Author Topic: Pop ups after possible fake adobe update alert  (Read 18442 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20668
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #30 on: July 21, 2013, 06:54:49 PM »
Considering the time you get off work, I'll be offline by then so if you need to catch up on your sleep, that is definitely a priority.  What I'm addressing here are remnants so not a great concern.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #31 on: July 22, 2013, 01:51:22 AM »
I changed the default search in google chrome to google and removed the conduit search engine.

I uninstalled regcure as well.

Here is the OTL fix log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3522C04-B9DB-4C57-AA22-929092423BDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}\ deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE folder moved successfully.
C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
C:\Windows\SysNative\Drivers\avgtpx64.sys moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
File PTYTEMP] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 07212013_194321

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I will rerun OTL and post the log shortly.

4

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #32 on: July 22, 2013, 01:58:19 AM »
Here is the new OTL quick scan log:

OTL logfile created on: 7/21/2013 7:52:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ashley\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 3.05 Gb Available Physical Memory | 78.71% Memory free
4.57 Gb Paging File | 3.74 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.47 Gb Total Space | 397.60 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 22.52 Gb Total Space | 2.74 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
 
Computer Name: SKAIA | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 02:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/12 12:56:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 19:18:24 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/01 04:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 04:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/16 19:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/04 00:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 00:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/08 13:17:56 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/03 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 23:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 19:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - Extension: RealDownloader = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
 
O1 HOSTS File: ([2013/07/18 17:08:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/21 19:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/19 12:16:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 10:45:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2013/07/18 16:49:25 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/17 10:40:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/17 10:40:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/17 10:40:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/07/17 10:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/17 10:39:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 10:38:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/17 10:38:20 | 005,091,168 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/17 09:37:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/17 01:07:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/16 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/16 22:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004
[2013/07/16 21:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Malwarebytes
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 21:40:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/16 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/16 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Programs
[2013/07/16 21:38:29 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:49 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 20:39:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Youcam
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\CyberLink
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CyberLink
[2013/07/14 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Add-in Express
[2013/07/14 11:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny Media Player
[2013/07/14 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiny Media Player
[2013/07/14 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Pokki
[2013/07/14 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CRE
[2013/07/13 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Mozilla
[2013/07/13 12:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/07/13 12:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/07/13 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Paint.NET
[2013/07/13 12:12:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/12 21:12:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/07/12 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Adobe
[2013/07/12 12:47:04 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\hpqlog
[2013/07/12 00:03:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Skype
[2013/07/12 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/12 00:02:49 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/07/12 00:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/12 00:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/12 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/07/12 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\DefineExt
[2013/07/11 23:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Real
[2013/07/11 23:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\RealNetworks
[2013/07/11 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/07/11 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/11 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/07/11 23:58:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/11 23:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/07/11 23:57:39 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Real
[2013/07/11 23:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/11 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Google
[2013/07/11 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/11 23:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Macromedia
[2013/07/11 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/07/11 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
[2013/07/11 21:02:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Hewlett-Packard
[2013/07/11 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Hewlett-Packard
[2013/07/11 19:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CrashDumps
[2013/07/11 19:54:21 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Diagnostics
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Searches
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Contacts
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/11 19:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/11 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Adobe
[2013/07/11 19:44:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/07/11 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Synaptics
[2013/07/11 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Power2Go8
[2013/07/11 19:42:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/07/11 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\VirtualStore
[2013/07/11 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Packages
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Temporary Internet Files
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Templates
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Start Menu
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\SendTo
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Recent
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\PrintHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\NetHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Videos
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Pictures
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Music
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\My Documents
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Local Settings
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\History
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Cookies
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Application Data
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Application Data
[2013/07/11 19:41:01 | 000,000,000 | --SD | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Desktop
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/11 19:41:01 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\AppData
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Videos
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Saved Games
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Pictures
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Music
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Links
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Favorites
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Downloads
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Documents
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.system.package.metadata
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.applications.package.appdata
[2013/07/11 19:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/21 19:49:33 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/21 19:49:33 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/21 19:49:33 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/21 19:46:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/21 19:45:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/21 19:44:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/21 19:44:18 | 3333,857,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 12:18:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 12:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 10:54:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/19 10:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/18 17:08:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/18 17:00:47 | 005,091,168 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/18 16:49:25 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/18 16:43:53 | 000,662,345 | ---- | M] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:51 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:38:06 | 000,001,268 | ---- | M] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 09:37:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/16 23:51:28 | 000,000,173 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:38:34 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:55 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 21:31:59 | 000,891,022 | ---- | M] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | M] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/15 18:00:01 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/13 12:21:46 | 000,002,283 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/12 21:35:02 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 00:02:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/07/11 23:58:00 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 19:53:14 | 000,001,428 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/18 16:43:53 | 000,662,345 | ---- | C] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:42 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:44:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/07/17 16:44:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/17 16:38:06 | 000,001,268 | ---- | C] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 13:31:34 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/17 10:40:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/17 10:40:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/17 10:40:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/17 10:40:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/17 10:40:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/16 23:51:07 | 000,000,173 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:31:58 | 000,891,022 | ---- | C] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | C] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/13 18:44:17 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/13 18:44:16 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/13 12:16:28 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/12 12:56:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/12 11:03:00 | 000,000,482 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/12 00:02:49 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/07/11 23:57:38 | 000,002,283 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/11 23:57:37 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 23:57:26 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 23:57:25 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 19:53:14 | 000,001,428 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/11 19:44:56 | 000,001,434 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/11 19:44:34 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/07/11 19:44:31 | 000,002,358 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
[2013/07/11 19:41:52 | 000,000,352 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/11 19:41:52 | 000,000,334 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/08 13:18:04 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/08/08 13:17:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 13:17:52 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/03 15:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012/08/17 10:48:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/11 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >


4

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20668
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #33 on: July 22, 2013, 02:11:37 PM »
Finally!  That was what I wanted to see. 

Let's clean up.  Please pay close attention to the following instructions.  It is important to remove the programs used because having older versions are useless without the updates and can result in serious problems.

1.  Please remove the programs you used before seeking help.  This includes TDSSKiller.  Note also that there is no official "portable" version of Malwarebytes.   It is against the EULA to "create derivative works of the Software".   

2.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


3.  Please do the following to uninstall AdwCleaner.
  •   Double-click AdwCleaner.exe to run the tool.
  •   Click Uninstall
  •   Confirm with yes
4.  Finally, OTL CleanUp will handle the remaining programs.
  • Double-click OTL.exe to run it.  (Windows Vista and Windows 7 users: Right-click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.)
  • Press the CleanUp button.
  • When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

I know you have "lectured" your family members about the importance of paying attention when installing programs for those hidden extras.  Please also explain that there are no magic fixes, including registry cleaners and optimizers.  In addition, please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #34 on: July 25, 2013, 02:41:05 AM »
Hi Corrine,

I removed all the programs as you instructed and created a new restore point.

Since I removed the free trial Norton that came with the laptop I am trying to start windows defender but I am having issues. I find it in services but I can not set it to automatic and I can not start the service.

4

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #35 on: July 25, 2013, 02:51:08 AM »
Scratch that , I got it to work.

Not familiar with windows 8 too much and the navigation is a bit different but it is on now.

Thank you so much for you assistance Corrine.

Well off to my next project.

4

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20668
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #36 on: July 25, 2013, 12:53:35 PM »
You're welcome.  I am happy I was able to help. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #37 on: July 25, 2013, 04:28:40 PM »
Never a doubt.

Thanks again.  :goodie:

From this experience and reading many other threads I take it that even after someone removes a program and what not there tends to be some remnants that require more intricate tools such as Combofix or OTL to completely remove them.

Is this because those remnants could rise again and/or still cause issues?

4

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20668
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups after possible fake adobe update alert
« Reply #38 on: July 25, 2013, 06:14:51 PM »
It depends on what remnants are left behind.  Although I preach against Registry Cleaners, when adware/malware leaves a remnant behind in the registry, I prefer to see it safely removed.  In addition, the appdata folder replaces Document and Settings seen in Windows XP.  It contains data such as program settings, toolbar settings, temporary files created by applications, etc.  For that reason, I prefer to remove those remnants as well.  Without examining them closer, it appeared on your niece's computer that those folders were empty, however, I stubbornly wanted them gone.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline 4on4off

  • Full Member
  • ***
  • Posts: 54
    • View Profile
Re: Pop ups after possible fake adobe update alert
« Reply #39 on: July 25, 2013, 07:20:17 PM »
That makes sense and I know what you mean.

Sometimes I will help someone out and run it through the gauntlet and think it is all good but still have something like mywebsearch application or conduit search protect show up on a final comb over with ESET for example.

4