Removal of pop-ups that appear on bottom left corner of browser window

**amitdesai** · 2014-04-26, 19:46

Recently pop-ups appear on bottom left corner of browser windows for both Chrome and IE. Sometimes I am also prompted to install the Adobe flash player, which I think is a malware. The operating system on my desktop is Windows 7 64-bit professional. When I ran the full scan using an updated version of the Microsoft Security Essentials, a few issues were identified and deleted. The pop-ups and the installation messages, however, still appear. I had previously posted here (http://forums.spybot.info/showthread...browser-window) and based on the response to the previous post, I am starting a new topic. I have attached the DDS log file (attach.txt) and pasted the content from DDS.txt. I have also pasted contents from Avast scan. Please advise me on how to resolve the issue. Thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Owner at 12:09:37 on 2014-04-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3045.1527 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files (x86)\Flash Update\winclient32.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1 208.67.222.222 75.75.75.75
TCP: Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D} : DHCPNameServer = 4.2.2.4 8.8.4.4
TCP: Interfaces\{D453D13D-D682-4B52-AAB3-AF4FE063C2FC} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555} : DHCPNameServer = 192.168.1.1 208.67.222.222 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 146.0.75.221 www.google-analytics.com.
Hosts: 146.0.75.221 google-analytics.com.
Hosts: 146.0.75.221 connect.facebook.net.
Hosts: 146.0.75.221 bing.com.
Hosts: 146.0.75.221 www.bing.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8192cu;300Mbps Wireless USB Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2014-4-7 926824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-17 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-25 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-25 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-19 1255736]
.
=============== Created Last 30 ================
.
2014-04-26 07:52:45 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{644B7C60-F30A-4E7E-9CE6-770C0A31612F}\mpengine.dll
2014-04-24 22:38:59 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-22 02:10:06 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-04-22 02:10:06 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-04-22 01:57:01 -------- d-----w- C:\Program Files (x86)\Flash Update
2014-04-22 01:57:00 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2014-04-20 17:23:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\SketchUp
2014-04-20 17:19:33 -------- d-----w- C:\ProgramData\ckfapk
2014-04-19 08:29:42 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-19 08:29:41 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2711EFF2-F867-43FC-96C3-AFA83F41FC22}\gapaengine.dll
2014-04-17 08:00:59 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-04-17 08:00:55 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-04-17 08:00:54 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-04-16 03:45:37 -------- d-----w- C:\ProgramData\SketchUp
2014-04-16 03:45:36 -------- d-----w- C:\Program Files (x86)\SketchUp
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-04-13 21:19:57 -------- d-----w- C:\Program Files (x86)\Vim
2014-04-13 18:05:09 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2014-04-13 18:04:56 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-04-13 18:04:17 -------- d-----w- C:\Program Files\iPod
2014-04-13 18:04:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-13 18:04:16 -------- d-----w- C:\Program Files\iTunes
2014-04-13 18:04:16 -------- d-----w- C:\Program Files (x86)\iTunes
2014-04-13 18:03:38 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2014-04-13 18:03:07 -------- d-----w- C:\Program Files\Bonjour
2014-04-13 18:03:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-04-09 16:05:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\EndNote
2014-04-09 16:01:31 -------- d-----w- C:\Program Files (x86)\Common Files\Risxtd
2014-04-09 16:01:26 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft
2014-04-09 16:00:52 -------- d-----w- C:\Program Files (x86)\EndNote X4
2014-04-09 16:00:15 -------- d-----w- C:\ProgramData\Thomson.ResearchSoft.Installers
2014-04-09 15:59:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-04-09 15:49:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\MathWorks
2014-04-09 00:10:06 407104 ----a-w- C:\Windows\System32\MSHFLXGD.OCX
2014-04-09 00:10:06 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX
2014-04-09 00:10:06 1077344 ----a-w- C:\Windows\System32\MSCOMCTL.OCX
2014-04-08 23:53:10 -------- d-----w- C:\Program Files\MATLAB
2014-04-08 20:04:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-04-08 17:01:52 -------- d-----w- C:\Users\Owner\AppData\Local\OriginLab
2014-04-08 17:01:45 -------- d-----w- C:\ProgramData\OriginLab
