PDA

View Full Version : Key-Find has high Jacked my Browser



autographshark
2014-04-02, 18:16
Hi, I was trying to help a friend find a website FreeUSATV,com I clicked to do a download and the trouble begin. My browser got high jacked with Key-finder as my home page I have Google Chrome as a browser. I went to the settings and It's the pages I set it for but it opens up Key-Finder when I open the browser. I'm sure it has spyware. Can please help!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by kenneth at 10:48:03 on 2014-04-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.235 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\kenneth\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Fortunitas\updateFortunitas.exe
C:\Program Files\Fortunitas\bin\utilFortunitas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe
C:\Program Files\Fortunitas\bin\FilterApp_C.exe
C:\Program Files\Fortunitas\bin\XTLSApp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
uSearch Bar = www.bing.com (http://www.bing.com)
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
mStart Page = hxxp://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
mSearchAssistant = hxxp://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
mCustomizeSearch = hxxp://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
uURLSearchHooks: {ec966aaa-1510-4c02-8eb0-b42ad0c25e8b} - <orphaned>
uURLSearchHooks: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\kenneth\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Fortunitas: {c6f3fc7b-d607-44ec-9caf-2a41d547137f} - c:\program files\fortunitas\Fortunitasbho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {ec966aaa-1510-4c02-8eb0-b42ad0c25e8b} - <orphaned>
BHO: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Auction Auto Bidder] <no file>
dRun: [SearchProtect] c:\windows\system32\config\systemprofile\application data\searchprotect\bin\cltmng.exe
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\deskto~1.lnk - c:\documents and settings\kenneth\local settings\application data\weatheralerts\DesktopWeatherAlertsApp.exe
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kenneth\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\weathe~1.lnk - c:\documents and settings\kenneth\local settings\application data\weatheralerts\WeatherAlerts.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D4397C3C-4801-45DB-97C8-078873CCB5F1} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\ytasw4hq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN16857030743449312&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - key-find
FF - prefs.js: browser.startup.homepage - hxxp://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN16857030743449312&UM=2&q=
FF - component: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\ytasw4hq.default\extensions\appbar@alot.com\components\AlotXpcom.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\ytasw4hq.default\extensions\{ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\ytasw4hq.default\extensions\{ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\ytasw4hq.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\kenneth\application data\mozilla\firefox\profiles\ytasw4hq.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_25.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Default Tab: http://forums.spybot.info/misc.php?do=email_dev&email=YWRkb25AZGVmYXVsdHRhYi5jb20= - %profile%\extensions\addon@defaulttab.com
FF - Ext: ALOT Appbar: http://forums.spybot.info/misc.php?do=email_dev&email=YXBwYmFyQGFsb3QuY29t - %profile%\extensions\appbar@alot.com
FF - Ext: Vafmusic4 : {ec966aaa-1510-4c02-8eb0-b42ad0c25e8b} - %profile%\extensions\{ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}
FF - Ext: WhiteSmoke B : {f0e59437-6148-4a98-b0a6-60d557ef57f4} - %profile%\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! Online Security: http://forums.spybot.info/misc.php?do=email_dev&email=d3JjQGF2YXN0LmNvbQ== - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-16 180760]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-8-24 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-8-24 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2009-7-2 103792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-16 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-16 411552]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-8-24 25584]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-4-1 55232]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-5-16 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-1 50344]
R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-7-9 199152]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-19 574464]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\kenneth\application data\defaulttab\defaulttab\DTUpdate.exe [2013-6-1 107520]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Update Fortunitas;Update Fortunitas;c:\program files\fortunitas\updateFortunitas.exe [2014-3-28 350496]
R2 Util Fortunitas;Util Fortunitas;c:\program files\fortunitas\bin\utilFortunitas.exe [2014-3-31 350496]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-24 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2009-6-18 308608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2008-4-15 33280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-04-01 04:58:00 -------- d-----w- c:\documents and settings\kenneth\application data\DropboxMaster
2014-04-01 04:57:28 -------- d-----w- c:\program files\Dropbox
2014-04-01 04:53:21 -------- d-----w- c:\documents and settings\kenneth\application data\Dropbox
2014-04-01 04:32:45 43152 ----a-w- c:\windows\avastSS.scr
2014-04-01 04:09:40 55232 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-31 03:05:30 -------- d-----w- c:\program files\OPTIMIZER PRO
2014-03-31 03:05:21 -------- d-----w- c:\documents and settings\kenneth\application data\key-find
2014-03-31 03:03:54 -------- d-----w- c:\documents and settings\kenneth\local settings\application data\Local_Weather_LLC
2014-03-31 03:03:47 -------- d-----w- c:\program files\Fortunitas
2014-03-31 03:02:42 -------- d-----w- c:\documents and settings\kenneth\local settings\application data\WeatherAlerts
2014-03-18 10:43:17 13312 ----a-w- c:\windows\system32\xp_eos.exe
2014-03-18 10:43:17 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
.
==================== Find3M ====================
.
2014-04-01 04:32:49 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-01 04:32:48 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-01 04:32:47 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-01 04:32:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-12 11:29:12 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 11:29:10 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-02-03 18:52:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-02-03 18:52:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2014-02-03 18:41:34 813232 -c--a-w- c:\program files\RealPlayer.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 13:33:09 117478104 -c--a-w- c:\program files\avast_free_antivirus_setup.exe
2013-05-04 15:08:38 411003 -c--a-w- c:\program files\PinBot-v1-3-Setup.exe
2013-01-12 13:19:09 40437664 -c--a-w- c:\program files\QuickTimeInstaller.exe
2012-09-12 16:34:28 5433105 -c--a-w- c:\program files\hifsetup.exe
2012-08-24 05:47:54 26822384 -c--a-w- c:\program files\QuickBooksInstallDiagnosticTool.exe
2012-08-16 06:33:34 1561792 -c--a-w- c:\program files\gimp_installer_2068.exe
2012-08-12 07:41:59 352968 -c--a-w- c:\program files\SoftonicDownloader_for_mobipocket-reader-desktop.exe
2012-08-12 06:45:24 10606592 -c--a-w- c:\program files\creator.msi
2012-08-09 05:32:32 6785285 -c--a-w- c:\program files\kompozer-0.8b3.en-US.win32.exe
2012-07-24 06:49:27 52249417 -c--a-w- c:\program files\ListingFactory_2012_Setup.exe
2012-07-23 15:02:54 609436 -c--a-w- c:\program files\spelloe_setup.exe
2012-07-10 16:40:28 1982061 -c--a-w- c:\program files\Auctonic.exe
2012-07-05 16:00:47 18117717 -c--a-w- c:\program files\GimPhoto-1.4.3_setup.exe
2012-05-10 06:53:20 151801119 -c--a-w- c:\program files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
2012-05-10 06:40:00 1247056 -c--a-w- c:\program files\wlsetup-web.exe
2012-05-10 05:29:01 1810833 -c--a-w- c:\program files\HCP.exe
2011-01-15 05:53:40 3834294 ----a-w- c:\program files\Twitter Marketing Bot.exe
.
============= FINISH: 10:49:37.58 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-02 10:57:06
-----------------------------
10:57:06.752 OS Version: Windows 5.1.2600 Service Pack 3
10:57:06.752 Number of processors: 2 586 0x1C02
10:57:06.752 ComputerName: PC801713467250 UserName: kenneth
10:57:07.549 Initialize success
10:57:12.690 AVAST engine defs: 14040200
10:58:41.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:58:41.208 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
10:58:41.505 Disk 0 MBR read successfully
10:58:41.521 Disk 0 MBR scan
10:58:41.536 Disk 0 Windows VISTA default MBR code
10:58:41.567 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152616 MB offset 2048
10:58:41.630 Disk 0 scanning sectors +312560640
10:58:41.724 Disk 0 scanning C:\WINDOWS\system32\drivers
10:58:59.709 Service scanning
10:59:17.865 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:59:23.616 Modules scanning
10:59:34.382 Disk 0 trace - called modules:
10:59:34.429
10:59:35.163 AVAST engine scan C:\WINDOWS
10:59:54.726 AVAST engine scan C:\WINDOWS\system32
11:03:39.905 AVAST engine scan C:\WINDOWS\system32\drivers
11:04:02.812 AVAST engine scan C:\Documents and Settings\kenneth
11:10:40.480 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\kenneth\Desktop\MBR.dat"
11:10:40.590 The log file has been saved successfully to "C:\Documents and Settings\kenneth\Desktop\aswMBR.txt"


I hope I did this right! Thanks for your help in advance!

ken545
2014-04-02, 21:07
:snwelcome:

Sorry your having problems, lets try a few things.

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.






http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

autographshark
2014-04-03, 09:35
# AdwCleaner v3.023 - Report created 03/04/2014 at 01:32:12
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : kenneth - PC801713467250
# Running from : C:\Documents and Settings\kenneth\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ca82e1a5
[#] Service Deleted : DefaultTabSearch
[#] Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\LyricsSpeaker
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SingAlong
Folder Deleted : C:\Program Files\MixiDJ_V37
Folder Deleted : C:\Program Files\Vafmusic4
Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\MixiDJ_V37
Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\Vafmusic4
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\alot-appbar
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Smartbar
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\CT3302997
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\CT3298573
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\CT3279141
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\addon@defaulttab.com
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\appbar@alot.com
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\{ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
[!] Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\Documents and Settings\All Users\Desktop\eBay.lnk
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
File Deleted : C:\DOCUME~1\kenneth\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3302997
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D057E38-1E36-47AA-B86F-297F71B9FE0A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F79395C3-8B78-403E-8953-4C242D3A3C62}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CF028A3-25EE-4A0F-A414-F0F935CCCACA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAD0840B-6432-4C32-BC5A-757FDC153140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6CA6011-7554-4A76-9526-C29DB405CD6C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\lyricsspeaker
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\MixiDJ_V37
Key Deleted : HKCU\Software\Vafmusic4
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\MixiDJ_V37
Key Deleted : HKLM\Software\Vafmusic4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V37 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic4 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V37 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vafmusic4 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v3.6.3 (en-US)

[ File : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\prefs.js ]

