - 2010-01-07 22:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-28 16:09 - 2014-02-28 16:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-28 16:09 - 2014-02-28 16:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-28 16:09 - 2011-02-13 14:49 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-28 15:47 - 2010-01-07 22:09 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-02-28 15:37 - 2014-02-28 15:37 - 00000046 _____ () C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat
2014-02-28 15:37 - 2014-02-28 15:37 - 00000000 ____D () C:\Users\Nathan\jagexcache1
2014-02-28 02:54 - 2014-02-28 03:02 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-26 19:48 - 2014-02-19 13:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-26 19:47 - 2014-02-26 19:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-26 19:47 - 2014-02-26 19:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-26 19:47 - 2014-02-26 19:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-26 19:47 - 2014-02-26 19:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-26 19:47 - 2010-06-18 16:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-26 17:05 - 2014-02-26 17:05 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-26 17:05 - 2010-07-08 21:07 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-26 17:00 - 2014-02-26 17:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\WinRAR
2014-02-26 16:52 - 2014-02-26 16:52 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Mozilla
2014-02-26 14:53 - 2013-04-16 22:11 - 00000000 ____D () C:\Users\Leigh\Downloads\backups
2014-02-26 10:31 - 2014-02-26 10:31 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Malwarebytes
2014-02-26 10:31 - 2014-02-26 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 10:16 - 2014-02-17 20:21 - 00001419 _____ () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-26 04:07 - 2014-02-26 04:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-26 04:07 - 2014-02-26 04:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-26 04:07 - 2014-02-26 04:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-26 04:07 - 2014-02-26 04:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-26 04:07 - 2014-02-26 04:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-26 04:07 - 2014-02-26 04:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-26 04:06 - 2014-02-26 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-26 04:06 - 2014-02-26 04:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-26 04:06 - 2014-02-26 04:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-26 04:06 - 2014-02-26 04:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-26 04:06 - 2014-02-26 04:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-26 04:01 - 2011-02-13 14:49 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 14:47 - 2014-02-25 14:47 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 14:42 - 2014-02-24 14:42 - 00000000 ____D () C:\_OTL
2014-02-24 12:21 - 2014-02-24 12:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRAT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-24 12:17 - 2014-02-24 12:17 - 00000000 ____D () C:\RegBackup
2014-02-24 11:52 - 2010-06-01 19:01 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-24 11:51 - 2014-02-24 11:51 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-24 11:51 - 2014-02-24 11:51 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-23 22:08 - 2014-02-23 22:08 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-23 22:08 - 2014-02-23 22:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 12:43 - 2010-05-26 09:51 - 00000000 ____D () C:\Users\Leigh\AppData\Local\CrashDumps
2014-02-23 11:12 - 2014-02-23 11:12 - 00140300 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-02-23 09:44 - 2010-05-02 18:22 - 00000000 ____D () C:\Users\Leigh\AppData\Local\Google
2014-02-23 09:42 - 2014-02-23 09:42 - 00000000 ____D () C:\Users\Leigh\AppData\Roaming\Real
2014-02-23 09:42 - 2010-05-02 17:57 - 00000000 ___RD () C:\Users\Leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 09:42 - 2010-05-02 17:57 - 00000000 ___RD () C:\Users\Leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-21 21:47 - 2014-02-17 20:22 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Hewlett-Packard
2014-02-21 14:47 - 2014-02-19 16:30 - 00015270 _____ () C:\Users\Leigh\Desktop\hijackthis.log
2014-02-21 14:09 - 2014-02-19 13:12 - 00002149 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 06:34 - 2014-02-20 02:28 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\DVD Flick
2014-02-21 06:33 - 2014-02-20 02:37 - 00000000 ____D () C:\Users\Nathan\Documents\dvd

Files to move or delete:
====================
C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat


Some content of TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-22 15:10

==================== End Of Log ============================
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby rebeccabroke » March 23rd, 2014, 7:41 am

addition



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nathan at 2014-03-23 07:37:53
Running from C:\Users\Nathan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EnhanceTronic (HKLM\...\EnhanceTronic) (Version: 2014.02.18.174830 - EnhanceTronic) <==== ATTENTION
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Mode (HKLM-x32\...\MovieMode) (Version: 2.6.63 - GenTechnologies Apps, LLC)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{92F39985-0DA5-4CC4-869F-2A3048C182E6}) (Version: 4.5.13.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.2.13 - weDownload) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.9 - Tweaking.com)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC) Hidden <==== ATTENTION
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points =========================

16-03-2014 22:21:30 Windows Update
17-03-2014 23:48:17 Installed HiJackThis
18-03-2014 07:00:36 Windows Update
19-03-2014 20:06:59 Removed Java 7 Update 9 (64-bit)
19-03-2014 20:10:15 Removed Java 7 Update 9 (64-bit)
19-03-2014 22:13:39 zoek.exe restore point
21-03-2014 23:58:40 Windows Update
23-03-2014 03:53:09 Removed iTunes
23-03-2014 03:54:43 Removed HP Support Assistant.
23-03-2014 07:00:14 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00105BF8-DA2F-409C-9DAF-828CE8FE0CA8} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {33458BBB-B3BA-4B02-B61F-9038934ACDF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3DD65542-3A2C-46B8-84E3-FFCEFBDB7031} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {3E9198F6-24A5-49EA-A0E8-BE1EC1052BBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {4E075140-6242-4294-A370-BD90C32123DB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core => C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-13] (Facebook Inc.)
Task: {5620CBFC-DC37-46A6-BACE-28FE7FA24AB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-19] (Google Inc.)
Task: {575C4EEE-9B89-4797-AA5C-B4B99D226474} - System32\Tasks\HPCeeScheduleForLeigh => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {81F715C0-5519-447E-903A-38B04B40C634} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-19] (Google Inc.)
Task: {8392F997-2715-44DD-B226-073494FDD9F5} - System32\Tasks\{9E076159-48B2-4354-B4B5-4AA16BC4210C} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {8E22415F-899F-42CF-A777-4AF838461580} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-957906173-523527262-2365119751-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BB2251FC-7FED-4E95-8BB1-0741555740C5} - System32\Tasks\HPCeeScheduleForNathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C07B4E0B-84E3-45A0-BEA2-5AFB7A66D772} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-957906173-523527262-2365119751-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D69B4418-4EB9-448E-A7BB-71B6497E92C4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA => C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-13] (Facebook Inc.)
Task: {D8EB0A2C-7E10-4681-86AA-0C9AC061CE94} - System32\Tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-957906173-523527262-2365119751-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002Core.job => C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957906173-523527262-2365119751-1002UA.job => C:\Users\Nathan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLeigh.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 19:25 - 2009-09-29 19:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-04-09 19:04 - 2009-04-09 19:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 17:53 - 2009-04-22 17:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2011-01-12 21:55 - 2011-01-12 21:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2011-01-12 21:57 - 2011-01-12 21:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-02-21 14:09 - 2014-02-19 21:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 14:09 - 2014-02-19 21:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 14:09 - 2014-02-19 21:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-21 14:09 - 2014-02-19 21:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 14:09 - 2014-02-19 21:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 14:09 - 2014-02-19 21:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-21 14:09 - 2014-02-19 21:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Constant Guard.lnk => C:\Windows\pss\Constant Guard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2014 05:02:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2932

Error: (03/23/2014 05:02:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2932

Error: (03/23/2014 05:02:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/23/2014 05:02:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029

Error: (03/23/2014 05:02:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029

Error: (03/23/2014 05:02:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/23/2014 04:09:23 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (03/23/2014 04:04:26 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (03/23/2014 03:59:19 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (03/23/2014 03:54:17 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).