2014-04-08 17:01:44 -------- d-----w- C:\Users\Owner\AppData\Local\CrashRpt
2014-04-08 16:58:36 -------- d-----w- C:\ProgramData\Package Cache
2014-04-08 16:56:06 -------- d-----w- C:\Program Files\OriginLab
2014-04-08 07:41:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\IrfanView
2014-04-08 07:41:34 -------- d-----w- C:\Program Files (x86)\IrfanView
2014-04-08 04:55:12 -------- d-----w- C:\Windows\PCHEALTH
2014-04-08 04:53:41 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-04-08 04:53:07 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help
2014-04-08 04:46:34 -------- d-----w- C:\Users\Owner\AppData\Local\Spotify
2014-04-08 04:46:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spotify
2014-04-08 02:20:31 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2014-04-08 02:11:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\FreeFileSync
2014-04-08 02:06:59 -------- d-----w- C:\Program Files\FreeFileSync
2014-04-07 23:40:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\DropboxMaster
2014-04-07 23:39:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Dropbox
2014-04-07 23:27:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-04-07 23:27:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-04-07 23:15:50 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2014-04-07 23:15:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2014-04-07 23:15:31 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment
2014-04-07 23:14:08 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{551FA001-1B7C-4F89-A084-22C426FD85D9}\mpengine.dll
2014-04-07 23:12:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\TP-LINK
2014-04-07 23:12:07 -------- d-----w- C:\Program Files (x86)\TP-LINK
2014-04-07 23:11:09 926824 ----a-w- C:\Windows\System32\rtl8192cu.sys
2014-04-07 23:11:09 926824 ----a-w- C:\Windows\System32\drivers\RTL8192cu.sys
2014-04-07 23:10:15 -------- d-----w- C:\ProgramData\TP-LINK
2014-03-28 20:29:15 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-28 20:29:15 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-28 20:18:58 -------- d-----w- C:\Users\Owner\Tracing
2014-03-28 20:18:58 -------- d-----w- C:\Users\Owner\Lync Recordings
2014-03-28 20:18:58 -------- d-----w- C:\Users\Owner\.imagej
.
==================== Find3M ====================
.
2014-03-23 08:29:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-22 08:08:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-03-22 08:08:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-03-11 14:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 20:19:39 76 ----atw- C:\WIM10E5.tmp
2014-03-04 20:19:39 192 ----atw- C:\WIM1118.tmp
2014-03-04 20:19:39 188 ----atw- C:\WIM1128.tmp
2014-03-04 20:19:39 120 ----atw- C:\WIM10E8.tmp
2014-03-04 20:19:39 120 ----atw- C:\WIM10E7.tmp
2014-03-04 20:19:39 112 ----atw- C:\WIM10E6.tmp
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-03-01 07:08:13 76 ----atw- C:\WIM8F28.tmp
2014-03-01 07:08:13 192 ----atw- C:\WIM8F4B.tmp
2014-03-01 07:08:13 188 ----atw- C:\WIM8F5C.tmp
2014-03-01 07:08:13 120 ----atw- C:\WIM8F2B.tmp
2014-03-01 07:08:13 120 ----atw- C:\WIM8F2A.tmp
2014-03-01 07:08:13 112 ----atw- C:\WIM8F29.tmp
2014-02-19 13:28:06 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
.
============= FINISH: 12:10:34.76 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-26 12:13:02
-----------------------------
12:13:02.491 OS Version: Windows x64 6.1.7601 Service Pack 1
12:13:02.491 Number of processors: 2 586 0xF0B
12:13:02.492 ComputerName: OWNER-PC UserName: Owner
12:13:03.752 Initialize success
12:18:58.298 AVAST engine defs: 14042601
12:20:27.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:20:27.785 Disk 0 Vendor: ST3750640AS 3.CHN Size: 715404MB BusType: 11
12:20:27.913 Disk 0 MBR read successfully
12:20:27.916 Disk 0 MBR scan
12:20:27.986 Disk 0 Windows 7 default MBR code
12:20:27.988 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 361888 MB offset 63
12:20:28.030 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 353514 MB offset 741148672
12:20:28.136 Disk 0 scanning C:\Windows\system32\drivers
12:20:39.604 Service scanning
12:21:03.449 Modules scanning
12:21:03.456 Disk 0 trace - called modules:
12:21:03.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:21:03.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800341d530]
12:21:03.478 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8002e801e0]
12:21:03.483 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002e66680]
12:21:04.459 AVAST engine scan C:\Windows
12:21:06.678 AVAST engine scan C:\Windows\system32
12:24:53.448 AVAST engine scan C:\Windows\system32\drivers
12:25:07.814 AVAST engine scan C:\Users\Owner
12:29:26.699 AVAST engine scan C:\ProgramData
12:29:55.533 Scan finished successfully
12:32:57.805 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\securitycheck\MBR.dat"
12:32:57.841 The log file has been saved successfully to "C:\Users\Owner\Desktop\securitycheck\aswMBR.txt"

**ken545** · 2014-04-26, 23:06

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
The Dashboard will look like this
Once the program has loaded, go to the scan tab on top and select Threat Scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**amitdesai** · 2014-04-27, 05:35

I have pasted the contents of the log files from AdwCleaner, Junkware Removal Tool, and Malwarebytes

# AdwCleaner v3.204 - Report created 26/04/2014 at 21:51:43
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\securitycheck\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [942 octets] - [26/04/2014 21:48:35]
AdwCleaner[S0].txt - [870 octets] - [26/04/2014 21:51:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [929 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Owner on Sat 04/26/2014 at 21:59:17.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/26/2014 at 22:04:01.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/26/2014
Scan Time: 10:31:23 PM
Logfile: malwarelog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.27.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 253164
Time Elapsed: 10 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 16
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 connect.facebook.net.), No Action By User,[6edf87a86417f24491c1a6b6ba4ab749]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.google-analytics.com.), Removal Failed,[6de049e633483105153d4d0fe91b28d8]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 google-analytics.com.), Removal Failed,[f95461cecab1c2743f13005c38ccd927]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 bing.com.), Removal Failed,[a7a6012eb7c4c96d5ff309532fd545bb]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.bing.com.), Removal Failed,[3a13e24df08b7abc11418fcdfc0814ec]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 gb.bing.com.), Removal Failed,[50fdcf6095e60c2aa1b1ff5d31d3639d]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 au.bing.com.), Removal Failed,[f6579e917b005bdb232f72ea2dd704fc]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 ca.bing.com.), Removal Failed,[18356fc0e4978caafb574a12ce36748c]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 www.google-analytics.com.), Removal Failed,[90bdab845328ce68f74e25387d87817f]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 google-analytics.com.), Removal Failed,[4d0048e78cef76c0b1946af346be7a86]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 connect.facebook.net.), Removal Failed,[f25bc56a92e9300691b484d919ebc040]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 bing.com.), Removal Failed,[a6a753dc1b60ef47e362d885d52f06fa]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 www.bing.com.), Removal Failed,[62eb59d63a4180b6f74e79e4af55e11f]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 gb.bing.com.), Removal Failed,[f9548da27ffcde582a1b055808fc946c]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 au.bing.com.), Removal Failed,[5df0b87784f7310555f0d6879c687987]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 ca.bing.com.), Removal Failed,[77d6ab84e794979f232274e94cb8ae52]

Physical Sectors: 0
(No malicious items detected)

(end)

**ken545** · 2014-04-27, 11:54

Good Morning,

Lets look a bit deeper and we can use the next tool to resolve the hosts file being corrupted, but lets see a scan report first.

Take your time as I will be offline today and not back until later this evening

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**amitdesai** · 2014-04-27, 17:45

When I ran OTL using the recommended parameters, it only generated OTL.txt. I had no program running. To confirm, I ran it again and it only generated OTL.txt. I am copying the contents here. However, before running the scans mentioned in this thread, I had previously ran OTL (3 days ago), and it had generated Extras.txt file that I have attached. Thank you.

OTL logfile created on: 4/27/2014 10:35:53 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop\securitycheck
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 64.14% Memory free
5.94 Gb Paging File | 4.10 Gb Available in Paging File | 68.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 353.41 Gb Total Space | 229.03 Gb Free Space | 64.81% Space Free | Partition Type: NTFS
Drive D: | 345.23 Gb Total Space | 93.64 Gb Free Space | 27.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\securitycheck\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Flash Update\winclient32.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

========== Modules (No Company Name) ==========

MOD - c:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjpsg4n.dll ()
MOD - C:\Program Files (x86)\Flash Update\winclient32.exe ()
MOD - C:\Program Files (x86)\Flash Update\sqlite3.dll ()
MOD - C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/04/20 12:19:27 | 000,001,659 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 146.0.75.221 www.google-analytics.com.
O1 - Hosts: 146.0.75.221 google-analytics.com.
O1 - Hosts: 146.0.75.221 connect.facebook.net.
O1 - Hosts: 146.0.75.221 bing.com.
O1 - Hosts: 146.0.75.221 www.bing.com.
O1 - Hosts: 146.0.75.221 gb.bing.com.
O1 - Hosts: 146.0.75.221 au.bing.com.
O1 - Hosts: 146.0.75.221 ca.bing.com.
O1 - Hosts: 79.142.66.242 www.google-analytics.com.
O1 - Hosts: 79.142.66.242 google-analytics.com.
O1 - Hosts: 79.142.66.242 connect.facebook.net.
O1 - Hosts: 79.142.66.242 bing.com.
O1 - Hosts: 79.142.66.242 www.bing.com.
O1 - Hosts: 79.142.66.242 gb.bing.com.
O1 - Hosts: 79.142.66.242 au.bing.com.
O1 - Hosts: 79.142.66.242 ca.bing.com.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3677159478-1199422116-3691987-1000..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.67.222.222 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D}: DhcpNameServer = 4.2.2.4 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D453D13D-D682-4B52-AAB3-AF4FE063C2FC}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555}: DhcpNameServer = 192.168.1.1 208.67.222.222 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555}: NameServer = 8.8.8.8,8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea870f80-bfbf-11e3-9bc8-001cc01cb05a}\Shell - "" = AutoRun
O33 - MountPoints2\{ea870f80-bfbf-11e3-9bc8-001cc01cb05a}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/26 22:07:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 22:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/26 22:06:51 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/26 22:06:51 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/26 22:06:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/26 22:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 21:59:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 21:48:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 21:48:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 12:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/04/26 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/04/23 09:02:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\securitycheck
[2014/04/21 21:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/21 21:10:06 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieUserList
[2014/04/21 21:10:06 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieSiteList
[2014/04/21 20:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
[2014/04/21 20:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Update
[2014/04/21 20:57:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2014/04/20 12:23:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SketchUp
[2014/04/20 12:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ckfapk
[2014/04/17 03:01:19 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/17 03:01:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/17 03:01:16 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/17 03:01:11 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/17 03:01:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/17 03:01:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/17 03:01:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/17 03:01:09 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/17 03:01:08 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/17 03:01:08 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/17 03:01:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/17 03:01:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/17 03:01:08 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/17 03:01:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/17 03:01:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/17 03:01:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/17 03:01:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/17 03:01:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/17 03:01:06 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/17 03:01:04 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/17 03:01:04 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/17 03:01:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/17 03:01:03 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/17 03:01:03 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/17 03:01:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/17 03:01:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/17 03:01:00 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/17 03:00:59 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/17 03:00:55 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/15 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
[2014/04/15 22:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014/04/15 22:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SketchUp
[2014/04/13 16:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/04/13 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/04/13 16:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 7.4
[2014/04/13 16:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vim
[2014/04/13 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2014/04/13 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2014/04/13 13:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/13 13:04:56 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/04/13 13:04:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/04/13 13:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/13 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2014/04/13 13:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/04/13 13:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/04/13 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/04/13 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/04/13 13:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/04/13 13:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/04/09 11:05:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\EndNote
[2014/04/09 11:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2014/04/09 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2014/04/09 11:01:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2014/04/09 11:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2014/04/09 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X4
[2014/04/09 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2014/04/09 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/09 10:49:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MathWorks
[2014/04/08 19:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2014/04/08 19:10:06 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSCOMCTL.OCX
[2014/04/08 19:10:06 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSHFLXGD.OCX
[2014/04/08 19:10:06 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RICHTX32.OCX
[2014/04/08 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2014/04/08 15:36:48 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/08 15:36:48 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/08 15:36:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/08 15:36:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/08 15:36:45 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/08 15:36:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/08 15:36:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/08 15:36:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/08 15:36:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/08 15:36:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/08 15:36:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/08 15:36:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/08 15:36:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/08 15:36:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2014/04/08 15:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/04/08 15:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/04/08 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OriginLab
[2014/04/08 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\OriginLab
[2014/04/08 12:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\OriginLab
[2014/04/08 12:01:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashRpt
[2014/04/08 12:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
[2014/04/08 11:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/08 11:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2014/04/08 02:43:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2014/04/08 02:41:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2014/04/08 02:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2014/04/07 23:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/04/07 23:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2014/04/07 23:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2014/04/07 23:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/04/07 23:55:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/04/07 23:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/04/07 23:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2014/04/07 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Help
[2014/04/07 23:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/04/07 23:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/04/07 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Spotify
[2014/04/07 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Spotify
[2014/04/07 21:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/04/07 21:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/04/07 21:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/04/07 21:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/04/07 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2014/04/07 21:11:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FreeFileSync
[2014/04/07 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2014/04/07 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/04/07 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/04/07 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/04/07 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DropboxMaster
[2014/04/07 18:40:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/04/07 18:39:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2014/04/07 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/04/07 18:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/04/07 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/04/07 18:15:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2014/04/07 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2014/04/07 18:15:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2014/04/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TP-LINK
[2014/04/07 18:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2014/04/07 18:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2014/04/07 18:11:09 | 000,926,824 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\rtl8192cu.sys
[2014/04/07 18:11:09 | 000,926,824 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\RTL8192cu.sys
[2014/04/07 18:11:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/04/07 18:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2014/03/28 15:29:15 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/03/28 15:29:15 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/03/28 15:25:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Updater
[2014/03/28 15:25:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PassMark
[2014/03/28 15:25:28 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Shapes
[2014/03/28 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OriginLab
[2014/03/28 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Widgets
[2014/03/28 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\MATLAB
[2014/03/28 15:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\sid_bkup
[2014/03/28 15:18:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Tracing
[2014/03/28 15:18:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Lync Recordings
[2014/03/28 15:18:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\.imagej
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/27 10:32:53 | 000,438,272 | ---- | M] () -- C:\Users\Owner\AppData\Local\ChromeHitoryDB
[2014/04/27 10:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/27 10:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/27 09:15:46 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/27 08:20:19 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2014/04/26 22:25:07 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 22:25:07 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 22:18:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/26 22:17:34 | 2394,378,240 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/26 22:06:58 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 12:04:50 | 000,001,100 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/26 08:17:37 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 07:47:34 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/24 07:47:18 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2014/04/23 22:28:42 | 000,002,275 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/23 08:32:41 | 000,002,300 | -H-- | M] () -- C:\Users\Owner\_viminfo
[2014/04/20 12:19:27 | 000,001,659 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/15 22:46:20 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014/04/15 09:28:37 | 000,781,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/15 09:28:37 | 000,661,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/15 09:28:37 | 000,121,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/09 22:34:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/04/09 03:21:45 | 000,414,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 15:05:20 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/08 12:48:49 | 000,001,129 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/04/08 10:22:54 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/04/07 23:46:33 | 000,001,767 | ---- | M] () -- C:\Users\Owner\Desktop\Spotify.lnk
[2014/04/07 21:46:20 | 000,000,498 | ---- | M] () -- C:\Users\Owner\Desktop\CITES VPN.lnk
[2014/04/07 21:17:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/07 21:07:06 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2014/04/07 20:06:22 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/07 18:28:55 | 000,000,450 | ---- | M] () -- C:\Users\Owner\Desktop\DATA.lnk
[2014/04/07 18:14:12 | 000,001,403 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/07 18:12:09 | 000,002,295 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2014/04/07 18:12:09 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/28 15:37:48 | 000,773,536 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/26 22:06:58 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 12:04:50 | 000,001,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/21 21:12:38 | 000,002,275 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/21 21:12:38 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/21 21:11:18 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/21 21:11:16 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/21 20:57:06 | 000,438,272 | ---- | C] () -- C:\Users\Owner\AppData\Local\ChromeHitoryDB
[2014/04/15 22:46:20 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014/04/13 16:20:31 | 000,002,300 | -H-- | C] () -- C:\Users\Owner\_viminfo
[2014/04/13 13:03:34 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/04/09 22:34:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/04/08 19:10:39 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2012a.lnk
[2014/04/08 19:10:27 | 000,000,546 | ---- | C] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2014/04/08 15:05:20 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/08 12:48:49 | 000,001,129 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/04/08 10:22:54 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/04/07 23:46:33 | 000,001,767 | ---- | C] () -- C:\Users\Owner\Desktop\Spotify.lnk
[2014/04/07 23:46:33 | 000,001,753 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/04/07 21:46:20 | 000,000,498 | ---- | C] () -- C:\Users\Owner\Desktop\CITES VPN.lnk
[2014/04/07 21:22:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/04/07 21:17:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/07 21:07:06 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
[2014/04/07 21:07:06 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2014/04/07 21:07:06 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
[2014/04/07 18:41:55 | 000,000,979 | ---- | C] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2014/04/07 18:40:21 | 000,001,011 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/07 18:27:46 | 000,002,155 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/07 18:27:21 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/04/07 18:14:12 | 000,001,403 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/07 18:12:09 | 000,002,295 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2014/04/07 18:12:09 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2014/04/07 18:11:09 | 000,016,219 | ---- | C] () -- C:\Windows\SysNative\net8192cu.inf
[2014/04/07 18:11:09 | 000,007,540 | ---- | C] () -- C:\Windows\SysNative\net8192cu.cat
[2014/03/28 15:25:28 | 000,002,244 | -H-- | C] () -- C:\Users\Owner\Documents\Default.rdp
[2014/03/28 15:19:00 | 000,000,450 | ---- | C] () -- C:\Users\Owner\Desktop\DATA.lnk
[2014/03/25 10:21:18 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/27 10:26:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2014/04/07 18:41:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DropboxMaster
[2014/04/14 17:51:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EndNote
[2014/04/07 21:24:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeFileSync
[2014/04/08 02:41:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2014/04/20 12:23:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SketchUp
[2014/04/27 10:21:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2014/04/07 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP-LINK

========== Purity Check ==========

< End of report >

**ken545** · 2014-04-28, 03:02

Hi, thanks for your patience, had a family gathering today out of town that I could not miss

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
O1 - Hosts: 146.0.75.221 www.google-analytics.com.
O1 - Hosts: 146.0.75.221 google-analytics.com.
O1 - Hosts: 146.0.75.221 connect.facebook.net.
O1 - Hosts: 146.0.75.221 bing.com.
O1 - Hosts: 146.0.75.221 www.bing.com.
O1 - Hosts: 146.0.75.221 gb.bing.com.
O1 - Hosts: 146.0.75.221 au.bing.com.
O1 - Hosts: 146.0.75.221 ca.bing.com.
O1 - Hosts: 79.142.66.242 www.google-analytics.com.
O1 - Hosts: 79.142.66.242 google-analytics.com.
O1 - Hosts: 79.142.66.242 connect.facebook.net.
O1 - Hosts: 79.142.66.242 bing.com.
O1 - Hosts: 79.142.66.242 www.bing.com.
O1 - Hosts: 79.142.66.242 gb.bing.com.
O1 - Hosts: 79.142.66.242 au.bing.com.
O1 - Hosts: 79.142.66.242 ca.bing.com.


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

**amitdesai** · 2014-04-28, 04:57

I have pasted the contents of the logs after the fix and OTL rescan. I sincerely appreciate your help!

All processes killed
========== OTL ==========
Unable to save new HOSTS file
146.0.75.221 google-analytics.com. removed from HOSTS file successfully
146.0.75.221 connect.facebook.net. removed from HOSTS file successfully
146.0.75.221 bing.com. removed from HOSTS file successfully
79.142.66.242 www.google-analytics.com. removed from HOSTS file successfully
79.142.66.242 google-analytics.com. removed from HOSTS file successfully
79.142.66.242 connect.facebook.net. removed from HOSTS file successfully
79.142.66.242 bing.com. removed from HOSTS file successfully
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\securitycheck\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\securitycheck\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 545079403 bytes
->Temporary Internet Files folder emptied: 253244227 bytes
->Google Chrome cache emptied: 68652444 bytes

User: Public

%systemdrive% .tmp files removed: 1616 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 286334881 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43291969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,141.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04272014_201004

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 4/27/2014 8:16:15 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop\securitycheck
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 60.14% Memory free
5.94 Gb Paging File | 4.68 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 353.41 Gb Total Space | 230.19 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive D: | 345.23 Gb Total Space | 93.62 Gb Free Space | 27.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\securitycheck\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Flash Update\winclient32.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

========== Modules (No Company Name) ==========

MOD - c:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi5cdb8.dll ()
MOD - C:\Program Files (x86)\Flash Update\winclient32.exe ()
MOD - C:\Program Files (x86)\Flash Update\sqlite3.dll ()
MOD - C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3677159478-1199422116-3691987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/04/27 20:10:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3677159478-1199422116-3691987-1000..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.67.222.222 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D}: DhcpNameServer = 4.2.2.4 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D453D13D-D682-4B52-AAB3-AF4FE063C2FC}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555}: DhcpNameServer = 192.168.1.1 208.67.222.222 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555}: NameServer = 8.8.8.8,8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea870f80-bfbf-11e3-9bc8-001cc01cb05a}\Shell - "" = AutoRun
O33 - MountPoints2\{ea870f80-bfbf-11e3-9bc8-001cc01cb05a}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/27 20:10:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 22:07:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 22:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/26 22:06:51 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/26 22:06:51 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/26 22:06:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/26 22:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 21:59:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 21:48:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 21:48:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 12:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/04/26 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/04/23 09:02:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\securitycheck
[2014/04/21 21:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/21 21:10:06 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieUserList
[2014/04/21 21:10:06 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieSiteList
[2014/04/21 20:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
[2014/04/21 20:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Update
[2014/04/21 20:57:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2014/04/20 12:23:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SketchUp
[2014/04/20 12:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ckfapk
[2014/04/17 03:01:19 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/17 03:01:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/17 03:01:16 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/17 03:01:11 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/17 03:01:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/17 03:01:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/17 03:01:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/17 03:01:09 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/17 03:01:08 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/17 03:01:08 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/17 03:01:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/17 03:01:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/17 03:01:08 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/17 03:01:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/17 03:01:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/17 03:01:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/17 03:01:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/17 03:01:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/17 03:01:06 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/17 03:01:04 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/17 03:01:04 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/17 03:01:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/17 03:01:03 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/17 03:01:03 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/17 03:01:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/17 03:01:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/17 03:01:00 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/17 03:00:59 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/17 03:00:55 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/15 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
[2014/04/15 22:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014/04/15 22:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SketchUp
[2014/04/13 16:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/04/13 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/04/13 16:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 7.4
[2014/04/13 16:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vim
[2014/04/13 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2014/04/13 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2014/04/13 13:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/13 13:04:56 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/04/13 13:04:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/04/13 13:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/04/13 13:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/13 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2014/04/13 13:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/04/13 13:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/04/13 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/04/13 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/04/13 13:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/04/13 13:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/04/09 11:05:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\EndNote
[2014/04/09 11:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2014/04/09 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2014/04/09 11:01:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2014/04/09 11:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2014/04/09 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X4
[2014/04/09 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2014/04/09 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/09 10:49:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MathWorks
[2014/04/08 19:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2014/04/08 19:10:06 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSCOMCTL.OCX
[2014/04/08 19:10:06 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSHFLXGD.OCX
[2014/04/08 19:10:06 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RICHTX32.OCX
[2014/04/08 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2014/04/08 15:36:48 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/08 15:36:48 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/08 15:36:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/08 15:36:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/08 15:36:45 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/08 15:36:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/08 15:36:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/08 15:36:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/08 15:36:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/08 15:36:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/08 15:36:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/08 15:36:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/08 15:36:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/08 15:36:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2014/04/08 15:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/04/08 15:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/04/08 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OriginLab
[2014/04/08 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\OriginLab
[2014/04/08 12:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\OriginLab
[2014/04/08 12:01:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashRpt
[2014/04/08 12:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
[2014/04/08 11:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/08 11:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2014/04/08 02:43:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2014/04/08 02:41:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2014/04/08 02:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2014/04/07 23:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/04/07 23:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2014/04/07 23:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2014/04/07 23:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/04/07 23:55:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/04/07 23:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/04/07 23:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2014/04/07 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Help
[2014/04/07 23:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/04/07 23:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/04/07 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Spotify
[2014/04/07 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Spotify
[2014/04/07 21:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/04/07 21:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/04/07 21:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/04/07 21:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/04/07 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2014/04/07 21:11:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FreeFileSync
[2014/04/07 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2014/04/07 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/04/07 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/04/07 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/04/07 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DropboxMaster
[2014/04/07 18:40:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/04/07 18:39:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2014/04/07 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/04/07 18:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/04/07 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/04/07 18:15:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2014/04/07 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2014/04/07 18:15:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2014/04/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TP-LINK
[2014/04/07 18:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2014/04/07 18:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2014/04/07 18:11:09 | 000,926,824 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\rtl8192cu.sys
[2014/04/07 18:11:09 | 000,926,824 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\RTL8192cu.sys
[2014/04/07 18:11:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/04/07 18:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK

========== Files - Modified Within 30 Days ==========

[2014/04/27 20:15:28 | 000,237,568 | ---- | M] () -- C:\Users\Owner\AppData\Local\ChromeHitoryDB
[2014/04/27 20:14:15 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2014/04/27 20:13:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/27 20:12:21 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/27 20:12:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/27 20:12:02 | 2394,378,240 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 20:10:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/27 19:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/26 22:25:07 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 22:25:07 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 12:04:50 | 000,001,100 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/26 08:17:37 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 07:47:34 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/24 07:47:18 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2014/04/23 22:28:42 | 000,002,275 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/23 08:32:41 | 000,002,300 | -H-- | M] () -- C:\Users\Owner\_viminfo
[2014/04/15 22:46:20 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014/04/15 09:28:37 | 000,781,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/15 09:28:37 | 000,661,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/15 09:28:37 | 000,121,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/09 22:34:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/04/09 03:21:45 | 000,414,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 15:05:20 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/08 12:48:49 | 000,001,129 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/04/08 10:22:54 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/04/07 23:46:33 | 000,001,767 | ---- | M] () -- C:\Users\Owner\Desktop\Spotify.lnk
[2014/04/07 21:46:20 | 000,000,498 | ---- | M] () -- C:\Users\Owner\Desktop\CITES VPN.lnk
[2014/04/07 21:17:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/07 21:07:06 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2014/04/07 20:06:22 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/07 18:28:55 | 000,000,450 | ---- | M] () -- C:\Users\Owner\Desktop\DATA.lnk
[2014/04/07 18:14:12 | 000,001,403 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/07 18:12:09 | 000,002,295 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2014/04/07 18:12:09 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2014/04/26 12:04:50 | 000,001,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/21 21:12:38 | 000,002,275 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/21 21:12:38 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/21 21:11:18 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/21 21:11:16 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/21 20:57:06 | 000,237,568 | ---- | C] () -- C:\Users\Owner\AppData\Local\ChromeHitoryDB
[2014/04/15 22:46:20 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014/04/13 16:20:31 | 000,002,300 | -H-- | C] () -- C:\Users\Owner\_viminfo
[2014/04/13 13:03:34 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/04/09 22:34:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/04/08 19:10:39 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2012a.lnk
[2014/04/08 19:10:27 | 000,000,546 | ---- | C] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2014/04/08 15:05:20 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/08 12:48:49 | 000,001,129 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/04/08 10:22:54 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/04/07 23:46:33 | 000,001,767 | ---- | C] () -- C:\Users\Owner\Desktop\Spotify.lnk
[2014/04/07 23:46:33 | 000,001,753 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/04/07 21:46:20 | 000,000,498 | ---- | C] () -- C:\Users\Owner\Desktop\CITES VPN.lnk
[2014/04/07 21:22:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/04/07 21:17:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/07 21:07:06 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
[2014/04/07 21:07:06 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2014/04/07 21:07:06 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
[2014/04/07 18:41:55 | 000,000,979 | ---- | C] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2014/04/07 18:40:21 | 000,001,011 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/07 18:27:46 | 000,002,155 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/07 18:27:21 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/04/07 18:14:12 | 000,001,403 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/07 18:12:09 | 000,002,295 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2014/04/07 18:12:09 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2014/04/07 18:11:09 | 000,016,219 | ---- | C] () -- C:\Windows\SysNative\net8192cu.inf
[2014/04/07 18:11:09 | 000,007,540 | ---- | C] () -- C:\Windows\SysNative\net8192cu.cat
[2014/03/25 10:21:18 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/27 20:14:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2014/04/07 18:41:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DropboxMaster
[2014/04/14 17:51:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EndNote
[2014/04/07 21:24:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeFileSync
[2014/04/08 02:41:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2014/04/20 12:23:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SketchUp
[2014/04/27 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2014/04/07 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP-LINK

========== Purity Check ==========

< End of report >

**ken545** · 2014-04-28, 12:35

Morning,

Looks like it went well, are you still having those pop up issues and if so can you describe them to me

**amitdesai** · 2014-04-28, 12:48

The pop-ups are not appearing now and the issue seems resolved. Thanks a lot for all your help!

**ken545** · 2014-04-28, 12:53

Thats great, nice to hear.

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

Thread: Removal of pop-ups that appear on bottom left corner of browser window

Thread Tools

Display

Removal of pop-ups that appear on bottom left corner of browser window

Contents of the log files from AdwCleaner, Junkware Removal Tool, and Malwarebytes

Removal of pop-ups that appear on bottom left corner of browser window (OTL post 1)

Removal of pop-ups that appear on bottom left corner of browser window (OTL re-logs)

Removal of pop-ups that appear on bottom left corner of browser window (No issues)

Posting Permissions