Line Deleted : user_pref("CT3279141.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.FF19Solved", "true");
Line Deleted : user_pref("CT3279141.FirstTime", "true");
Line Deleted : user_pref("CT3279141.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3279141.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=");
Line Deleted : user_pref("CT3279141.UserID", "UN20580107978990285");
Line Deleted : user_pref("CT3279141.User_UniqueID.enc", "YjdmYmQzZjMtMjM2ZC04MTgzLWVkNzgtNjM2ZTA2OTg3ODg5");
Line Deleted : user_pref("CT3279141.autoDisableScopes", -1);
Line Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3279141.defaultSearch", "true");
Line Deleted : user_pref("CT3279141.embeddedsData", "[{\"appId\":\"130028020976478709\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3279141.enableAlerts", "always");
Line Deleted : user_pref("CT3279141.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3279141.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3279141.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3279141.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3279141.fixUrls", true);
Line Deleted : user_pref("CT3279141.hxxp___api31_starwebnet_com.pid2.enc", "NTYzMmRmY2UtYmVkZS1iNDNkLThjYWEtOWI1MjBjMGVjNDkw");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZWVkNTczMWMtYThhYS1hNjE4LWQ5MWItOWZiZjdkMTQzMmYz");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Deleted : user_pref("CT3279141.hxxp___www_toolbar_ads_com_internetapp.APP_WIN_FEATURES.enc", "");
Line Deleted : user_pref("CT3279141.installDate", "26/2/2013 1:19:49");
Line Deleted : user_pref("CT3279141.installId", "9818");
Line Deleted : user_pref("CT3279141.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3279141.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3279141.key_user_agree_ia12.enc", "MQ==");
Line Deleted : user_pref("CT3279141.key_wellcome_ia12.enc", "MQ==");
Line Deleted : user_pref("CT3279141.keyword", "true");
Line Deleted : user_pref("CT3279141.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3279141.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3279141.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3279141.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3279141%26SearchSource%3D13%26CUI%3DUN20580107978990285\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT3279141.openThankYouPage", "false");
Line Deleted : user_pref("CT3279141.openUninstallPage", "true");
Line Deleted : user_pref("CT3279141.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3279141.search.searchAppId", "130028020976478709");
Line Deleted : user_pref("CT3279141.search.searchCount", "0");
Line Deleted : user_pref("CT3279141.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279141\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeB.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke B\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376020390614");
Line Deleted : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1376020393840");
Line Deleted : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376020391297");
Line Deleted : user_pref("CT3279141.serviceLayer_services_location_lastUpdate", "1376020386296");
Line Deleted : user_pref("CT3279141.serviceLayer_services_login_10.14.65.43_lastUpdate", "1376020404507");
Line Deleted : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376020390747");
Line Deleted : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1376020386275");
Line Deleted : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1376020384946");
Line Deleted : user_pref("CT3279141.serviceLayer_services_setupAPI_lastUpdate", "1376020391701");
Line Deleted : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376020391057");
Line Deleted : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1376020386463");
Line Deleted : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1376020390509");
Line Deleted : user_pref("CT3279141.settingsINI", true);
Line Deleted : user_pref("CT3279141.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3279141.smartbar.CTID", "CT3279141");
Line Deleted : user_pref("CT3279141.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3279141.smartbar.homepage", true);
Line Deleted : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
Line Deleted : user_pref("CT3279141.startPage", "true");
Line Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376020360850,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3298573.FF19Solved", "true");
Line Deleted : user_pref("CT3298573.UserID", "UN16857030743449312");
Line Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298573.fullUserID", "UN16857030743449312.IN.20130810114936");
Line Deleted : user_pref("CT3298573.installDate", "10/08/2013 11:49:34");
Line Deleted : user_pref("CT3298573.installSessionId", "{00CCA5C0-94D1-4FEA-9B40-A571D84958BA}");
Line Deleted : user_pref("CT3298573.installSp", "TRUE");
Line Deleted : user_pref("CT3298573.installerVersion", "1.5.4.5");
Line Deleted : user_pref("CT3298573.keyword", "true");
Line Deleted : user_pref("CT3298573.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN20580107978990285&UM=UM_ID&UP=SPBF8E644F-74BF-47DE-AB7F-4C1747C24738");
Line Deleted : user_pref("CT3298573.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302997&SearchSource=2&CUI=UN34716549461819022&UM=2&q=");
Line Deleted : user_pref("CT3298573.originalSearchEngine", "Vafmusic4 Customized Web Search");
Line Deleted : user_pref("CT3298573.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298573.searchRevert", "false");
Line Deleted : user_pref("CT3298573.searchUserMode", "2");
Line Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298573.versionFromInstaller", "10.16.9.6");
Line Deleted : user_pref("CT3298573.xpeMode", "0");
Line Deleted : user_pref("CT3302997.FF19Solved", "true");
Line Deleted : user_pref("CT3302997.FirstTime", "true");
Line Deleted : user_pref("CT3302997.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3302997.UserID", "UN34716549461819022");
Line Deleted : user_pref("CT3302997.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3302997.autoDisableScopes", 10);
Line Deleted : user_pref("CT3302997.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3302997.defaultSearch", "true");
Line Deleted : user_pref("CT3302997.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3302997.enableAlerts", "true");
Line Deleted : user_pref("CT3302997.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3302997.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3302997.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3302997.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3302997.fixUrls", true);
Line Deleted : user_pref("CT3302997.installDate", "1/6/2013 2:50:20");
Line Deleted : user_pref("CT3302997.installId", "stub.exe");
Line Deleted : user_pref("CT3302997.installSessionId", "{9A9C510D-8C3C-4DE5-94EA-8F0FDC35CEF3}");
Line Deleted : user_pref("CT3302997.installSp", "TRUE");
Line Deleted : user_pref("CT3302997.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3302997.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3302997.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3302997.keyword", "true");
Line Deleted : user_pref("CT3302997.lastVersion", "10.16.2.9");
Line Deleted : user_pref("CT3302997.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3302997.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3279141%26SearchSource%3D13%26CUI%3DUN20580107978990285\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT3302997.openThankYouPage", "false");
Line Deleted : user_pref("CT3302997.openUninstallPage", "true");
Line Deleted : user_pref("CT3302997.originalHomepage", "about:home");
Line Deleted : user_pref("CT3302997.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=");
Line Deleted : user_pref("CT3302997.originalSearchEngine", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("CT3302997.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3302997.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3302997.searchRevert", "false");
Line Deleted : user_pref("CT3302997.searchUserMode", "2");
Line Deleted : user_pref("CT3302997.serviceLayer_services_serviceMap_lastUpdate", "1376020384627");
Line Deleted : user_pref("CT3302997.settingsINI", true);
Line Deleted : user_pref("CT3302997.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3302997.smartbar.CTID", "CT3302997");
Line Deleted : user_pref("CT3302997.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3302997.smartbar.homepage", "true");
Line Deleted : user_pref("CT3302997.smartbar.toolbarName", "Vafmusic4 ");
Line Deleted : user_pref("CT3302997.startPage", "true");
Line Deleted : user_pref("CT3302997.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3302997.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3302997_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376020360133,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279141&SearchSource=13&CUI=UN20580107978990285");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302997&SearchSource=2&CUI=UN34716549461819022&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN16857030743449312&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Bueno\", \"window_content\": \"<html>\\[...]
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN16857030743449312&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3302997&CUI=UN34716549461819022&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3279141&SearchSource=13&CUI=UN205801[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.machineId", "QYSLHY1UBDRB8RVBQ5BHT1KTVVZUA1UBSTDJCN/428TRWSHB9KJ0RP9O1QP5WKFMQWMIHQALM42RH4PJWD5Q0A");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3302997&CUI=UN34716549461819022&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25821 octets] - [03/04/2014 01:29:22]
AdwCleaner[S0].txt - [26192 octets] - [03/04/2014 01:32:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26253 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by kenneth on Thu 04/03/2014 at 1:56:34.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5FB76A0E-7C3F-45EE-AFDE-6B66C15942FE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ECB0515E-E11C-41A6-B3CE-ECEE03B5B13A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\kenneth\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\kenneth\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Documents and Settings\kenneth\Local Settings\Application Data\cre"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\kenneth\Application Data\mozilla\firefox\profiles\ytasw4hq.default\prefs.js

user_pref("extensions.alotab.errorUrl", "hxxp://search.alot.com/error?src_id=30662&client_id=1c8a5cb4a851d83eaa3b8879&camp_id=4052&install_time=2013-08-09T03:52:37Z&pr=errs&tb
user_pref("extensions.defaulttab.active.affiliate", 3566);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "21F0380D2FCD791AD582AA3DD2044036");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "2.0");
user_pref("extensions.defaulttab.lastUsed", 1376020504);



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/03/2014 at 2:30:09.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545
2014-04-03, 12:16
Good,

You had a ton of bogus toolbars and whatnot installed, sometimes these are all linked together.

http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.Uz0kWvldVL3
I want to give you a heads up on Windows XP as Microsoft will be dropping support for this version in just a few days, it will go down the same path as Win 95 and 98, it will still work and you can continue to use it but without all the windows updates that help make it secure you would be taking a chance doing any online banking or purchases using a credit card, the bad guys are chomping at the bit waiting for this as XP will then be easier to exploit.

You may want to consider upgrading to Windows 7 but that depends on the firing power of this computer, you can download and run the Win 7 upgrade advisor and see where you stand, we can go over this a bit later when where done
http://www.microsoft.com/en-us/download/details.aspx?id=20



Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

autographshark
2014-04-04, 08:12
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2014
Scan Time: 1:43:13 PM
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.03.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: kenneth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290644
Time Elapsed: 1 hr, 10 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 5
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\updateFortunitas.exe, 1460, Delete-on-Reboot, [737eba6bee8df145ff1bab9aa06159a7]
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\utilFortunitas.exe, 1904, Delete-on-Reboot, [d71ad74e077445f1a07ae16402ff9c64]
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\FilterApp_C.exe, 2256, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5]
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.exe, 3348, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5]
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe, 1732, Delete-on-Reboot, [668ba085e2995adccfcb5203d2305ca4]

Modules: 3
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLS.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLS.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],

Registry Keys: 29
PUP.Optional.Fortunitas.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Fortunitas, Quarantined, [737eba6bee8df145ff1bab9aa06159a7],
PUP.Optional.Fortunitas.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Fortunitas, Quarantined, [d71ad74e077445f1a07ae16402ff9c64],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\CLSID\{c6f3fc7b-d607-44ec-9caf-2a41d547137f}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{eff4f283-3c8b-4a01-8297-ddc839210b86}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94F1FD29-FDC2-4BF9-B008-AFB0452634E6}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C6F3FC7B-D607-44EC-9CAF-2A41D547137F}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\CLSID\{C6F3FC7B-D607-44EC-9CAF-2A41D547137F}\INPROCSERVER32, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\CLSID\{15467C9F-3784-4109-89C9-6ED7100B96B8}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\TYPELIB\{1B13EA0A-0F47-4678-8848-0CB84FDE303D}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{BE0B5EDA-7AA2-4D65-B0D7-3785B1BD285F}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{15467C9F-3784-4109-89C9-6ED7100B96B8}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{15467C9F-3784-4109-89C9-6ED7100B96B8}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [856c2ef7a2d9142223f544ca11f103fd],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [856c2ef7a2d9142223f544ca11f103fd],
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [ab46af761d5ec76f3cc2b556cb37bf41],
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [ab46af761d5ec76f3cc2b556cb37bf41],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [ed048f969eddfe382395d66a3ec45ca4],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [866b2afb7605cd69d516d33aea1839c7],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [b04161c48eeda591e7050409bd452ad6],
PUP.Optional.Solimba, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, Quarantined, [628faa7bd8a387afc9318c71bd43cb35],
PUP.Optional.WeatherAlerts.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DesktopWeatherAlerts, Quarantined, [f4fd47deb0cb65d15406dc5f699b5fa1],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Fortunitas, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\Fortunitas, Quarantined, [b73a9f86116ada5cac730665bb4703fd],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [777a7da80d6e1e182272cea1cc3639c7],
PUP.Optional.Fortunitas.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Fortunitas, Quarantined, [50a1e1441f5cae88d7473635d42e9b65],

Registry Values: 1
PUP.Optional.ConduitSearchProtect, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe, Quarantined, [b140d253611ace68e6e186f99f64fe02]

Registry Data: 3
Trojan.0Access, HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32, C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\n., Good: (fastprox.dll), Bad: (C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\n.),Replaced,[fbf65bca94e7ca6cd779ea27e51f5da3]
PUM.Hijack.StartMenu, HKU\S-1-5-21-2420282109-1773090242-3309790634-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[7b761d08afccb383c66d3dd2689cba46]
PUM.Hijack.StartMenu, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[50a144e1f388d85e91a28e819e666898]

Folders: 17
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\TEMP, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_2eymnc5l1vm4ey5z1beasywuj0cfb4ch, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_2eymnc5l1vm4ey5z1beasywuj0cfb4ch\1.4.0.0, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts, Delete-on-Reboot, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138, Quarantined, [668ba085e2995adccfcb5203d2305ca4],

Files: 82
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\updateFortunitas.exe, Delete-on-Reboot, [737eba6bee8df145ff1bab9aa06159a7],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\utilFortunitas.exe, Delete-on-Reboot, [d71ad74e077445f1a07ae16402ff9c64],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\FortunitasBHO.dll, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.DomalQ, C:\Documents and Settings\kenneth\My Documents\Downloads\Java.exe, Quarantined, [49a8c560cead1c1a43f473ca3ec20bf5],
PUP.Optional.Solimba, C:\Documents and Settings\kenneth\My Documents\Downloads\Setup.exe, Quarantined, [628faa7bd8a387afc9318c71bd43cb35],
HackTool.Agent, C:\Program Files\Twitter Marketing Bot.exe, Quarantined, [579ac1647209d363e221364204fc57a9],
PUP.Optional.Softonic.A, C:\Program Files\SoftonicDownloader_for_mobipocket-reader-desktop.exe, Quarantined, [a54c3ee7bdbe42f4165da3754ab77789],
PUP.Optional.InstallIQ.A, C:\Program Files\gimp_installer_2068.exe, Quarantined, [6c85b174ff7c092d19868f7fc8395da3],
PUP.Optional.Monetizer, C:\Documents and Settings\kenneth\Local Settings\Temp\jki140.tmp, Quarantined, [26cb70b5ee8d94a29f7247207988ad53],
Backdoor.Bot, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\android.exe, Quarantined, [7c7553d27b0022149d0e194b33ce857b],
PUP.Optional.WeatherAlerts.A, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\DesktopWeatherAlertsSetup.exe, Quarantined, [c52cc65f5229e35306541427be464ab6],
PUP.Optional.Fortunitas.A, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\FortunitasSetup.exe, Quarantined, [9a57012499e2e155d705767621e24eb2],
PUP.Optional.SkyTech.A, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\tugs_key-find.exe, Quarantined, [07ea0322512a95a1acfb3d119170a759],
PUP.Optional.SilenceInstall, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\VOPackage.exe, Quarantined, [8071998c403b41f5428ced4dfa067789],
PUP.Optional.SkyTech.A, C:\Documents and Settings\kenneth\Local Settings\Temp\fullpackage_temp1396234924\alilog.dll, Quarantined, [37baa87d0972b185f41fc66c1be542be],
PUP.Optional.SkyTech.A, C:\Documents and Settings\kenneth\Local Settings\Temp\fullpackage_temp1396234924\package1.zip, Quarantined, [11e01f06aecd072fe72c75bd7090b050],
Backdoor.Bot, C:\Documents and Settings\kenneth\Local Settings\Temp\android\android.exe, Quarantined, [af420e17b0cb3afce1ca0e56649dc33d],
PUP.Optional.WeatherAlerts.A, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsuninstall.exe, Quarantined, [f4fd47deb0cb65d15406dc5f699b5fa1],
PUP.Optional.QuickStart.A, C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [14ddce5763180135fb51f36b41c10af6],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\Fortunitas.ico, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\7za.exe, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\FortunitasUninstall.exe, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\updateFortunitas.InstallState, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\7za.exe, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\BrowserAdapterS.7z, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\FilterApp_C.exe, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLS.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.exe, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.Bromon.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.BrowserAdapterS.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.CompatibilityChecker.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.FFUpdate.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.IEUpdate.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.PurBrowseG.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk, Quarantined, [d918899c4338ad89a2ab204b1ee409f7],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Weather Alerts.lnk, Quarantined, [10e1cf565c1fe155113d73f828da867a],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\nsprotector.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\abstraction.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\application.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\popupTransparent.xul, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\main.html, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\main.html, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_2eymnc5l1vm4ey5z1beasywuj0cfb4ch\1.4.0.0\user.config, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp0.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsBrowser.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsK.dat.U.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsU.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\uninstall.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WAUpdater.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WAUpdater.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe, Delete-on-Reboot, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.0.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.1.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.2.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.3.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\mergetree, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.2.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.3.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.4.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.5.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],

Physical Sectors: 0
(No malicious items detected)


(end)

I was headed to work and closed it without saving it. I came home and search the software to copy it. It's above!

autographshark
2014-04-04, 09:03
OTL logfile created on: 4/4/2014 1:15:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kenneth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 341.27 Mb Available Physical Memory | 33.62% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 101.01 Gb Free Space | 67.78% Space Free | Partition Type: NTFS

Computer Name: PC801713467250 | User Name: kenneth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kenneth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Documents and Settings\kenneth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcloorr.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\14040301\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RTS5121.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.SYS File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (AswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (tStLibG) -- C:\WINDOWS\system32\drivers\tStLibG.sys (StdLib)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (SysCow) -- C:\WINDOWS\system32\drivers\syscow32x.sys (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (Cam3820) -- C:\WINDOWS\system32\drivers\cam3820a.sys (CamVendor)
DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\WINDOWS\system32\drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\WINDOWS\system32\drivers\SaibIa32.sys (Sonic Solutions)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS358
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 00:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/03 14:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/03 14:56:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net: C:\Program Files\LyricsSpeaker\120.xpi

[2012/05/07 15:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Extensions
[2014/04/03 01:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions
[2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis
[2009/03/18 16:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2013/07/31 09:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\QUICK_START@GMAIL.COM
[2014/04/01 00:32:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/12/05 05:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2014/02/03 14:55:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2014/03/30 23:04:11 | 000,000,551 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\key-find.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://att.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auction Auto Bidder] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\xenwuj.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4397C3C-4801-45DB-97C8-078873CCB5F1}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/04 00:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
[2014/04/03 12:28:58 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/03 12:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/03 12:28:02 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 12:28:01 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/03 12:16:14 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\kenneth\Desktop\mbam-setup-2.0.0.1000.exe
[2014/04/03 01:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/03 01:53:32 | 001,038,974 | ---- | C] (Thisisu) -- C:\Documents and Settings\kenneth\Desktop\JRT.exe
[2014/04/03 01:29:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/02 10:55:41 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\kenneth\Desktop\aswMBR.exe
[2014/04/02 10:46:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\kenneth\Desktop\dds.scr
[2014/04/02 10:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2014/04/02 10:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/04/02 10:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/04/01 01:02:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kenneth\My Documents\Dropbox
[2014/04/01 00:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\DropboxMaster
[2014/04/01 00:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/04/01 00:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Dropbox
[2014/04/01 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\Dropbox
[2014/04/01 00:32:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/01 00:09:40 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/30 23:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\key-find
[2014/03/30 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts
[2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/03/12 00:55:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/03/12 00:55:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/03/12 00:55:49 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/03/12 00:55:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/03/12 00:55:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/03/12 00:55:47 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/03/12 00:55:46 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/03/12 00:55:45 | 006,022,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/03/12 00:55:44 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/03/12 00:55:43 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/03/12 00:55:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/01/12 09:18:55 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2012/08/24 01:47:33 | 026,822,384 | ---- | C] (Intuit) -- C:\Program Files\QuickBooksInstallDiagnosticTool.exe
[2012/08/09 01:32:18 | 006,785,285 | ---- | C] (KompoZer ) -- C:\Program Files\kompozer-0.8b3.en-US.win32.exe
[2012/07/24 02:49:15 | 052,249,417 | ---- | C] (www.AuctionListingCreator.com ) -- C:\Program Files\ListingFactory_2012_Setup.exe
[2012/07/10 12:39:18 | 001,982,061 | ---- | C] (Auctonic) -- C:\Program Files\Auctonic.exe
[2012/07/05 01:19:48 | 000,813,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2012/05/10 02:39:47 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2012/05/10 01:28:54 | 001,810,833 | ---- | C] (BrainWave) -- C:\Program Files\HCP.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/04 01:26:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\ADOBE FLASH PLAYER UPDATER.JOB
[2014/04/04 01:19:29 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2014/04/04 01:00:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINEUA.JOB
[2014/04/04 00:56:44 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 00:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
[2014/04/04 00:42:01 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/04 00:37:32 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/04 00:37:28 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/04 00:37:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADELOGONTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
[2014/04/04 00:35:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINECORE.JOB
[2014/04/04 00:34:59 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/04 00:34:59 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
[2014/04/04 00:34:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/04 00:34:12 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/03 13:54:14 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/03 12:28:16 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 12:19:57 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\kenneth\Desktop\mbam-setup-2.0.0.1000.exe
[2014/04/03 01:53:39 | 001,038,974 | ---- | M] (Thisisu) -- C:\Documents and Settings\kenneth\Desktop\JRT.exe
[2014/04/03 01:19:51 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\AdwCleaner.exe
[2014/04/02 11:10:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\MBR.dat
[2014/04/02 10:56:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\kenneth\Desktop\aswMBR.exe
[2014/04/02 10:46:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\kenneth\Desktop\dds.scr
[2014/04/02 10:39:27 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/02 10:39:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\NTREGOPT.lnk
[2014/04/02 10:39:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\ERUNT.lnk
[2014/04/02 10:31:03 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\DTReg.job
[2014/04/01 10:51:37 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/01 10:50:19 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
[2014/04/01 00:42:18 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/01 00:32:49 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/01 00:32:49 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/01 00:32:48 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/01 00:32:48 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/01 00:32:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/04/01 00:32:47 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/01 00:32:46 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/01 00:32:45 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/01 00:32:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/01 00:09:40 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/30 23:13:14 | 000,506,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/30 23:13:14 | 000,089,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/30 23:04:53 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/30 23:04:50 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/30 23:04:12 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/30 23:04:12 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/25 12:38:13 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/03/24 12:01:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADESCHEDULEDTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
[2014/03/18 13:52:32 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/12 07:29:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/12 07:29:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/12 07:25:25 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/12 03:07:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/05 09:26:10 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/05 09:26:02 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/03 12:28:16 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 01:19:42 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\AdwCleaner.exe
[2014/04/02 11:10:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\MBR.dat
[2014/04/02 10:39:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/02 10:39:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\NTREGOPT.lnk
[2014/04/02 10:39:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\ERUNT.lnk
[2014/04/02 10:19:13 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/01 10:51:36 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/01 01:02:31 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
[2014/03/31 23:38:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2014/03/31 23:38:22 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/03/18 11:59:39 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
[2014/03/18 11:59:39 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/06/20 03:20:35 | 012,570,054 | ---- | C] () -- C:\Program Files\hifsetup.zip
[2013/05/16 09:47:33 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/16 09:47:33 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/16 09:03:43 | 117,478,104 | ---- | C] () -- C:\Program Files\avast_free_antivirus_setup.exe
[2013/05/15 00:16:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/04 11:08:25 | 000,411,003 | ---- | C] ( ) -- C:\Program Files\PinBot-v1-3-Setup.exe
[2013/04/19 13:11:31 | 150,064,088 | ---- | C] () -- C:\Program Files\AFM Tutorial_Videos.zip
[2013/04/19 12:07:05 | 004,790,449 | ---- | C] () -- C:\Program Files\afm_v2_06.zip
[2013/04/16 02:58:50 | 001,271,683 | ---- | C] () -- C:\Program Files\inbox-profits.zip
[2013/04/15 01:48:21 | 000,474,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2420282109-1773090242-3309790634-1007-0.dat
[2013/04/15 01:31:24 | 050,947,546 | ---- | C] () -- C:\Program Files\Free_PLR_Products-dkas.zip
[2013/04/15 00:56:37 | 000,000,442 | ---- | C] () -- C:\Program Files\Shortcut to afm.lnk
[2013/04/14 17:30:56 | 086,167,160 | ---- | C] () -- C:\Program Files\PLR_Facebook_Fans_Stampede.zip
[2013/04/14 16:39:47 | 004,764,001 | ---- | C] () -- C:\Program Files\afm.zip
[2013/04/12 17:18:39 | 000,045,814 | ---- | C] () -- C:\Program Files\extension_1_0_5.crx
[2013/04/11 11:52:55 | 009,593,826 | ---- | C] () -- C:\Program Files\eBay_Social_Selling_Best_Practices[1].pdf
[2013/03/23 08:57:34 | 336,558,358 | ---- | C] () -- C:\Program Files\FanPage Store Generator.zip
[2013/03/22 18:59:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/02/17 14:57:54 | 000,111,115 | ---- | C] () -- C:\Program Files\STF_2013-02-17_1361127423957 GA 2012 return.pdf
[2013/02/17 14:56:08 | 000,164,764 | ---- | C] () -- C:\Program Files\FTF_2013-02-17_1361127298608 Fed 2012 return.pdf
[2013/02/17 14:53:23 | 000,024,649 | ---- | C] () -- C:\Program Files\2012 Ga refund.pdf
[2013/01/25 11:36:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\fusioncache.dat
[2012/12/13 03:36:13 | 000,361,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/14 01:49:14 | 000,246,364 | ---- | C] () -- C:\Program Files\2freechapters-silentsalesmachine-dot-com[1].pdf
[2012/08/24 11:56:00 | 000,012,314 | ---- | C] () -- C:\Documents and Settings\kenneth\.recently-used.xbel
[2012/08/15 01:55:26 | 000,016,839 | ---- | C] () -- C:\Program Files\Autograph Ebook cover 3.jpg
[2012/07/23 13:43:24 | 003,762,328 | ---- | C] () -- C:\Program Files\InternetBusinessBasics.zip
[2012/07/23 13:36:17 | 005,227,079 | ---- | C] () -- C:\Program Files\InternetMarketingFromA-Z.zip
[2012/07/23 11:02:34 | 000,609,436 | ---- | C] () -- C:\Program Files\spelloe_setup.exe
[2012/07/19 13:46:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2012/07/19 13:46:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2012/07/19 13:46:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2012/07/06 13:36:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 03:08:19 | 000,008,983 | ---- | C] () -- C:\Program Files\ETSY 089.jpg
[2012/07/06 03:08:18 | 000,061,506 | ---- | C] () -- C:\Program Files\ETSY 051.jpg
[2012/07/06 02:15:36 | 000,020,224 | ---- | C] () -- C:\Program Files\Green.jpg
[2012/07/06 01:45:58 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\kenneth\.gtk-bookmarks
[2012/07/05 12:00:34 | 018,117,717 | ---- | C] () -- C:\Program Files\GimPhoto-1.4.3_setup.exe
[2012/06/22 00:11:39 | 010,606,592 | ---- | C] () -- C:\Program Files\creator.msi
[2012/05/31 12:35:38 | 000,264,025 | ---- | C] () -- C:\Program Files\Cabinet-Repair-Vol-1-PDF.pdf
[2012/05/28 09:43:11 | 000,013,990 | ---- | C] () -- C:\Program Files\Turbo lister problems.csv
[2012/05/10 02:52:41 | 151,801,119 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
[2012/05/10 01:20:47 | 005,433,105 | ---- | C] () -- C:\Program Files\hifsetup.exe
[2012/05/10 01:13:47 | 007,589,922 | ---- | C] () -- C:\Program Files\kop-setup.zip
[2012/05/09 09:43:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\kenneth\Application Data\wklnhst.dat
[2012/05/07 16:08:40 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/05/07 14:02:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/05/01 19:21:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/15 01:53:42 | 006,624,351 | ---- | C] () -- C:\Program Files\twitter-marketing-bot.mp4
[2011/01/15 01:53:42 | 000,039,391 | ---- | C] () -- C:\Program Files\TwitterMarketingBot.png
[2011/01/15 01:53:40 | 000,071,852 | ---- | C] () -- C:\Program Files\Twitter Marketing Bot.ubot

========== ZeroAccess Check ==========

[2013/05/07 00:57:36 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@
[2013/05/07 00:57:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L
[2013/05/17 08:04:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U
[2013/05/07 00:57:54 | 000,000,928 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@
[2009/08/24 12:33:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/15 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/15 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/04 15:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AddOn
[2014/01/19 10:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/12/05 18:22:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
[2013/12/05 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2013/12/04 09:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/12/04 09:56:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/12/04 09:15:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJETV
[2013/12/04 13:33:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2013/12/04 14:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/05/01 19:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clearwire
[2012/12/13 09:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/08/24 13:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/08/24 13:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2014/01/19 10:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\AVAST Software
[2013/12/04 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Canon
[2013/12/05 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Canon Easy-WebPrint EX
[2012/07/19 13:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/04 00:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Dropbox
[2014/04/01 01:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\DropboxMaster
[2012/08/24 12:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\gtk-2.0
[2012/09/20 09:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\KDPublishingPro
[2014/03/30 23:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\key-find
[2012/08/09 01:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\kompozer.net
[2012/08/12 03:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Mobipocket
[2012/05/10 09:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\OpenOffice.org
[2012/05/09 09:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Template
[2013/05/02 23:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\ubot
[2013/04/14 16:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\UBot Studio

========== Purity Check ==========



< End of report >

autographshark
2014-04-04, 09:05
OTL Extras logfile created on: 4/4/2014 1:15:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kenneth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 341.27 Mb Available Physical Memory | 33.62% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 101.01 Gb Free Space | 67.78% Space Free | Partition Type: NTFS

Computer Name: PC801713467250 | User Name: kenneth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10385C4F-A6B2-4913-975D-6828928222EC}" = HP User Guides 0165
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series" = Canon MG3200 series MP Drivers
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{431A5BB6-E5E2-444E-8AF3-70E6BF16DEF6}" = HP Webcam-50
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D446EE0-0C2E-4981-B84F-0F63779DFF50}" = KDPublishingPro
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9555FC7-99B1-4675-9104-732EA581B2AC}" = DOMAIN NAME SEARCH SOFTWARE with Google PageRank
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E1CFE7F3-A062-4904-AA05-084E5C27F499}" = Auctonic
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Auction Auto Bidder_is1" = Auction Auto Bidder
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MG3200 series On-screen Manual" = Canon MG3200 series On-screen Manual
"Canon MG3200 series User Registration" = Canon MG3200 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GimPhoto" = GimPhoto 1.4.3
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hot Item Finder2.1.1.1" = Hot Item Finder
"ie8" = Windows Internet Explorer 8
"key-find uninstaller" = key-find uninstaller
"Keyword Optimizer Pro 22.0.1.7" = Keyword Optimizer Pro 2
"Loki ActiveX Control" = Loki ActiveX Control
"lspeaker@lyricsspeaker.net" = LyricsSpeaker
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PinAutomation - Traffic Robot v1.2_is1" = PinAutomation - Traffic Robot v1.2
"RealPlayer 16.0" = RealPlayer
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JNLP" = JNLP

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2014 11:38:10 PM | Computer Name = PC801713467250 | Source = ESENT | ID = 454
Description = wuauclt (1420) Database recovery/restore failed with unexpected error
-1216.

Error - 3/31/2014 11:42:21 PM | Computer Name = PC801713467250 | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ? *, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

Error - 4/1/2014 12:30:21 AM | Computer Name = PC801713467250 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 4/1/2014 12:55:00 AM | Computer Name = PC801713467250 | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ? *, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

Error - 4/3/2014 1:51:12 AM | Computer Name = PC801713467250 | Source = RstIdle | ID = 0
Description =

Error - 4/3/2014 2:01:00 AM | Computer Name = PC801713467250 | Source = RstIdle | ID = 0
Description =

Error - 4/3/2014 2:14:00 AM | Computer Name = PC801713467250 | Source = RstIdle | ID = 0
Description =

Error - 4/3/2014 2:26:56 AM | Computer Name = PC801713467250 | Source = RstIdle | ID = 0
Description =

Error - 4/3/2014 1:48:50 PM | Computer Name = PC801713467250 | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ? *, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

Error - 4/3/2014 1:55:59 PM | Computer Name = PC801713467250 | Source = RstIdle | ID = 0
Description =

[ System Events ]
Error - 4/3/2014 1:33:45 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7031
Description = The Util Fortunitas service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 4/3/2014 1:33:45 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/3/2014 11:54:56 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 4/3/2014 1:51:03 PM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde PCIIde ViaIde

Error - 4/3/2014 1:53:33 PM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 4/3/2014 1:54:03 PM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 4/4/2014 12:20:17 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 4/4/2014 12:20:48 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 4/4/2014 12:35:30 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 4/4/2014 12:35:53 AM | Computer Name = PC801713467250 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.


< End of report >

Still got Key-Find popping up as my Google Chrome browser opens!

ken545
2014-04-04, 12:43
Good Morning,


Still got Key-Find popping up as my Google Chrome browser opens!
Yep, I still see it, I am going to work up a fix for you using OTL and we will remove it

In the meantime I am concerned about this as its a marker for the Zero Access Rootkit
Trojan.0Access


So lets do this first, this is just a scan to see if its present


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan

As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

autographshark
2014-04-05, 09:56
02:28:21.0015 3568 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:28:26.0281 3568 ============================================================
02:28:26.0281 3568 Current date / time: 2014/04/05 02:28:26.0281
02:28:26.0281 3568 SystemInfo:
02:28:26.0281 3568
02:28:26.0281 3568 OS Version: 5.1.2600 ServicePack: 3.0
02:28:26.0281 3568 Product type: Workstation
02:28:26.0281 3568 ComputerName: PC801713467250
02:28:26.0281 3568 UserName: kenneth
02:28:26.0281 3568 Windows directory: C:\WINDOWS
02:28:26.0281 3568 System windows directory: C:\WINDOWS
02:28:26.0281 3568 Processor architecture: Intel x86
02:28:26.0281 3568 Number of processors: 2
02:28:26.0281 3568 Page size: 0x1000
02:28:26.0281 3568 Boot type: Normal boot
02:28:26.0281 3568 ============================================================
02:28:27.0328 3568 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:28:27.0343 3568 ============================================================
02:28:27.0343 3568 \Device\Harddisk0\DR0:
02:28:27.0343 3568 MBR partitions:
02:28:27.0343 3568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A14400
02:28:27.0343 3568 ============================================================
02:28:27.0375 3568 C: <-> \Device\Harddisk0\DR0\Partition1
02:28:27.0375 3568 ============================================================
02:28:27.0375 3568 Initialize success
02:28:27.0375 3568 ============================================================
02:29:17.0140 3548 ============================================================
02:29:17.0140 3548 Scan started
02:29:17.0140 3548 Mode: Manual; TDLFS;
02:29:17.0140 3548 ============================================================
02:29:17.0671 3548 ================ Scan system memory ========================
02:29:20.0765 3548 System memory - ok
02:29:20.0765 3548 ================ Scan services =============================
02:29:20.0984 3548 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
02:29:21.0000 3548 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
02:29:21.0187 3548 Abiosdsk - ok
02:29:21.0234 3548 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
02:29:21.0250 3548 abp480n5 - ok
02:29:21.0296 3548 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:29:21.0312 3548 ACPI - ok
02:29:21.0343 3548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:29:21.0343 3548 ACPIEC - ok
02:29:21.0453 3548 [ 9D96B0D5855FD1B98023B3EEC9F06786 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:29:21.0453 3548 AdobeFlashPlayerUpdateSvc - ok
02:29:21.0468 3548 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
02:29:21.0484 3548 adpu160m - ok
02:29:21.0562 3548 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:29:21.0562 3548 aec - ok
02:29:21.0656 3548 [ 822D53766D57C90C437536232ECE9023 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
02:29:21.0671 3548 AESTAud - ok
02:29:21.0750 3548 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:29:21.0750 3548 AFD - ok
02:29:21.0796 3548 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
02:29:21.0796 3548 agp440 - ok
02:29:21.0828 3548 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
02:29:21.0828 3548 agpCPQ - ok
02:29:21.0843 3548 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
02:29:21.0859 3548 Aha154x - ok
02:29:21.0875 3548 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
02:29:21.0875 3548 aic78u2 - ok
02:29:21.0906 3548 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
02:29:21.0906 3548 aic78xx - ok
02:29:21.0953 3548 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:29:21.0953 3548 Alerter - ok
02:29:22.0000 3548 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:29:22.0000 3548 ALG - ok
02:29:22.0015 3548 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
02:29:22.0031 3548 AliIde - ok
02:29:22.0078 3548 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
02:29:22.0078 3548 alim1541 - ok
02:29:22.0125 3548 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
02:29:22.0125 3548 amdagp - ok
02:29:22.0156 3548 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
02:29:22.0171 3548 amsint - ok
02:29:22.0187 3548 AppMgmt - ok
02:29:22.0265 3548 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
02:29:22.0265 3548 asc - ok
02:29:22.0296 3548 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
02:29:22.0296 3548 asc3350p - ok
02:29:22.0375 3548 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
02:29:22.0375 3548 asc3550 - ok
02:29:22.0578 3548 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:29:22.0593 3548 aspnet_state - ok
02:29:22.0640 3548 [ B347D2FEAE2D063943F16EC98634AB89 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
02:29:22.0656 3548 aswMonFlt - ok
02:29:22.0687 3548 [ 71A7C3DB37ED3F6118AC7FEB50574C35 ] AswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
02:29:22.0703 3548 AswRdr - ok
02:29:22.0734 3548 [ 84B4C00AE8CDFC52CF68F322D821F34C ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
02:29:22.0750 3548 aswRvrt - ok
02:29:22.0812 3548 [ 3A50AD6AE8D8A0F78F03316F5B93FE45 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
02:29:22.0843 3548 aswSnx - ok
02:29:22.0875 3548 [ B6381B4DC603C558419641BA969930E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
02:29:22.0906 3548 aswSP - ok
02:29:22.0937 3548 [ 4A90E597A9AF787C4CEA0DE95C1F74A7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
02:29:22.0937 3548 aswTdi - ok
02:29:22.0984 3548 [ 680448905E27BBC6587ADB28597640D6 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
02:29:23.0000 3548 aswVmm - ok
02:29:23.0046 3548 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:29:23.0046 3548 AsyncMac - ok
02:29:23.0125 3548 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:29:23.0156 3548 atapi - ok
02:29:23.0156 3548 Atdisk - ok
02:29:23.0203 3548 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:29:23.0218 3548 Atmarpc - ok
02:29:23.0296 3548 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:29:23.0296 3548 AudioSrv - ok
02:29:23.0328 3548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:29:23.0343 3548 audstub - ok
02:29:23.0453 3548 [ BEA8D0FA8805CC2E6BB49728166699C7 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:29:23.0453 3548 avast! Antivirus - ok
02:29:23.0531 3548 [ 477F7ADDEF02A8242744417BF90E8E33 ] bcm C:\WINDOWS\system32\DRIVERS\drxvi314.sys
02:29:23.0546 3548 bcm - ok
02:29:23.0703 3548 [ 69DD2805F42F2DE52A5FCBCFA9D8848F ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
02:29:23.0734 3548 BCM43XX - ok
02:29:23.0781 3548 [ A2BE7E717D1B4DECBFD56E2C83E4A92E ] bcmbusctr C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
02:29:23.0781 3548 bcmbusctr - ok
02:29:23.0812 3548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:29:23.0828 3548 Beep - ok
02:29:23.0906 3548 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:29:23.0984 3548 BITS - ok
02:29:24.0109 3548 [ 06902820703ECB60C192B4581AB13754 ] BOTService C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
02:29:24.0109 3548 BOTService - ok
02:29:24.0171 3548 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
02:29:24.0187 3548 Bridge - ok
02:29:24.0203 3548 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
02:29:24.0203 3548 BridgeMP - ok
02:29:24.0265 3548 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:29:24.0265 3548 Browser - ok
02:29:24.0328 3548 [ 5AF2367C6E70D0488EB47A87D5D899C8 ] Cam3820 C:\WINDOWS\system32\Drivers\cam3820a.sys
02:29:24.0343 3548 Cam3820 - ok
02:29:24.0359 3548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
02:29:24.0359 3548 cbidf - ok
02:29:24.0390 3548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:29:24.0390 3548 cbidf2k - ok
02:29:24.0437 3548 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:29:24.0453 3548 CCDECODE - ok
02:29:24.0468 3548 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
02:29:24.0468 3548 cd20xrnt - ok
02:29:24.0500 3548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:29:24.0515 3548 Cdaudio - ok
02:29:24.0546 3548 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:29:24.0546 3548 Cdfs - ok
02:29:24.0578 3548 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:29:24.0578 3548 Cdrom - ok
02:29:24.0609 3548 Changer - ok
02:29:24.0656 3548 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:29:24.0656 3548 CiSvc - ok
02:29:24.0687 3548 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:29:24.0687 3548 ClipSrv - ok
02:29:24.0765 3548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:29:24.0859 3548 clr_optimization_v2.0.50727_32 - ok
02:29:24.0906 3548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:29:25.0031 3548 clr_optimization_v4.0.30319_32 - ok
02:29:25.0109 3548 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:29:25.0109 3548 CmBatt - ok
02:29:25.0140 3548 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
02:29:25.0140 3548 CmdIde - ok
02:29:25.0187 3548 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:29:25.0187 3548 Compbatt - ok
02:29:25.0218 3548 COMSysApp - ok
02:29:25.0281 3548 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
02:29:25.0296 3548 Cpqarray - ok
02:29:25.0359 3548 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:29:25.0359 3548 CryptSvc - ok
02:29:25.0375 3548 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
02:29:25.0390 3548 dac2w2k - ok
02:29:25.0406 3548 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
02:29:25.0421 3548 dac960nt - ok
02:29:25.0500 3548 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:29:25.0515 3548 DcomLaunch - ok
02:29:25.0593 3548 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:29:25.0609 3548 Dhcp - ok
02:29:25.0625 3548 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:29:25.0640 3548 Disk - ok
02:29:25.0640 3548 dmadmin - ok
02:29:25.0703 3548 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:29:25.0734 3548 dmboot - ok
02:29:25.0796 3548 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:29:25.0796 3548 dmio - ok
02:29:25.0828 3548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:29:25.0828 3548 dmload - ok
02:29:25.0890 3548 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:29:25.0906 3548 dmserver - ok
02:29:25.0953 3548 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:29:25.0968 3548 DMusic - ok
02:29:26.0031 3548 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:29:26.0046 3548 Dnscache - ok
02:29:26.0078 3548 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:29:26.0093 3548 Dot3svc - ok
02:29:26.0140 3548 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
02:29:26.0156 3548 dpti2o - ok
02:29:26.0218 3548 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:29:26.0218 3548 drmkaud - ok
02:29:26.0265 3548 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:29:26.0281 3548 EapHost - ok
02:29:26.0296 3548 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:29:26.0312 3548 ERSvc - ok
02:29:26.0359 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:29:26.0375 3548 Eventlog - ok
02:29:26.0468 3548 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:29:26.0468 3548 EventSystem - ok
02:29:26.0500 3548 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:29:26.0515 3548 Fastfat - ok
02:29:26.0562 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:29:26.0578 3548 FastUserSwitchingCompatibility - ok
02:29:26.0609 3548 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:29:26.0625 3548 Fdc - ok
02:29:26.0687 3548 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:29:26.0687 3548 Fips - ok
02:29:26.0718 3548 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:29:26.0718 3548 Flpydisk - ok
02:29:26.0750 3548 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:29:26.0765 3548 FltMgr - ok
02:29:26.0890 3548 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:29:26.0906 3548 FontCache3.0.0.0 - ok
02:29:26.0937 3548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:29:26.0937 3548 Fs_Rec - ok
02:29:26.0968 3548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:29:26.0968 3548 Ftdisk - ok
02:29:27.0078 3548 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
02:29:27.0093 3548 GameConsoleService - ok
02:29:27.0109 3548 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:29:27.0109 3548 Gpc - ok
02:29:27.0265 3548 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
02:29:27.0281 3548 gupdate - ok
02:29:27.0296 3548 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:29:27.0296 3548 gupdatem - ok
02:29:27.0375 3548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:29:27.0390 3548 gusvc - ok
02:29:27.0421 3548 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:29:27.0421 3548 HDAudBus - ok
02:29:27.0562 3548 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:29:27.0578 3548 helpsvc - ok
02:29:27.0593 3548 HidServ - ok
02:29:27.0671 3548 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:29:27.0671 3548 HidUsb - ok
02:29:27.0734 3548 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:29:27.0750 3548 hkmsvc - ok
02:29:27.0796 3548 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
02:29:27.0796 3548 hpn - ok
02:29:27.0968 3548 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
02:29:27.0984 3548 hpqwmiex - ok
02:29:28.0062 3548 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:29:28.0078 3548 HTTP - ok
02:29:28.0156 3548 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:29:28.0171 3548 HTTPFilter - ok
02:29:28.0187 3548 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
02:29:28.0203 3548 i2omgmt - ok
02:29:28.0234 3548 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
02:29:28.0250 3548 i2omp - ok
02:29:28.0312 3548 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:29:28.0328 3548 i8042prt - ok
02:29:28.0625 3548 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:29:28.0781 3548 ialm - ok
02:29:28.0859 3548 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
02:29:28.0875 3548 iaStor - ok
02:29:29.0015 3548 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:29:29.0015 3548 IDriverT - ok
02:29:29.0156 3548 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:29:29.0187 3548 idsvc - ok
02:29:29.0250 3548 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:29:29.0265 3548 Imapi - ok
02:29:29.0328 3548 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:29:29.0343 3548 ImapiService - ok
02:29:29.0375 3548 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
02:29:29.0390 3548 ini910u - ok
02:29:29.0437 3548 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
02:29:29.0437 3548 IntelIde - ok
02:29:29.0468 3548 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:29:29.0468 3548 intelppm - ok
02:29:29.0531 3548 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:29:29.0531 3548 Ip6Fw - ok
02:29:29.0546 3548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:29:29.0562 3548 IpFilterDriver - ok
02:29:29.0609 3548 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:29:29.0625 3548 IpInIp - ok
02:29:29.0687 3548 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:29:29.0687 3548 IpNat - ok
02:29:29.0734 3548 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:29:29.0734 3548 IPSec - ok
02:29:29.0796 3548 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:29:29.0796 3548 IRENUM - ok
02:29:29.0875 3548 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:29:29.0875 3548 isapnp - ok
02:29:30.0078 3548 [ B9436A665A8621073A12338B16D7BFD4 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:29:30.0078 3548 JavaQuickStarterService - ok
02:29:30.0109 3548 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:29:30.0109 3548 Kbdclass - ok
02:29:30.0187 3548 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:29:30.0203 3548 kmixer - ok
02:29:30.0265 3548 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:29:30.0281 3548 KSecDD - ok
02:29:30.0343 3548 [ 140F9B777FA84E2F5EEEA5CADC112E53 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
02:29:30.0343 3548 L1c - ok
02:29:30.0421 3548 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
02:29:30.0437 3548 LanmanServer - ok
02:29:30.0515 3548 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:29:30.0531 3548 lanmanworkstation - ok
02:29:30.0546 3548 lbrtfdc - ok
02:29:30.0625 3548 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:29:30.0625 3548 LmHosts - ok
02:29:30.0687 3548 [ C846349849475B7EC8B20A825449D531 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
02:29:30.0687 3548 MBAMProtector - ok
02:29:30.0781 3548 [ 47DF4BC3D1561B6DAFA0862735FA1493 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
02:29:30.0828 3548 MBAMScheduler - ok
02:29:30.0890 3548 [ 2CFC417EED3BF5DDA255CB7EF7E09D45 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
02:29:30.0906 3548 MBAMService - ok
02:29:30.0937 3548 [ 661B911FA04E73FB073FF9B1C9BD2E05 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
02:29:30.0937 3548 MBAMSwissArmy - ok
02:29:30.0984 3548 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:29:31.0000 3548 Messenger - ok
02:29:31.0109 3548 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:29:31.0109 3548 Microsoft Office Groove Audit Service - ok
02:29:31.0156 3548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:29:31.0156 3548 mnmdd - ok
02:29:31.0203 3548 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:29:31.0218 3548 mnmsrvc - ok
02:29:31.0265 3548 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:29:31.0281 3548 Modem - ok
02:29:31.0312 3548 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:29:31.0328 3548 Mouclass - ok
02:29:31.0359 3548 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:29:31.0359 3548 mouhid - ok
02:29:31.0390 3548 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:29:31.0390 3548 MountMgr - ok
02:29:31.0406 3548 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
02:29:31.0421 3548 mraid35x - ok
02:29:31.0453 3548 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:29:31.0453 3548 MRxDAV - ok
02:29:31.0531 3548 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:29:31.0546 3548 MRxSmb - ok
02:29:31.0609 3548 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:29:31.0625 3548 MSDTC - ok
02:29:31.0671 3548 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:29:31.0687 3548 Msfs - ok
02:29:31.0703 3548 MSIServer - ok
02:29:31.0718 3548 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:29:31.0734 3548 MSKSSRV - ok
02:29:31.0781 3548 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:29:31.0781 3548 MSPCLOCK - ok
02:29:31.0796 3548 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:29:31.0812 3548 MSPQM - ok
02:29:31.0843 3548 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:29:31.0843 3548 mssmbios - ok
02:29:31.0906 3548 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:29:31.0906 3548 MSTEE - ok
02:29:31.0968 3548 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:29:31.0968 3548 Mup - ok
02:29:32.0015 3548 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:29:32.0015 3548 NABTSFEC - ok
02:29:32.0078 3548 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:29:32.0093 3548 napagent - ok
02:29:32.0125 3548 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:29:32.0125 3548 NDIS - ok
02:29:32.0171 3548 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:29:32.0171 3548 NdisIP - ok
02:29:32.0218 3548 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:29:32.0234 3548 NdisTapi - ok
02:29:32.0281 3548 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:29:32.0296 3548 Ndisuio - ok
02:29:32.0328 3548 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:29:32.0328 3548 NdisWan - ok
02:29:32.0406 3548 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:29:32.0406 3548 NDProxy - ok
02:29:32.0437 3548 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:29:32.0453 3548 NetBIOS - ok
02:29:32.0484 3548 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:29:32.0484 3548 NetBT - ok
02:29:32.0546 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:29:32.0562 3548 NetDDE - ok
02:29:32.0593 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:29:32.0593 3548 NetDDEdsdm - ok
02:29:32.0656 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:29:32.0671 3548 Netlogon - ok
02:29:32.0703 3548 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:29:32.0718 3548 Netman - ok
02:29:32.0781 3548 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:29:32.0812 3548 NetTcpPortSharing - ok
02:29:32.0859 3548 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:29:32.0875 3548 Nla - ok
02:29:32.0906 3548 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:29:32.0921 3548 Npfs - ok
02:29:32.0984 3548 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:29:33.0000 3548 Ntfs - ok
02:29:33.0015 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:29:33.0031 3548 NtLmSsp - ok
02:29:33.0109 3548 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:29:33.0125 3548 NtmsSvc - ok
02:29:33.0171 3548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:29:33.0187 3548 Null - ok
02:29:33.0203 3548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:29:33.0218 3548 NwlnkFlt - ok
02:29:33.0250 3548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:29:33.0250 3548 NwlnkFwd - ok
02:29:33.0375 3548 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:29:33.0406 3548 odserv - ok
02:29:33.0468 3548 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:29:33.0468 3548 ose - ok
02:29:33.0546 3548 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
02:29:33.0546 3548 Parport - ok
02:29:33.0625 3548 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:29:33.0625 3548 PartMgr - ok
02:29:33.0671 3548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:29:33.0671 3548 ParVdm - ok
02:29:33.0765 3548 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:29:33.0765 3548 PCI - ok
02:29:33.0796 3548 PCIDump - ok
02:29:33.0812 3548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:29:33.0828 3548 PCIIde - ok
02:29:33.0859 3548 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:29:33.0859 3548 Pcmcia - ok
02:29:33.0875 3548 PCTINDIS5 - ok
02:29:33.0906 3548 PDCOMP - ok
02:29:33.0921 3548 PDFRAME - ok
02:29:33.0953 3548 PDRELI - ok
02:29:33.0968 3548 PDRFRAME - ok
02:29:34.0015 3548 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
02:29:34.0015 3548 perc2 - ok
02:29:34.0046 3548 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
02:29:34.0062 3548 perc2hib - ok
02:29:34.0156 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:29:34.0156 3548 PlugPlay - ok
02:29:34.0203 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:29:34.0203 3548 PolicyAgent - ok
02:29:34.0250 3548 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:29:34.0250 3548 PptpMiniport - ok
02:29:34.0265 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:29:34.0281 3548 ProtectedStorage - ok
02:29:34.0312 3548 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:29:34.0312 3548 PSched - ok
02:29:34.0343 3548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:29:34.0359 3548 Ptilink - ok
02:29:34.0437 3548 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:29:34.0437 3548 PxHelp20 - ok
02:29:34.0484 3548 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
02:29:34.0484 3548 ql1080 - ok
02:29:34.0562 3548 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
02:29:34.0562 3548 Ql10wnt - ok
02:29:34.0593 3548 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
02:29:34.0593 3548 ql12160 - ok
02:29:34.0640 3548 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
02:29:34.0656 3548 ql1240 - ok
02:29:34.0687 3548 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
02:29:34.0687 3548 ql1280 - ok
02:29:34.0734 3548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:29:34.0734 3548 RasAcd - ok
02:29:34.0796 3548 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:29:34.0812 3548 RasAuto - ok
02:29:34.0843 3548 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:29:34.0843 3548 Rasl2tp - ok
02:29:34.0875 3548 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:29:34.0906 3548 RasMan - ok
02:29:34.0921 3548 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:29:34.0937 3548 RasPppoe - ok
02:29:34.0953 3548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:29:34.0968 3548 Raspti - ok
02:29:35.0046 3548 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:29:35.0046 3548 Rdbss - ok
02:29:35.0078 3548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:29:35.0078 3548 RDPCDD - ok
02:29:35.0140 3548 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:29:35.0156 3548 rdpdr - ok
02:29:35.0250 3548 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:29:35.0250 3548 RDPWD - ok
02:29:35.0328 3548 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:29:35.0343 3548 RDSessMgr - ok
02:29:35.0453 3548 [ 96EFEC24346A8EB1157E80523079ADDC ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
02:29:35.0453 3548 RealNetworks Downloader Resolver Service - ok
02:29:35.0500 3548 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:29:35.0515 3548 redbook - ok
02:29:35.0578 3548 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:29:35.0578 3548 RemoteAccess - ok
02:29:35.0609 3548 RimUsb - ok
02:29:35.0687 3548 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
02:29:35.0687 3548 RimVSerPort - ok
02:29:35.0718 3548 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
02:29:35.0718 3548 ROOTMODEM - ok
02:29:35.0765 3548 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:29:35.0781 3548 RpcLocator - ok
02:29:35.0843 3548 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:29:35.0859 3548 RpcSs - ok
02:29:35.0875 3548 RSUSBSTOR - ok
02:29:35.0937 3548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:29:35.0953 3548 RSVP - ok
02:29:36.0000 3548 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
02:29:36.0015 3548 rtl8139 - ok
02:29:36.0031 3548 Rts516xIR - ok
02:29:36.0062 3548 [ 0B2D5D2341437D7D7E1A6C7BBCE3786A ] SahdIa32 C:\WINDOWS\system32\Drivers\SahdIa32.sys
02:29:36.0062 3548 SahdIa32 - ok
02:29:36.0140 3548 [ 7A5F65B16249AF2BC9D18D815F5D7172 ] SaibIa32 C:\WINDOWS\system32\Drivers\SaibIa32.sys
02:29:36.0140 3548 SaibIa32 - ok
02:29:36.0234 3548 [ E333C9515822DE586A3FF759A0C9B7BF ] SaibVd32 C:\WINDOWS\system32\Drivers\SaibVd32.sys
02:29:36.0234 3548 SaibVd32 - ok
02:29:36.0265 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:29:36.0281 3548 SamSs - ok
02:29:36.0312 3548 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:29:36.0328 3548 SCardSvr - ok
02:29:36.0390 3548 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:29:36.0406 3548 Schedule - ok
02:29:36.0437 3548 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:29:36.0437 3548 Secdrv - ok
02:29:36.0468 3548 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:29:36.0484 3548 seclogon - ok
02:29:36.0562 3548 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:29:36.0578 3548 SENS - ok
02:29:36.0593 3548 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
02:29:36.0609 3548 Serial - ok
02:29:36.0734 3548 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
02:29:36.0734 3548 Sfloppy - ok
02:29:36.0843 3548 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:29:36.0859 3548 SharedAccess - ok
02:29:36.0906 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:29:36.0906 3548 ShellHWDetection - ok
02:29:36.0921 3548 Simbad - ok
02:29:36.0953 3548 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
02:29:36.0968 3548 sisagp - ok
02:29:37.0000 3548 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:29:37.0015 3548 SLIP - ok
02:29:37.0062 3548 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
02:29:37.0062 3548 Sparrow - ok
02:29:37.0140 3548 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:29:37.0140 3548 splitter - ok
02:29:37.0203 3548 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:29:37.0218 3548 Spooler - ok
02:29:37.0328 3548 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
02:29:37.0328 3548 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
02:29:37.0328 3548 sptd ( LockedFile.Multi.Generic ) - warning
02:29:37.0328 3548 sptd - detected LockedFile.Multi.Generic (1)
02:29:37.0406 3548 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:29:37.0406 3548 sr - ok
02:29:37.0484 3548 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:29:37.0500 3548 srservice - ok
02:29:37.0546 3548 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:29:37.0562 3548 Srv - ok
02:29:37.0609 3548 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:29:37.0625 3548 SSDPSRV - ok
02:29:37.0734 3548 [ F10F876ACBCA088F666AE6DF920B2B24 ] STacSV c:\program files\idt\wdm\STacSV.exe
02:29:37.0750 3548 STacSV - ok
02:29:37.0875 3548 [ 4F500B19D3E5E7D0FFB4488E404A95B4 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
02:29:37.0937 3548 STHDA - ok
02:29:38.0031 3548 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:29:38.0046 3548 stisvc - ok
02:29:38.0093 3548 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:29:38.0093 3548 streamip - ok
02:29:38.0125 3548 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:29:38.0140 3548 swenum - ok
02:29:38.0187 3548 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:29:38.0187 3548 swmidi - ok
02:29:38.0218 3548 SwPrv - ok
02:29:38.0250 3548 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
02:29:38.0250 3548 symc810 - ok
02:29:38.0296 3548 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
02:29:38.0296 3548 symc8xx - ok
02:29:38.0328 3548 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
02:29:38.0328 3548 sym_hi - ok
02:29:38.0359 3548 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
02:29:38.0375 3548 sym_u3 - ok
02:29:38.0406 3548 [ 8DA49473F997D4C5D821F1E358F94F2D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
02:29:38.0421 3548 SynTP - ok
02:29:38.0437 3548 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:29:38.0453 3548 sysaudio - ok
02:29:38.0515 3548 [ 9C1C6212623484331CCE11EBBBFA3139 ] SysCow C:\WINDOWS\system32\drivers\syscow32x.sys
02:29:38.0531 3548 SysCow - ok
02:29:38.0593 3548 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:29:38.0609 3548 SysmonLog - ok
02:29:38.0703 3548 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:29:38.0718 3548 TapiSrv - ok
02:29:38.0812 3548 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:29:38.0828 3548 Tcpip - ok
02:29:38.0875 3548 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:29:38.0875 3548 TDPIPE - ok
02:29:38.0921 3548 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:29:38.0921 3548 TDTCP - ok
02:29:39.0000 3548 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:29:39.0015 3548 TermDD - ok
02:29:39.0062 3548 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:29:39.0093 3548 TermService - ok
02:29:39.0140 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:29:39.0156 3548 Themes - ok
02:29:39.0203 3548 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
02:29:39.0203 3548 TosIde - ok
02:29:39.0250 3548 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:29:39.0265 3548 TrkWks - ok
02:29:39.0343 3548 [ 1BE0FF3E8B21A8A809491C331C09B1C7 ] tStLibG C:\WINDOWS\system32\drivers\tStLibG.sys
02:29:39.0343 3548 tStLibG - ok
02:29:39.0390 3548 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:29:39.0406 3548 Udfs - ok
02:29:39.0453 3548 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
02:29:39.0453 3548 ultra - ok
02:29:39.0515 3548 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:29:39.0531 3548 Update - ok
02:29:39.0562 3548 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:29:39.0578 3548 upnphost - ok
02:29:39.0640 3548 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:29:39.0656 3548 UPS - ok
02:29:39.0687 3548 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:29:39.0703 3548 usbccgp - ok
02:29:39.0718 3548 USBCCID - ok
02:29:39.0781 3548 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:29:39.0781 3548 usbehci - ok
02:29:39.0812 3548 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:29:39.0812 3548 usbhub - ok
02:29:39.0859 3548 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:29:39.0859 3548 usbprint - ok
02:29:39.0937 3548 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:29:39.0937 3548 usbscan - ok
02:29:40.0031 3548 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:29:40.0031 3548 USBSTOR - ok
02:29:40.0109 3548 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:29:40.0125 3548 usbuhci - ok
02:29:40.0171 3548 [ 813236B1183CFCF289E367BD5DE6E29E ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:29:40.0187 3548 usbvideo - ok
02:29:40.0218 3548 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:29:40.0234 3548 VgaSave - ok
02:29:40.0265 3548 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:29:40.0281 3548 viaagp - ok
02:29:40.0328 3548 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
02:29:40.0328 3548 ViaIde - ok
02:29:40.0359 3548 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:29:40.0375 3548 VolSnap - ok
02:29:40.0406 3548 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:29:40.0421 3548 VSS - ok
02:29:40.0453 3548 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:29:40.0468 3548 W32Time - ok
02:29:40.0515 3548 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:29:40.0515 3548 Wanarp - ok
02:29:40.0609 3548 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
02:29:40.0625 3548 Wdf01000 - ok
02:29:40.0656 3548 WDICA - ok
02:29:40.0703 3548 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:29:40.0703 3548 wdmaud - ok
02:29:40.0781 3548 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:29:40.0796 3548 WebClient - ok
02:29:40.0906 3548 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:29:40.0921 3548 winmgmt - ok
02:29:40.0984 3548 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:29:41.0000 3548 WmdmPmSN - ok
02:29:41.0031 3548 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:29:41.0046 3548 WmiAcpi - ok
02:29:41.0093 3548 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:29:41.0093 3548 WmiApSrv - ok
02:29:41.0203 3548 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:29:41.0234 3548 WMPNetworkSvc - ok
02:29:41.0281 3548 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:29:41.0281 3548 WpdUsb - ok
02:29:41.0453 3548 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:29:41.0484 3548 WPFFontCache_v0400 - ok
02:29:41.0578 3548 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
02:29:41.0593 3548 wscsvc - ok
02:29:41.0609 3548 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:29:41.0625 3548 WSTCODEC - ok
02:29:41.0671 3548 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:29:41.0687 3548 wuauserv - ok
02:29:41.0765 3548 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:29:41.0765 3548 WudfPf - ok
02:29:41.0781 3548 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:29:41.0796 3548 WudfRd - ok
02:29:41.0828 3548 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:29:41.0843 3548 WudfSvc - ok
02:29:41.0906 3548 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:29:41.0921 3548 WZCSVC - ok
02:29:41.0984 3548 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:29:42.0000 3548 xmlprov - ok
02:29:42.0031 3548 ================ Scan global ===============================
02:29:42.0078 3548 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:29:42.0156 3548 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:29:42.0203 3548 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:29:42.0234 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:29:42.0250 3548 [Global] - ok
02:29:42.0250 3548 ================ Scan MBR ==================================
02:29:42.0281 3548 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
02:29:43.0562 3548 \Device\Harddisk0\DR0 - ok
02:29:43.0562 3548 ================ Scan VBR ==================================
02:29:43.0593 3548 [ 4551FCE0420EFD31BB86D83D17FE8A07 ] \Device\Harddisk0\DR0\Partition1
02:29:43.0609 3548 \Device\Harddisk0\DR0\Partition1 - ok
02:29:43.0609 3548 ============================================================
02:29:43.0609 3548 Scan finished
02:29:43.0609 3548 ============================================================
02:29:43.0640 2416 Detected object count: 1
02:29:43.0640 2416 Actual detected object count: 1
02:31:32.0906 2416 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:31:32.0906 2416 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:31:46.0406 1280 Deinitialize success

ken545
2014-04-05, 13:09
Good, your fine


Where going to run a fix with OTL, post the results from the fix and then run a new scan with OTL and post the new log. Take your time as I may be away until sometime tomorrow .

Make sure you get this all, it has to start with :OTL and end with [Reboot]

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net: C:\Program Files\LyricsSpeaker\120.xpi
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM
[2014/03/30 23:04:11 | 000,000,551 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\key-find.xml
O3 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Auction Auto Bidder] File not found
[2014/03/30 23:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\key-find
[2014/03/30 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

autographshark
2014-04-05, 20:29
OTL logfile created on: 4/5/2014 12:46:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kenneth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 234.68 Mb Available Physical Memory | 23.12% Memory free
2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 101.74 Gb Free Space | 68.26% Space Free | Partition Type: NTFS

Computer Name: PC801713467250 | User Name: kenneth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kenneth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe (Sonic Solutions)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Documents and Settings\kenneth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmify6y.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\14040502\algo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RTS5121.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.SYS File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (AswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (tStLibG) -- C:\WINDOWS\system32\drivers\tStLibG.sys (StdLib)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (SysCow) -- C:\WINDOWS\system32\drivers\syscow32x.sys (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (Cam3820) -- C:\WINDOWS\system32\drivers\cam3820a.sys (CamVendor)
DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\WINDOWS\system32\drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\WINDOWS\system32\drivers\SaibIa32.sys (Sonic Solutions)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS358
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 00:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/03 14:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/03 14:56:04 | 000,000,000 | ---D | M]

[2012/05/07 15:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Extensions
[2014/04/03 01:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions
[2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis
[2009/03/18 16:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2013/07/31 09:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\QUICK_START@GMAIL.COM
[2014/04/01 00:32:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/12/05 05:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2014/02/03 14:55:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://att.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/04/05 11:45:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4397C3C-4801-45DB-97C8-078873CCB5F1}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/05 11:45:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/05 03:54:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2014/04/05 03:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Local Settings\Application Data\Microsoft Corporation
[2014/04/05 03:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2014/04/05 02:42:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kenneth\My Documents\OTL.exe
[2014/04/05 02:40:22 | 000,000,000 | ---D | C] -- C:\Pc Problems
[2014/04/05 02:33:04 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/05 02:33:04 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/04 00:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
[2014/04/03 12:28:58 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/03 12:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/03 01:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/03 01:29:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/02 10:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2014/04/02 10:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/04/02 10:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/04/01 01:02:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kenneth\My Documents\Dropbox
[2014/04/01 00:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\DropboxMaster
[2014/04/01 00:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/04/01 00:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Dropbox
[2014/04/01 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\Dropbox
[2014/04/01 00:32:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/01 00:09:40 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/03/12 00:55:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/03/12 00:55:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/03/12 00:55:49 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/03/12 00:55:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/03/12 00:55:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/03/12 00:55:47 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/03/12 00:55:46 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/03/12 00:55:45 | 006,022,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/03/12 00:55:44 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/03/12 00:55:43 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/03/12 00:55:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/01/12 09:18:55 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2012/08/24 01:47:33 | 026,822,384 | ---- | C] (Intuit) -- C:\Program Files\QuickBooksInstallDiagnosticTool.exe
[2012/08/09 01:32:18 | 006,785,285 | ---- | C] (KompoZer ) -- C:\Program Files\kompozer-0.8b3.en-US.win32.exe
[2012/07/24 02:49:15 | 052,249,417 | ---- | C] (www.AuctionListingCreator.com ) -- C:\Program Files\ListingFactory_2012_Setup.exe
[2012/07/10 12:39:18 | 001,982,061 | ---- | C] (Auctonic) -- C:\Program Files\Auctonic.exe
[2012/07/05 01:19:48 | 000,813,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2012/05/10 02:39:47 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2012/05/10 01:28:54 | 001,810,833 | ---- | C] (BrainWave) -- C:\Program Files\HCP.exe

========== Files - Modified Within 30 Days ==========

[2014/04/05 13:00:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINEUA.JOB
[2014/04/05 12:41:47 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/05 12:34:10 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2014/04/05 12:26:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\ADOBE FLASH PLAYER UPDATER.JOB
[2014/04/05 12:21:26 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/05 12:20:54 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2014/04/05 12:20:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADELOGONTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
[2014/04/05 12:20:28 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/05 12:20:27 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/05 12:19:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINECORE.JOB
[2014/04/05 12:19:47 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
[2014/04/05 12:19:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/05 12:18:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/05 12:18:52 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 11:45:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/04/05 10:31:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\DTReg.job
[2014/04/04 00:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kenneth\My Documents\OTL.exe
[2014/04/04 00:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
[2014/04/03 13:54:14 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 10:39:27 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/02 10:39:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\kenneth\My Documents\ERUNT.lnk
[2014/04/01 10:51:37 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/01 10:50:19 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
[2014/04/01 00:42:18 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/01 00:32:49 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/01 00:32:49 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/01 00:32:48 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/01 00:32:48 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/01 00:32:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/04/01 00:32:47 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/01 00:32:46 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/01 00:32:45 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/01 00:32:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/01 00:09:40 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/30 23:13:14 | 000,506,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/30 23:13:14 | 000,089,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/30 23:04:53 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/30 23:04:50 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/30 23:04:12 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/30 23:04:12 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/25 12:38:13 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/03/24 12:01:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADESCHEDULEDTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
[2014/03/18 13:52:32 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/12 07:29:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/12 07:29:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/12 07:25:25 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/12 03:07:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2014/04/05 03:53:09 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2014/04/05 02:41:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\kenneth\My Documents\ERUNT.lnk
[2014/04/02 10:39:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/02 10:19:13 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/01 10:51:36 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/01 01:02:31 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
[2014/03/31 23:38:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2014/03/31 23:38:22 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/03/18 11:59:39 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
[2014/03/18 11:59:39 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/06/20 03:20:35 | 012,570,054 | ---- | C] () -- C:\Program Files\hifsetup.zip
[2013/05/16 09:47:33 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/16 09:47:33 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/16 09:03:43 | 117,478,104 | ---- | C] () -- C:\Program Files\avast_free_antivirus_setup.exe
[2013/05/15 00:16:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/04 11:08:25 | 000,411,003 | ---- | C] ( ) -- C:\Program Files\PinBot-v1-3-Setup.exe
[2013/04/19 13:11:31 | 150,064,088 | ---- | C] () -- C:\Program Files\AFM Tutorial_Videos.zip
[2013/04/19 12:07:05 | 004,790,449 | ---- | C] () -- C:\Program Files\afm_v2_06.zip
[2013/04/16 02:58:50 | 001,271,683 | ---- | C] () -- C:\Program Files\inbox-profits.zip
[2013/04/15 01:48:21 | 000,474,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2420282109-1773090242-3309790634-1007-0.dat
[2013/04/15 01:31:24 | 050,947,546 | ---- | C] () -- C:\Program Files\Free_PLR_Products-dkas.zip
[2013/04/15 00:56:37 | 000,000,442 | ---- | C] () -- C:\Program Files\Shortcut to afm.lnk
[2013/04/14 17:30:56 | 086,167,160 | ---- | C] () -- C:\Program Files\PLR_Facebook_Fans_Stampede.zip
[2013/04/14 16:39:47 | 004,764,001 | ---- | C] () -- C:\Program Files\afm.zip
[2013/04/12 17:18:39 | 000,045,814 | ---- | C] () -- C:\Program Files\extension_1_0_5.crx
[2013/04/11 11:52:55 | 009,593,826 | ---- | C] () -- C:\Program Files\eBay_Social_Selling_Best_Practices[1].pdf
[2013/03/23 08:57:34 | 336,558,358 | ---- | C] () -- C:\Program Files\FanPage Store Generator.zip
[2013/03/22 18:59:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/02/17 14:57:54 | 000,111,115 | ---- | C] () -- C:\Program Files\STF_2013-02-17_1361127423957 GA 2012 return.pdf
[2013/02/17 14:56:08 | 000,164,764 | ---- | C] () -- C:\Program Files\FTF_2013-02-17_1361127298608 Fed 2012 return.pdf
[2013/02/17 14:53:23 | 000,024,649 | ---- | C] () -- C:\Program Files\2012 Ga refund.pdf
[2013/01/25 11:36:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\fusioncache.dat
[2012/12/13 03:36:13 | 000,361,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/14 01:49:14 | 000,246,364 | ---- | C] () -- C:\Program Files\2freechapters-silentsalesmachine-dot-com[1].pdf
[2012/08/24 11:56:00 | 000,012,314 | ---- | C] () -- C:\Documents and Settings\kenneth\.recently-used.xbel
[2012/08/15 01:55:26 | 000,016,839 | ---- | C] () -- C:\Program Files\Autograph Ebook cover 3.jpg
[2012/07/23 13:43:24 | 003,762,328 | ---- | C] () -- C:\Program Files\InternetBusinessBasics.zip
[2012/07/23 13:36:17 | 005,227,079 | ---- | C] () -- C:\Program Files\InternetMarketingFromA-Z.zip
[2012/07/23 11:02:34 | 000,609,436 | ---- | C] () -- C:\Program Files\spelloe_setup.exe
[2012/07/19 13:46:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2012/07/19 13:46:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2012/07/19 13:46:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2012/07/06 13:36:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 03:08:19 | 000,008,983 | ---- | C] () -- C:\Program Files\ETSY 089.jpg
[2012/07/06 03:08:18 | 000,061,506 | ---- | C] () -- C:\Program Files\ETSY 051.jpg
[2012/07/06 02:15:36 | 000,020,224 | ---- | C] () -- C:\Program Files\Green.jpg
[2012/07/06 01:45:58 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\kenneth\.gtk-bookmarks
[2012/07/05 12:00:34 | 018,117,717 | ---- | C] () -- C:\Program Files\GimPhoto-1.4.3_setup.exe
[2012/06/22 00:11:39 | 010,606,592 | ---- | C] () -- C:\Program Files\creator.msi
[2012/05/31 12:35:38 | 000,264,025 | ---- | C] () -- C:\Program Files\Cabinet-Repair-Vol-1-PDF.pdf
[2012/05/28 09:43:11 | 000,013,990 | ---- | C] () -- C:\Program Files\Turbo lister problems.csv
[2012/05/10 02:52:41 | 151,801,119 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
[2012/05/10 01:20:47 | 005,433,105 | ---- | C] () -- C:\Program Files\hifsetup.exe
[2012/05/10 01:13:47 | 007,589,922 | ---- | C] () -- C:\Program Files\kop-setup.zip
[2012/05/09 09:43:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\kenneth\Application Data\wklnhst.dat
[2012/05/07 16:08:40 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/05/07 14:02:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/05/01 19:21:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/15 01:53:42 | 006,624,351 | ---- | C] () -- C:\Program Files\twitter-marketing-bot.mp4
[2011/01/15 01:53:42 | 000,039,391 | ---- | C] () -- C:\Program Files\TwitterMarketingBot.png
[2011/01/15 01:53:40 | 000,071,852 | ---- | C] () -- C:\Program Files\Twitter Marketing Bot.ubot

========== ZeroAccess Check ==========

[2013/05/07 00:57:36 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@
[2013/05/07 00:57:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L
[2013/05/17 08:04:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U
[2013/05/07 00:57:54 | 000,000,928 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@
[2009/08/24 12:33:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/15 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/15 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Purity Check ==========



< End of report >

ken545
2014-04-06, 19:59
OK, just hang on I will be back on the forums in a few hours.

Did you not find the log from the fix ?

Is it present in all 3 browsers or just one in perticular

autographshark
2014-04-06, 20:20
I thought that was the recent log from the fix I posted above. It doesn't open the three browsers I set it for instead it opens only one with Key-Find a search browser.

autographshark
2014-04-06, 20:51
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net not found.
File C:\Program Files\LyricsSpeaker\120.xpi not found.
File C:\Program Files\mozilla firefox\searchplugins\key-find.xml not found.
Registry value HKEY_USERS\S-1-5-21-2420282109-1773090242-3309790634-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Auction Auto Bidder not found.
Folder C:\Documents and Settings\kenneth\Application Data\key-find\ not found.
Folder C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\kenneth\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\kenneth\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Andre

User: Default User

User: kenneth
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: user1

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Andre

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kenneth
->Temp folder emptied: 47748 bytes
->Temporary Internet Files folder emptied: 2185768 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 162417545 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 38754735 bytes

Total Files Cleaned = 194.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04062014_132620

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

autographshark
2014-04-06, 20:56
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net deleted successfully.
File C:\Program Files\LyricsSpeaker\120.xpi not found.
C:\Program Files\Mozilla Firefox\searchplugins\key-find.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2420282109-1773090242-3309790634-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Auction Auto Bidder deleted successfully.
C:\Documents and Settings\kenneth\Application Data\key-find\images folder moved successfully.
C:\Documents and Settings\kenneth\Application Data\key-find folder moved successfully.
C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\kenneth\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\kenneth\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Andre

User: Default User

User: kenneth
->Java cache emptied: 257498 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 13 bytes

User: user1

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Andre

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 57793 bytes

User: kenneth
->Temp folder emptied: 195953344 bytes
->Temporary Internet Files folder emptied: 20481093 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6487458 bytes
->Google Chrome cache emptied: 137366810 bytes
->Flash cache emptied: 60928 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1398893 bytes
->Flash cache emptied: 768 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 206923810 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6378 bytes

User: user1
->Temp folder emptied: 166033 bytes
->Temporary Internet Files folder emptied: 3845549 bytes
->Flash cache emptied: 808 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 625050868 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1074811743 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1460716 bytes
RecycleBin emptied: 3565514042 bytes

Total Files Cleaned = 5,569.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04052014_114528

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545
2014-04-06, 22:37
Thank you, thats what I was looking for.

You will need the 32 bit version of System Look

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
key-find
:filefind
key-find
:regfind
key-find

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

autographshark
2014-04-07, 03:48
SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 06/04/2014 by kenneth
Administrator - Elevation successful

========== folderfind ==========

Searching for "key-find"
C:\System Rollback Data\Restore\Archive\00000140\00000139\46\Target\Documents and Settings\kenneth\Application Data\key-find d------ [03:05 31/03/2014]
C:\System Rollback Data\Restore\Archive\00000140\00000139\46\Target\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\bin\Key-find d------ [03:01 31/03/2014]
C:\_OTL\MovedFiles\04052014_114528\C_Documents and Settings\kenneth\Application Data\key-find d------ [15:45 05/04/2014]

========== filefind ==========

Searching for "key-find"
No files found.

========== regfind ==========

Searching for "key-find"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command]
@=""C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144"
[HKEY_LOCAL_MACHINE\SOFTWARE\key-findSoftware]
[HKEY_LOCAL_MACHINE\SOFTWARE\key-findSoftware\key-findhp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
"DisplayName"="key-find uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
"UninstallString"="C:\Documents and Settings\kenneth\Application Data\key-find\UninstallManager.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
"DisplayIcon"="C:\Documents and Settings\kenneth\Application Data\key-find\UninstallManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\key-find uninstaller]
"Publisher"="key-find"

-= EOF =-

ken545
2014-04-07, 10:50
Before we remove anything, look in your Add Remove Programs in the Control Panel and see if key-find is listed and if so uninstall it. Let me know

ken545
2014-04-07, 11:19
Your latest log was showing an uninstaller, whether it uninstalls or not run this free tool called HitMan Pro 3.7

http://www.surfright.nl/en/home/

autographshark
2014-04-07, 20:00
I open the the control panel and then uninstall programs it was there had an edit or remove button. I clicked it and it claims it was already uninstalled. I clicked remove but didn't reboot yet. I'm downloading the Hitman pro but will wait for further instructions before moving forward. Let me know.
Ken

ken545
2014-04-07, 21:09
go ahead and run HitmanPro and post the log please

autographshark
2014-04-08, 16:05
I was so tired I fell asleep at the PC trying to run the program after work, Sorry! I didn't see the save log last night on the first scan. Today I ran a new scan and here is the second log.



HitmanPro 3.7.9.216
www.hitmanpro.com

Computer name . . . . : PC801713467250
Windows . . . . . . . : 5.1.3.2600.X86/2
User name . . . . . . : PC801713467250\kenneth
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-04-08 08:47:39
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 23

Objects scanned . . . : 761,823
Files scanned . . . . : 23,613
Remnants scanned . . : 213,936 files / 524,274 keys

Cookies _____________________________________________________________________

C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:pointroll.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:zedo.com

ken545
2014-04-08, 16:48
Hi,

I don't see Key-Find in the second Hitman scan so not sure if it was removed or not

Internet Explorer


Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons
Click on Search Providers
Highlite Key-Find and select Delete




Firefox


Open Firefox
Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
Highlite Key-Find and select Delete





Chrome


Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Key Find and select Delete




Then let me know if key find is still present

autographshark
2014-04-08, 20:46
I manged to get IE to accept the changes and it's slow loading but it goes to my set page.

Firefox the down arrow will not allow me to see anything but the current page which is Key-Find.

Google Chrome, I deleted it before from the settings so it doesn't show up in settings manage search engines but goes to Key-Find still upon opening Google Chrome. If I hit the home button it goes to my set home page then.

ken545
2014-04-08, 22:14
Lets set your browsers back to default



Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults






Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state







Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped

autographshark
2014-04-09, 08:44
That worked on IE and Firefox. I have an idea, what if we uninstall Google Chrome and re install it?

ken545
2014-04-09, 14:24
That may not work because when a program is installed most times its not completely uninstalled, there could be registry keys and what not still laying around part of key-find may be in there. It appears that this infection is making the rounds and a tutorial has been written for it, so far we / you have done pretty good, but lets do a couple of more things to make sure its completely gone

First where going to run rKill, this wont remove key-find but it will stop it from running so that the next program can remove it


Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.




1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.





Now you should download Emsisoft Anti-Malware (http://www.bleepingcomputer.com/download/emsisoft-antimalware/), which will clean the remnants of this infection for free. Please download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:


The download is fairly large, so please be patient while it downloads.
Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
Click the Freeware Mode
You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
Emsisoft Anti-Malware will now begin to update it's virus detections.
Please be patient as it may take a few minutes for the updates to finish downloading.
When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
Select the Deep scan
When its done click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.






We now need to clean up the various Windows shortcuts that have been hijacked by Key-Find Browser Hijacker .
To do this, please download Shortcut Cleaner (http://www.bleepingcomputer.com/download/shortcut-cleaner/) from the following web page and save it to your Windows desktop.



Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. When you have finished reviewing the log file, please close it and try setting Chome back to default as I posted previously


Any problems or questions let me know and also if key-find is gone

autographshark
2014-04-09, 18:59
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/09/2014 11:55:11 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@ [ZA File]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@ [ZA File]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\@ [ZA File]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\L\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\ [ZA Dir]

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/09/2014 11:57:14 AM
Execution time: 0 hours(s), 2 minute(s), and 3 seconds(s)

ken545
2014-04-09, 19:33
Good, it found entries for the Zero Access Rootkit but we ran TDSSKiller and it didnt find it, those entries are in the recycle bin and are harmless and we can deal with this later, there is no rootkit involved here

Go ahead and run the next two programs in the order I posted please, first Emsisoft and then the shortcut cleaner

autographshark
2014-04-09, 20:38
Emsisoft anti-malware stated it's trail had been used on this PC. After running Shortcut Cleaner we have success! Reset Goggle Chrome and re opened with and Key-Find was gone. Don't forget I'm running XP and need to see if I can upgrade to Windows 7. Here is the Shortcut Cleaner Log.

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Microsoft Windows XP Service Pack 3
Program started at: 04/09/2014 01:22:07 PM.

Scanning for registry hijacks:

* HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "@" hijacked!

* HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "@" hijacked!

Backup Registry file created at:
C:\Documents and Settings\kenneth\Desktop\sc-cleaner\sc-cleaner-04-09-2014-01-22-07.reg

Searching for Hijacked Shortcuts:

Searching C:\Documents and Settings\kenneth\Start Menu\

* Shortcut Cleaned: C:\Documents and Settings\kenneth\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

* Shortcut Cleaned: C:\Documents and Settings\kenneth\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

Searching C:\Documents and Settings\All Users\Start Menu\

* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

Searching C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\

* Shortcut Cleaned: C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

* Shortcut Cleaned: C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

Searching C:\Documents and Settings\All Users\Desktop\

* Shortcut Cleaned: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144

Searching C:\Documents and Settings\kenneth\Desktop


8 bad shortcuts found.

Program finished at: 04/09/2014 01:22:18 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

ken545
2014-04-09, 20:57
Good,

Glad we got rid of that pest :)

Go back to my post # 4 and I linked you to the Win 7 advisor. If it says you can upgrade let me know and I can link you to one of our sister sites that can help you with the upgrade, if it says its not compatible than your just going to have to live with it . You can look around Amazon or eBay for an OEM version of Win 7 upgrade

Let me know how it went

autographshark
2014-04-10, 09:49
Windows 7 Upgrade Advisor Report
Computer Name:
Operating System: Windows XP Professional
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Memory: 1.0 GB

System Details
Custom installation required You'll need to perform a custom installation of 32-bit Windows 7 and then reinstall your programs. Make sure to back up your files before you begin.
Go online to get important information about installing Windows 7 on a PC running Windows XP
Outlook Express This program is no longer included in Windows 7. You can get similar programs for Windows 7 from other software manufacturers.
Go to the Microsoft website to learn more
More info from Hewlett-Packard Hewlett-Packard has a website that might give you more information about getting Windows 7 running on your PC.
Visit the Hewlett-Packard website
Windows Aero support Your graphics adapter supports the Windows Aero user interface.
Go online to learn more about Windows Aero
CPU speed: 1.6 GHz Your CPU meets the 1 GHz minimum requirement.
1.0 GB of RAM Your PC meets the 1 GB minimum requirement.
99.6 GB free space available on C: Your hard disk meets the minimum requirement of 16 GB free space for 32-bit Windows 7.

Devices Status Details
Atheros AR8132 PCI-E Fast Ethernet Controller
Atheros Compatible This device is compatible with Windows 7.
Broadcom 802.11b/g WLAN
Broadcom Compatible This device is compatible with Windows 7.
Canon MG3200 series Printer
Canon Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
HP Webcam-50
Alcor Compatible This device is compatible with Windows 7.
IDT High Definition Audio CODEC
IDT Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
KODAK ESP 3200 Series AiO
Eastman Kodak Company Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Mobile Intel(R) 945 Express Chipset Family
Intel Corporation Compatible This device is compatible with Windows 7.
Mobile Intel(R) 945 Express Chipset Family
Intel Corporation Compatible This device is compatible with Windows 7.
USB Mass Storage Device
Compatible USB storage device Compatible This device is compatible with Windows 7.

Programs Status Details
Advanced Registry Optimizer
version 5.3
Sammsoft Update available We don't have compatibility information about this version of the program.
Get an update to a compatible version
HP BatteryCheck 2.10 A2
version 2.10 A2
Hewlett-Packard Company Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
HP QuickSync
version 5.1.234.4788
Hewlett-Packard Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
QuickBooks Pro 2006 Paid update available We don't have compatibility information about this version of the program.
Get a paid update to a compatible version
Windows Live Sign-in Assistant
version 5.000.818.5
Microsoft Corporation Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
Windows Live Essentials
version 14.0.8117.0416
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A free update to a newer version is also available.
Get the free update
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2005 Redistributable
version 8.0.61001
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
version 9.0.30729.6161
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Roxio BackOnTrack
version 1.3.0
Roxio This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Office Enterprise 2007
version 12.0.6612.1000
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A paid update to a newer version is also available.
Get the paid update
Learn more about the Compatible with Windows 7 logo
Microsoft Works
version 9.7.0621
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A paid update to a newer version is also available.
Learn more about the Compatible with Windows 7 logo
Adobe Reader 9.5.5 MUI
version 9.5.5
Adobe Systems Incorporated Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Adobe Shockwave Player 11.5
version 11.5.2.602
Adobe Systems, Inc. Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Java 7 Update 51
version 7.0.510
Oracle Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 1.1 Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 2.0 Service Pack 2
version 2.2.30729
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
OpenOffice.org 3.4
version 3.4.9590
OpenOffice.org Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Windows Internet Explorer 8
version 20090308.140743
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Active@ ISO Burner
version 2.5.1
LSoft Technologies Compatible This program is compatible with Windows 7.
Canon Easy-WebPrint EX
version 1.3.5.0
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Network Scanner Selector EX
‎Canon Inc.‬ Compatible This program is compatible with Windows 7.
Canon IJ Network Tool
version 3.1.0
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Scan Utility
‪Canon Inc.‬ Compatible This program is compatible with Windows 7.
Canon My Printer
version 3.0.0
Canon Inc. Compatible This program is compatible with Windows 7.
Emsisoft Anti-Malware
version 8.1
Emsisoft GmbH Compatible This program is compatible with Windows 7.
ERUNT 1.1j
Lars Hederer Compatible This program is compatible with Windows 7.
GoogleToolbarNotifier
version 4.1.509.1944
Google Inc. Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.0 Service Pack 2
version 3.2.30729
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.5 SP1
version 3.5
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Client Profile
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Extended
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Live Search Toolbar
version 3.0.560.0
Microsoft Live Search Toolbar Compatible This program is compatible with Windows 7.
Microsoft Office PowerPoint Viewer 2007 (English)
version 12.0.6612.1000
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Silverlight
version 5.1.30214.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft SQL Server 2005 Compact Edition [ENU]
version 3.1.0000
Microsoft Corporation Compatible This program is compatible with Windows 7.
Mobipocket Reader 6.2
version 6.2.608
Mobipocket.com Compatible This program is compatible with Windows 7.
RealPlayer
version 16.0.3
RealNetworks Compatible This program is compatible with Windows 7.
Turbo Lister 2
version 2.00.0000
eBay Inc. Compatible This program is compatible with Windows 7.
Windows 7 Upgrade Advisor
version 2.0.5000.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Live Sync
version 14.0.8117.416
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Live Upload Tool
version 14.0.8014.1029
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Media Player 11 Compatible This program is compatible with Windows 7.

Windows XP Mode is an optional feature available in Windows 7 Professional and Windows 7 Ultimate that has extra system requirements.
Visit the Windows XP Mode website for more information
Requirement Details
Virtualization technology not supported Your PC does not support hardware assisted virtualization technology.
1.0 GB of RAM Your PC memory doesn't meet the 2 GB requirement for running Windows XP Mode on 32-bit Windows 7. When running XP Mode, you might experience poor performance.
Extra 15 GB of free space Your PC meets the minimum requirement of 15 GB extra space for installing and running Windows XP Mode.

ken545
2014-04-10, 12:27
Good Morning,

Looks like your good to go with Windows 7. Don't know if you know about the difference between 32 and 64 bit operating system, it has to do with the file structure and how your hard drive is formatted and stores files, the newer computers are all 64 bit which supports large hard drives. I upgraded my laptop from Vista to Win 7 32 bit a few years ago and its still running just fine. If you do a upgrade I believe it saves your settings and restores them, a clean install is always better but costs a bit more. Before you run out and buy either the full version or an upgrade lets let the experts at Whatthetech guide you through it.



www.whatthetech.com
You can go here and register, like Safer Networking its free , after your registered then go to there windows forum and post, just tell them you want to upgrade to Win 7 from XP, let them know you have not purchased Win 7 yet and ask them what they suggest, an upgrade or clean install. When you post also post the win 7 upgrade advisor report so they can see where you stand

Windows Forum
http://forums.whatthetech.com/index.php?showforum=119


Whatever way you go you should always back up any important files or pictures that you don't want to lose, you can get a nice external hard drive from Seagate at Costco, don't quote me but there around $50 or so, you should have one anyway in case of hard drive failure in the future


This is where I leave you as we just do malware removal on this forum, good luck in whatever you decide to do


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

autographshark
2014-04-10, 18:14
Hi, Ken from one Ken to another I would like to say thanks so much for your time and patience in this matter! I may have to get my wife's notebook cleaned and upgraded to windows 7 also. Again many thanks.
Ken:yahoo:

ken545
2014-04-10, 18:32
Your very welcome. Just start a new topic for your wife's notebook and provide a DDS and aswMBR log and one of us can take a look at it


Take care,

Ken