System errors:
=============
Error: (03/23/2014 07:36:37 AM) (Source: Service Control Manager) (User: )
Description: The plsapp service failed to start due to the following error:
%%1053

Error: (03/23/2014 07:36:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

Error: (03/23/2014 07:31:37 AM) (Source: Service Control Manager) (User: )
Description: The plsapp service failed to start due to the following error:
%%1053

Error: (03/23/2014 07:31:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

Error: (03/23/2014 07:26:37 AM) (Source: Service Control Manager) (User: )
Description: The plsapp service failed to start due to the following error:
%%1053

Error: (03/23/2014 07:26:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

Error: (03/23/2014 07:21:37 AM) (Source: Service Control Manager) (User: )
Description: The plsapp service failed to start due to the following error:
%%1053

Error: (03/23/2014 07:21:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

Error: (03/23/2014 07:16:37 AM) (Source: Service Control Manager) (User: )
Description: The plsapp service failed to start due to the following error:
%%1053

Error: (03/23/2014 07:16:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.


Microsoft Office Sessions:
=========================
Error: (03/23/2014 05:02:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2932

Error: (03/23/2014 05:02:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2932

Error: (03/23/2014 05:02:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/23/2014 05:02:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029

Error: (03/23/2014 05:02:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029

Error: (03/23/2014 05:02:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/23/2014 04:09:23 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (03/23/2014 04:04:26 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (03/23/2014 03:59:19 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (03/23/2014 03:54:17 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).


CodeIntegrity Errors:
===================================
Date: 2013-04-29 22:05:41.278
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 22:05:41.138
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 22:04:03.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 22:04:03.541
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 22:03:45.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 22:03:45.182
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 21:52:26.974
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 21:52:26.834
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 21:51:14.100
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 21:51:13.959
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 2815.3 MB
Available physical RAM: 982.95 MB
Total Pagefile: 5628.79 MB
Available Pagefile: 2454.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:378.76 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (LWS_2_2) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am

Re: Need help with malware removal

Unread postby Cypher » March 23rd, 2014, 11:44 am

Hi,
On a side note though lol i have no experience with microsoft essentials at all i use to use zone alarm and avast

The last scan confirms that MSE is installed.
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!

Do the following please then give me another update on how your computer is running.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx? ... A5DCC29&q= {searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix= {searchTerms}
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
    S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
    S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
    C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat
    C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe
    EnhanceTronic (HKLM\...\EnhanceTronic) (Version: 2014.02.18.174830 - EnhanceTronic) <==== ATTENTION
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
    The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.2.13 - weDownload) <==== ATTENTION
    Updater (x32 Version: 2.6.53 - Creative Island Media, LLC) Hidden <==== ATTENTION
    CMD: ipconfig /flushdns
    
    
  • Save it next to FRST.exe as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help with malware removal

Unread postby rebeccabroke » March 23rd, 2014, 8:08 pm

Well webpages load alot quicker than when we started. Still not as fast as i am use to but this is a stock computer so maybe thats as good as it gets. I am use to it loading almost instantly, not 5-10 seconds. I am very much happy with the progress of the computer. I am curious why in the last log at the end does it say things like

"Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system."

"Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))".

That is not normal right??^^

also it said "Adobe Flash Player 10 Flash Player out of Date!" do i need to update that??

Overall i am pretty happy with its performance, i am just curious if all my codecs and stuff are up to date i have no idea how to update drivers. I really appreciate all of your help. people like you who chose to do this stuff for free are angels!!!! Taking time to help others is an admirable trait.


here is the fix log



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Nathan at 2014-03-23 19:49:22 Run:1
Running from C:\Users\Nathan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx? ... A5DCC29&q= {searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix= {searchTerms}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat
C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe
EnhanceTronic (HKLM\...\EnhanceTronic) (Version: 2014.02.18.174830 - EnhanceTronic) <==== ATTENTION
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.2.13 - weDownload) <==== ATTENTION
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC) Hidden <==== ATTENTION

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.aspx? ... A5DCC29&q= => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix= => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
AntiLog32 => Service deleted successfully.
keycrypt => Service deleted successfully.
X6va016 => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\Users\Nathan\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Nathan\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}\\SystemComponent => Value deleted successfully.


The system needed a reboot.

==== End of Fixlog ====
rebeccabroke
Active Member
 
Posts: 14
Joined: March 18th, 2014, 12:05 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware