seabeetodd

I think I solved the problem. Couldn't find away to delete my previous post.

I had some infections on my computer. I was getting pop ups to speed up my PC. I ran an ESET on line scan and it got rid of several infections. The chrome home page is still "https://www.yahoo.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Todd\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Bible) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2013-10-15]CHR Extension: (Google Docs) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]CHR Extension: (Google Drive) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]CHR Extension: (BeFunky Photo Editor) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-10-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]CHR Extension: (YouTube) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]CHR Extension: (Spotify - Music for every moment) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-10-15]CHR Extension: (Google Search) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]CHR Extension: (Netflix) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-12-16]CHR Extension: (Google+) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-10-15]CHR Extension: (Google Calendar) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-15]CHR Extension: (Pandora) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-10-15]CHR Extension: (No Name) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjfiaeaopgmgbenipljajjipecobmbni [2015-03-03]CHR Extension: (AdBlock) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-15]CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-10-15]CHR Extension: (Flixster) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2013-10-15]CHR Extension: (Crackle) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-10-15]CHR Extension: (Google Play Music) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-10-15]CHR Extension: (Counter Strike) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilcogonmhbkicdbmkopaihjfkdpbmclk [2013-10-15]CHR Extension: (Google Play) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-10-15]CHR Extension: (Webcam Toy) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-10-15]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]CHR Extension: (Google Maps) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-15]CHR Extension: (Dictionary.com Spanish!) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjeoplfnbghcdcjmegbolhgikciockpo [2013-10-15]CHR Extension: (Fantasy on Yahoo! Sports) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchojkpkbofjpjiahnabhbofpeaipjpo [2013-10-15]CHR Extension: (Google Wallet) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]CHR Extension: (Scientific Calculator) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2013-10-15]CHR Extension: (Weather Underground) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-10-15]CHR Extension: (Gmail) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]CHR Extension: (Canvas Rider) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-10-15]CHR HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Todd\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]CHR HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - C:\Users\Todd\AppData\Local\CRE\bdhffggcfjnkigeciffmipblemhphbjl.crx [Not Found]CHR HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - C:\Users\Todd\AppData\Local\CRE\bdhffggcfjnkigeciffmipblemhphbjl.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WhiteSmokeTranslator [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)R2 f8794fcc; c:\Program Files (x86)\Optimizer Pro 3.52\OptProMon.dll [2018856 2015-03-03] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2013-04-10] (Hauppauge Computer Works, Inc.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2011-10-04] (MCCI Corporation)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [28160 2011-10-04] ()S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [21760 2011-10-04] (Via Telecom, Inc.)S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]S3 motmodem; system32\DRIVERS\motmodem.sys [X]S3 motport; system32\DRIVERS\motport.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 02:29 - 2015-03-04 02:30 - 00000000 ____D () C:\FRST2015-03-04 02:03 - 2015-03-04 02:04 - 00039936 ___SH () C:\Users\Todd\Documents\Thumbs.db2015-03-04 01:54 - 2015-03-04 01:54 - 00010395 _____ () C:\Users\Todd\Desktop\esat.txt2015-03-03 12:47 - 2015-03-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller2015-03-03 12:47 - 2015-03-03 12:47 - 00000000 ____D () C:\Program Files\RogueKiller2015-03-03 12:36 - 2015-03-03 12:36 - 17308648 _____ (Adlice Software ) C:\Users\Todd\Downloads\setup (3).exe2015-03-03 12:34 - 2015-03-03 12:38 - 32167704 _____ (VideoLan ) C:\Users\Todd\Downloads\Unconfirmed 325446.crdownload2015-03-03 12:33 - 2015-03-03 12:34 - 32167704 _____ (VideoLan ) C:\Users\Todd\Downloads\Unconfirmed 361550.crdownload2015-03-03 11:55 - 2015-03-03 11:55 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys2015-03-03 11:23 - 2015-03-03 17:42 - 00003248 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule2015-03-03 11:23 - 2015-03-03 11:23 - 00000000 ____D () C:\Users\Todd\Documents\Optimizer Pro2015-03-03 11:23 - 2015-03-03 11:23 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Optimizer Pro2015-03-03 11:22 - 2015-03-04 01:34 - 00000000 ____D () C:\ProgramData\{ae184d41-ab4e-a92a-ae18-84d41ab43506}2015-03-03 11:22 - 2015-03-04 01:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.522015-03-03 11:22 - 2015-03-03 11:25 - 00000000 ____D () C:\Users\Todd\AppData\Local\5767C1E2-0B84-8449-95A7-9B339FFF32C82015-03-03 11:22 - 2015-03-03 11:22 - 00001061 _____ () C:\Users\Todd\Desktop\Optimizer Pro.lnk2015-03-03 11:22 - 2015-03-03 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.22015-03-03 11:19 - 2015-03-03 11:19 - 00000000 ____D () C:\ZombieInvasion2015-03-03 11:15 - 2015-03-03 11:15 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Yahoo!2015-03-03 11:12 - 2015-03-03 11:12 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E72015-03-03 10:51 - 2015-03-04 01:34 - 00000000 ____D () C:\Program Files (x86)\69de1081-6b06-4427-9b8d-71274ac913452015-03-03 10:51 - 2015-03-03 11:55 - 00000000 ____D () C:\ProgramData\VWiPEnfX2015-03-03 10:50 - 2015-03-03 11:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate2015-03-03 10:50 - 2015-03-03 10:50 - 00000000 ____D () C:\Users\Todd\AppData\Local\globalUpdate2015-03-03 10:45 - 2015-03-03 11:22 - 00000000 ___HD () C:\Users\Public\Temp2015-03-03 10:45 - 2015-03-03 11:05 - 00000000 ____D () C:\ProgramData\Yahoo!2015-03-03 10:45 - 2015-03-03 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger2015-03-03 10:43 - 2015-03-03 10:43 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup2015-03-03 10:43 - 2015-03-03 10:43 - 00003192 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start2015-03-03 10:43 - 2015-03-03 10:43 - 00001931 _____ () C:\Users\Todd\Desktop\Sync Folder.lnk2015-03-03 10:43 - 2015-03-03 10:43 - 00000000 ____D () C:\Users\Todd\Documents\ProPCCleaner2015-03-03 10:43 - 2015-03-03 10:43 - 00000000 ____D () C:\Users\Todd\AppData\Local\Pro_PC_Cleaner2015-03-03 10:42 - 2015-03-03 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip2015-03-02 19:18 - 2015-03-02 19:18 - 00582815 _____ () C:\Users\Todd\Downloads\Better Sprinting Mod Installer 1.7.10.zip2015-03-01 19:56 - 2015-03-01 19:59 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\.technic2015-03-01 12:47 - 2015-03-01 12:47 - 09539377 _____ () C:\Users\Todd\Downloads\Metro 3.3.zip2015-03-01 11:58 - 2015-03-01 11:58 - 31848645 _____ () C:\Users\Todd\Downloads\1.5k Pack #1.zip2015-03-01 11:58 - 2015-03-01 11:58 - 26003532 _____ () C:\Users\Todd\Downloads\1.5k Pack #2.zip2015-02-24 21:03 - 2015-02-24 21:03 - 00000020 _____ () C:\Users\Todd\Desktop\0 5.rar2015-02-16 21:02 - 2015-03-03 11:10 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForTodd.job2015-02-16 21:02 - 2015-03-02 19:03 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTodd2015-02-16 15:11 - 2015-02-16 15:11 - 00000000 ____D () C:\Users\Todd\Documents\Adobe2015-02-16 15:10 - 2015-02-16 15:10 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\PDAppFlex2015-02-16 15:09 - 2015-02-16 15:09 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk2015-02-16 15:06 - 2015-02-16 15:06 - 02692066 _____ () C:\Users\Todd\Downloads\amtlib.framework_CC_2014.zip2015-02-16 15:05 - 2015-02-16 15:05 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Todd-PC-Todd2015-02-16 14:52 - 2015-02-16 14:52 - 00001224 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk2015-02-16 14:48 - 2015-02-16 15:09 - 00000000 ____D () C:\Program Files\Adobe2015-02-16 14:48 - 2015-02-16 15:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe2015-02-16 14:40 - 2015-02-16 14:40 - 00000000 ___RD () C:\Users\Todd\Creative Cloud Files2015-02-16 14:39 - 2015-02-16 14:39 - 00001271 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk2015-02-16 14:34 - 2015-02-16 14:34 - 00672944 _____ (Adobe Systems Incorporated) C:\Users\Todd\Downloads\CreativeCloudSet-Up (1).exe2015-02-15 20:54 - 2015-02-15 20:54 - 22044402 _____ () C:\Users\Todd\Downloads\Intro Template V.1 by CarrierGraphics (1).rar2015-02-14 17:14 - 2015-02-16 15:19 - 00180224 ___SH () C:\Users\Todd\Desktop\Thumbs.db2015-02-14 12:13 - 2015-02-16 15:05 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2015-02-14 12:10 - 2015-02-14 12:10 - 00000959 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk2015-02-14 11:54 - 2015-02-14 12:01 - 1046848182 _____ () C:\Users\Todd\Downloads\Adobe After Effects CS6.rar2015-02-14 11:35 - 2015-02-14 11:35 - 22044402 _____ () C:\Users\Todd\Downloads\Intro Template V.1 by CarrierGraphics.rar2015-02-14 11:20 - 2015-02-14 11:22 - 347568958 _____ () C:\Users\Todd\Downloads\C4D R15 64Bit (1).zip2015-02-14 10:52 - 2015-02-14 10:55 - 347568958 _____ () C:\Users\Todd\Downloads\C4D R15 64Bit.zip2015-02-13 19:14 - 2015-02-14 11:27 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\MAXON2015-02-13 18:38 - 2015-02-13 18:39 - 106555276 _____ () C:\Users\Todd\Downloads\Cinema 4D R14 FREE - iMrSmithz.rar2015-02-13 18:34 - 2015-02-13 18:35 - 205889423 _____ () C:\Users\Todd\Downloads\~crowed template v.1.zip2015-02-13 18:28 - 2015-02-13 18:28 - 00245075 _____ () C:\Users\Todd\Downloads\Intro Template #1 by Nasse.zip2015-02-06 07:39 - 2015-02-06 07:39 - 00031744 _____ () C:\Users\Todd\Downloads\2015_St_James_Boys_Bracket.xls2015-02-05 14:16 - 2007-12-19 15:25 - 08523776 _____ (Ubisoft) C:\Users\Todd\Desktop\SH4Autorun.exe2015-02-04 15:01 - 2015-02-04 15:01 - 00000000 ____D () C:\Users\Todd\Documents\SH42015-02-04 14:54 - 2015-03-03 11:55 - 00000000 ____D () C:\Windows\Downloaded Installations2015-02-04 14:42 - 2015-02-04 14:42 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2015-02-04 14:41 - 2015-02-04 14:41 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\InstallShield ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 02:30 - 2012-05-31 08:42 - 00000000 ____D () C:\Users\Todd\Desktop\Security2015-03-04 02:22 - 2012-02-28 00:07 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job2015-03-04 02:20 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-03-04 02:20 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-03-04 02:16 - 2009-12-07 13:28 - 01524899 _____ () C:\Windows\WindowsUpdate.log2015-03-04 02:13 - 2013-02-08 09:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-04 02:13 - 2010-09-03 06:48 - 00000000 ____D () C:\Temp2015-03-04 02:12 - 2014-07-05 12:04 - 00085618 _____ () C:\Windows\setupact.log2015-03-04 02:12 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-04 02:04 - 2013-12-09 13:16 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job2015-03-04 02:02 - 2012-05-30 10:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-03-04 02:00 - 2010-03-08 09:42 - 00000000 ____D () C:\Users\Todd\AppData\Local\Adobe2015-03-04 01:45 - 2013-02-08 09:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-04 01:34 - 2013-06-12 14:53 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\PDF Writer Packages2015-03-04 01:34 - 2013-06-12 14:52 - 00000000 ____D () C:\Program Files (x86)\PDFCreator2015-03-03 22:04 - 2012-05-05 09:46 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Skype2015-03-03 18:04 - 2012-05-05 09:46 - 00000000 ____D () C:\ProgramData\Skype2015-03-03 18:03 - 2012-05-05 09:46 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-03-03 17:48 - 2012-02-28 00:07 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job2015-03-03 12:51 - 2013-09-27 11:07 - 00000000 ____D () C:\Users\Todd\Desktop\RK_Quarantine2015-03-03 12:48 - 2014-08-02 07:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-03 12:41 - 2014-07-13 08:02 - 00394092 _____ () C:\Windows\PFRO.log2015-03-03 11:49 - 2010-03-27 10:35 - 00000000 ____D () C:\Users\Todd\AppData\Local\CrashDumps2015-03-03 11:16 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-03 11:05 - 2013-05-17 11:29 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2015-03-03 10:50 - 2013-10-15 10:52 - 00001042 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-03-03 07:17 - 2010-03-01 13:15 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-03-02 19:34 - 2013-08-31 18:16 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\.minecraft2015-03-02 19:20 - 2013-01-10 20:59 - 00000000 ____D () C:\Users\Todd\Desktop\Brendon2015-03-02 19:03 - 2010-03-18 15:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2015-03-02 19:02 - 2010-03-18 15:15 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\HpUpdate2015-03-02 19:02 - 2010-03-18 15:15 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\HP Support Assistant2015-03-02 16:58 - 2013-10-29 20:00 - 00000000 ____D () C:\Users\Todd\Desktop\Rebecca2015-03-01 19:56 - 2014-04-29 18:55 - 04630296 _____ () C:\Users\Todd\Downloads\TechnicLauncher.exe2015-02-25 18:33 - 2010-03-01 13:00 - 00000000 ____D () C:\Users\Todd2015-02-24 10:17 - 2013-04-06 08:06 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-02-23 21:35 - 2014-02-27 18:33 - 00000000 ____D () C:\Users\Todd\AppData\Local\Paint.NET2015-02-23 07:35 - 2013-02-08 09:32 - 00000000 ___RD () C:\Users\Todd\Google Drive2015-02-17 16:32 - 2009-07-13 22:45 - 05155400 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-16 15:09 - 2014-04-14 15:50 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Sony2015-02-16 15:05 - 2010-03-01 13:08 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Adobe2015-02-16 15:04 - 2010-03-01 13:06 - 00126192 _____ () C:\Users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT2015-02-16 14:58 - 2010-03-08 09:44 - 00000000 ____D () C:\Program Files (x86)\Adobe2015-02-16 14:48 - 2010-03-08 09:43 - 00000000 ____D () C:\ProgramData\Adobe2015-02-16 14:38 - 2013-10-13 11:13 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-10 15:47 - 2011-11-01 07:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-02-07 14:15 - 2014-08-16 08:16 - 00000000 ____D () C:\Users\Todd\Desktop\Humbolt Transportation folder2015-02-05 14:17 - 2012-02-28 00:07 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA2015-02-05 14:17 - 2012-02-28 00:07 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core2015-02-05 05:59 - 2012-05-30 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 05:59 - 2012-05-30 10:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 05:59 - 2011-05-27 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-04 14:54 - 2014-10-05 07:16 - 00271331 _____ () C:\Windows\DirectX.log2015-02-04 14:42 - 2009-11-24 01:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-04 14:40 - 2013-02-08 09:31 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 14:40 - 2013-02-08 09:31 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2011-07-18 17:02 - 2011-09-05 10:38 - 0001854 _____ () C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml2013-08-24 09:08 - 2013-10-20 08:43 - 0101376 _____ () C:\Users\Todd\AppData\Roaming\RZR_0060bd324d2a887044aa181c7e0e.db2013-06-24 08:13 - 2013-09-07 13:47 - 0703117 _____ () C:\Users\Todd\AppData\Roaming\technic-launcher.jar2012-07-17 13:20 - 2012-07-17 13:20 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 528.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 542.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 775.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 886.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 997.txt2013-07-27 14:34 - 2014-12-21 07:53 - 0000166 _____ () C:\Users\Todd\AppData\Roaming\WB.CFG2013-06-16 02:00 - 2013-12-16 06:13 - 0000006 _____ () C:\Users\Todd\AppData\Roaming\WBPU-TTL.DAT2010-03-09 09:08 - 2013-07-31 10:25 - 0002920 _____ () C:\Users\Todd\AppData\Roaming\wklnhst.dat2015-01-25 10:12 - 2015-01-25 10:12 - 0001248 _____ () C:\Users\Todd\AppData\Roaming\WNDNK2012-08-14 11:57 - 2012-08-14 11:57 - 0027520 _____ () C:\Users\Todd\AppData\Local\dt.dat2010-04-23 21:21 - 2010-10-15 20:02 - 0000000 _____ () C:\Users\Todd\AppData\Local\prvlcl.dat2014-06-08 14:36 - 2014-06-08 14:36 - 0004510 _____ () C:\Users\Todd\AppData\Local\recently-used.xbel2013-01-10 20:27 - 2013-01-10 20:27 - 0007605 _____ () C:\Users\Todd\AppData\Local\Resmon.ResmonCfg2010-09-23 18:33 - 2010-09-23 18:33 - 2772410 _____ () C:\Users\Todd\AppData\Local\tmp011.JPG2011-02-02 20:46 - 2011-02-02 20:46 - 0290614 _____ () C:\Users\Todd\AppData\Local\tmp0804092050A.JPG2010-08-08 09:46 - 2010-08-08 09:46 - 0010622 _____ () C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.02010-08-08 09:46 - 2010-08-08 09:46 - 0009555 _____ () C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG2013-05-04 12:54 - 2013-05-04 13:02 - 0654113 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.02013-05-04 12:54 - 2013-05-04 13:02 - 0215275 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.12013-05-04 13:02 - 2013-05-04 13:02 - 0212002 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.22013-05-04 13:02 - 2013-05-04 13:02 - 0211403 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.32013-05-04 13:02 - 2013-05-04 13:02 - 0218417 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.JPG2012-04-27 07:34 - 2012-04-27 07:34 - 0438649 _____ () C:\Users\Todd\AppData\Local\tmpSPRING2012B.02012-04-27 07:34 - 2012-04-27 07:34 - 0167754 _____ () C:\Users\Todd\AppData\Local\tmpSPRING2012B.12012-04-27 07:34 - 2012-04-27 07:34 - 0172135 _____ () C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG2011-01-15 16:50 - 2014-03-30 17:30 - 0010199 _____ () C:\ProgramData\hpzinstall.log2010-03-27 10:36 - 2010-03-27 10:36 - 0000040 _____ () C:\ProgramData\ra3.ini Some content of TEMP:====================C:\Users\Todd\AppData\Local\Temp\63FF415C-83A3-01D8-A5EA-A978E42A64D1.dllC:\Users\Todd\AppData\Local\Temp\BSI.exeC:\Users\Todd\AppData\Local\Temp\ConsumerInputSetup.exeC:\Users\Todd\AppData\Local\Temp\jna4968507904991659701.dllC:\Users\Todd\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Todd\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exeC:\Users\Todd\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dllC:\Users\Todd\AppData\Local\Temp\_is442C.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 15:47 ==================== End Of Log ============================

I completed all of the steps and I downloaded WinPatrol. Everything seems to be working. Thank you for your time.

C:\FRST\Quarantine\rpeulaaql.exe a variant of Win32/Injector.AFVU trojan

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.04.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Todd :: TODD-PC [administrator] 5/4/2013 2:25:33 PM mbam-log-2013-05-04 (14-25-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230036 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:36:41 PM, on 5/4/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12224 bytes

Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Adobe Shockwave Player 11.5 AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update ARMA 2 ARMA 2: Operation Arrowhead ARMA 2: Operation Arrowhead Beta BufferChm C410 CameraHelperMsi Civilization IV Complete Command & Conquer™ Red Alert™ 3 Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe D3DX10 DC Universe Online Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DocProc DVD Menu Pack for HP MediaSmart Video erLT ESET Online Scanner v3 Fax Garry's Mod Global Agenda Google Chrome Google Drive Google Talk Plugin Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.2.1.1 HiJackThis HP Advisor HP Customer Experience Enhancements HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart/TouchSmart Netflix HP Odometer HP Photo Creations HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply Hulu Desktop Intel® Rapid Storage Technology Internet TV for Windows Media Center iSEEK AnswerWorks English Runtime Junk Mail filter update LabelPrint League of Legends LG USB Modem driver LightScribe System Software Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Microsoft Office PowerPoint Viewer 2007 (English) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 MotoHelper 2.0.45 Driver 5.0.0 MotoHelper MergeModules Movie Theme Pack for HP MediaSmart Video MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Manager MyHeritage Family Tree Builder Netflix in Windows Media Center NVIDIA PhysX OF Dragon Rising Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Localization Component OpenOffice.org 3.2 Origin PictureMover Power2Go PowerDirector PS_AIO_07_C410_SW_Min Quicken 2010 Quicken 2013 QuickTransfer Realtek High Definition Audio Driver Recovery Manager Revo Uninstaller 1.94 RLPrintPlugin ROBLOX Player for Todd Scan Search Protect by conduit Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sid Meier's Civilization 4 - Beyond The Sword Sid Meier's Civilization 4 - Colonization Sid Meier's Civilization 4 - Warlords Sid Meier's Civilization 4 Complete SimCity 4 Deluxe Six Updater Skype Click to Call Skype™ 6.3 SmartWebPrinting SolutionCenter SpeechRedist Status Steam Terraria The Sims Medieval The Sims™ 3 The Sims™ 3 Pets The Sims™ 3 Seasons The Sims™ 3 Supernatural Toolbox TrayApp Unreal Tournament 3 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables WebReg WildTangent Games App (HP Games) Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 beta 2 (32-bit) WolfQuest Zoo Tycoon 2 - Ultimate CollectionI hope this is the right one.

ComboFix 13-05-04.01 - Todd 05/04/2013 8:39.8.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6670 [GMT -5:00] Running from: c:\users\Todd\Desktop\Security\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Todd\AppData\Local\Temp\_MEI37082\_ctypes.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\_elementtree.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\_hashlib.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\_multiprocessing.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\_socket.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\_ssl.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\pyexpat.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\pysqlite2._sqlite.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\python27.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\pythoncom27.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\PyWinTypes27.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\select.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\unicodedata.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32api.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32com.shell.shell.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32crypt.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32event.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32file.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32inet.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32pdh.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32process.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32profile.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32security.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\win32ts.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\windows._cacheinvalidation.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._controls_.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._core_.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._gdi_.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._html2.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._misc_.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._windows_.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._wizard.pyd c:\users\Todd\AppData\Local\Temp\_MEI37082\wxbase294u_net_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\wxbase294u_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_adv_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_core_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_html_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_webview_vc90.dll . . ((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 ))))))))))))))))))))))))))))))) . . 2013-05-04 13:44 . 2013-05-04 13:44 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-04 13:44 . 2013-05-04 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-04 13:44 . 2013-05-04 13:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-05-04 05:52 . 2013-05-04 05:52 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData 2013-05-04 05:18 . 2013-05-04 05:18 -------- d-----w- C:\_OTL 2013-05-03 17:37 . 2013-05-03 17:37 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDE9A563-CB98-4ED9-9CFB-C15EC5FEE74B}\gapaengine.dll 2013-05-03 17:37 . 2013-04-10 01:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{293FAEAB-7BC4-4844-9109-6EDE463BFD43}\mpengine.dll 2013-05-03 17:35 . 2013-05-03 17:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-05-03 17:35 . 2013-05-03 17:36 -------- d-----w- c:\program files\Microsoft Security Client 2013-05-02 16:48 . 2013-05-02 16:48 -------- d-----w- C:\FRST 2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken 2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes 2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod 2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys 2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys 2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax 2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax 2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 15:29 . 2010-03-01 19:15 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 14:22 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-11 14:22 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] . c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392] R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-04 05:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41] . 2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31] . 2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31] . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07] . 2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07] . 2013-04-30 c:\windows\Tasks\HPCeeScheduleForTodd.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161 . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*] "datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0, c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\ "rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57 . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}] @Denied: (A 4) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe c:\windows\SysWOW64\schtasks.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Completion time: 2013-05-04 08:51:04 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-04 13:51 ComboFix2.txt 2013-05-03 15:20 ComboFix3.txt 2013-04-30 17:52 ComboFix4.txt 2013-04-28 02:56 ComboFix5.txt 2013-05-04 13:38 . Pre-Run: 742,175,211,520 bytes free Post-Run: 742,219,124,736 bytes free . - - End Of File - - 5C163895FB398583258F894A85AFE2F2

That seems to have taken care of it

When I start Chrome, I get an extra tab with the Conduit search. ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully. File Protocol\Handler\osf - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. Process cltmng.exe killed successfully! No active process named Program Files was found! No active process named Program Files was found! Service CltMngSvc stopped successfully! Service CltMngSvc deleted successfully! C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe moved successfully. HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{946CE4D3-15D1-4BAC-8962-8D80D6D40199}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946CE4D3-15D1-4BAC-8962-8D80D6D40199}\ not found. Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com deleted successfully. File C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OtShot deleted successfully. C:\Program Files (x86)\OtShot\otshot.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll deleted successfully. C:\Program Files (x86)\SearchProtect\bin\cltmng.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\bin\cltmng.exe moved successfully. C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully. C:\Program Files (x86)\Conduit folder moved successfully. C:\Users\Todd\AppData\Local\Conduit folder moved successfully. C:\Program Files (x86)\SearchProtect\ffprotect folder moved successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images folder moved successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd folder moved successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images folder moved successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd folder moved successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib folder moved successfully. C:\Program Files (x86)\SearchProtect\Dialogs folder moved successfully. C:\Program Files (x86)\SearchProtect\bin folder moved successfully. C:\Program Files (x86)\SearchProtect folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\ffprotect folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect\bin folder moved successfully. C:\Users\Todd\AppData\Roaming\SearchProtect folder moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot folder moved successfully. C:\Program Files (x86)\OtShot\signed folder moved successfully. Folder move failed. C:\Program Files (x86)\OtShot scheduled to be moved on reboot. C:\$RECYCLE.BIN\S-1-5-21-1413658493-208379941-2510509854-1001 folder moved successfully. C:\$RECYCLE.BIN folder moved successfully. C:\Users\Todd\AppData\Roaming\Mining folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Todd\Desktop\Security\cmd.bat deleted successfully. C:\Users\Todd\Desktop\Security\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User: Default User User: Public User: Todd ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Todd ->Flash cache emptied: 1966 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05042013_001831 Files\Folders moved on Reboot... C:\Program Files (x86)\OtShot folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

OTL logfile created on: 5/3/2013 1:59:52 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Desktop\Security 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.93 Gb Total Physical Memory | 6.80 Gb Available Physical Memory | 85.76% Memory free 15.86 Gb Paging File | 13.56 Gb Available in Paging File | 85.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.43 Gb Total Space | 689.98 Gb Free Space | 74.96% Space Free | Partition Type: NTFS Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Todd\Desktop\Security\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Users\Todd\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\OtShot\otshot.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe () PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\pysqlite2._sqlite.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_elementtree.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32api.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_socket.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32ts.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\windows._cacheinvalidation.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._gdi_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._misc_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\pythoncom27.dll () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32com.shell.shell.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\PyWinTypes27.dll () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32security.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_ctypes.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._html2.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_multiprocessing.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32profile.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32crypt.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._core_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_ssl.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._windows_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_hashlib.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._wizard.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32file.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32inet.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32process.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32pdh.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._controls_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32event.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\unicodedata.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\pyexpat.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\select.pyd () MOD - C:\Program Files (x86)\OtShot\otshot.exe () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {946CE4D3-15D1-4BAC-8962-8D80D6D40199} IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN95127956827181587&UM=2&UP=SP7163F834-DE9D-4FD8-9903-34960DEDC0A6 IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope = {946CE4D3-15D1-4BAC-8962-8D80D6D40199} IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{946CE4D3-15D1-4BAC-8962-8D80D6D40199}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN95127956827181587&UM=2 IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Todd\AppData\Local\Roblox\Versions\version-18d29ad623804580\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{182812ed-1c22-4e1f-9a8d-990282d594da}: C:\ProgramData\PC Performer Manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\FirefoxExtension [2012/09/06 10:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/04/24 20:52:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/01/19 17:47:28 | 000,085,184 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npRLPrint.dll [2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://search.conduit.com/?ctid=CT3286042&SearchSource=48&CUI=UN29634257901781914&UM=2 CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdklpjiiiehhjfjgicmefnefednelhed\1_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo\0.0.2_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\ O1 HOSTS File: ([2013/05/03 10:15:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe () O4 - HKLM..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [searchProtect] C:\Users\Todd\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 97.64.168.12 97.64.183.165 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/09/28 08:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2012/09/28 04:48:28 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/03 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\HPAppData [2013/05/03 12:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/05/03 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/05/03 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013/05/03 12:32:34 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Conduit [2013/05/03 12:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2013/05/03 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\SearchProtect [2013/05/03 12:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot [2013/05/03 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OtShot [2013/05/03 10:15:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/05/02 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Mining [2013/05/02 11:48:18 | 000,000,000 | ---D | C] -- C:\FRST [2013/04/27 21:46:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/27 16:16:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/27 16:16:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/27 16:13:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/27 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\RK_Quarantine [2013/04/25 09:58:07 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\2013-04 (Apr) [2013/04/19 09:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013 [2013/04/19 09:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken [2013/04/19 09:13:57 | 100,659,880 | ---- | C] (Intuit Inc. ) -- C:\Users\Todd\Desktop\QW13DLX.exe [2013/04/19 09:13:57 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Amazon Downloader Logs [2013/04/13 15:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/04/11 16:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/04/10 19:32:06 | 001,907,440 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\drivers\HCW85BDA.sys [2013/04/10 19:32:06 | 000,139,776 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85enc.ax [2013/04/10 19:32:06 | 000,110,592 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85prop.ax [2013/04/10 19:32:06 | 000,033,792 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir3.sys [2013/04/10 09:29:08 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 09:29:08 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 09:29:07 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 09:29:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 09:29:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 09:29:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 09:28:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 09:28:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 09:28:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 09:28:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/10 09:28:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/10 09:28:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/10 09:28:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/10 09:28:29 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 09:28:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 09:28:28 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 09:28:28 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 09:28:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 09:28:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/06 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Custom Office Templates [2013/04/06 09:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/04/06 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013/04/06 09:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013/04/06 09:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/03 13:58:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/03 13:50:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/03 13:06:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/03 13:06:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/03 13:05:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job [2013/05/03 13:04:09 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/03 13:04:09 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/03 13:04:09 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/03 13:02:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/03 12:58:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/03 12:58:24 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys [2013/05/03 12:36:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/05/03 12:32:50 | 000,000,000 | ---- | M] () -- C:\END [2013/05/03 10:15:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/02 18:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job [2013/04/30 12:46:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTodd.job [2013/04/28 09:50:49 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/04/27 12:34:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/25 09:41:02 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/25 09:41:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/19 09:23:45 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk [2013/04/19 09:23:44 | 000,000,171 | ---- | M] () -- C:\Windows\QUICKEN.INI [2013/04/19 09:14:40 | 100,659,880 | ---- | M] (Intuit Inc. ) -- C:\Users\Todd\Desktop\QW13DLX.exe [2013/04/17 18:35:58 | 000,001,088 | ---- | M] () -- C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk [2013/04/11 16:44:53 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/04/11 09:22:56 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll [2013/04/11 09:22:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll [2013/04/11 03:22:40 | 000,462,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\drivers\HCW85BDA.sys [2013/04/10 19:32:06 | 000,139,776 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85enc.ax [2013/04/10 19:32:06 | 000,110,592 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85prop.ax [2013/04/10 19:32:06 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir3.sys [2013/04/06 09:13:35 | 000,066,696 | ---- | M] () -- C:\Windows\VIVALDII.tt2 [2013/04/06 09:13:33 | 014,381,616 | ---- | M] () -- C:\Windows\MSYHBD.tt2 [2013/04/06 09:13:33 | 000,055,400 | ---- | M] () -- C:\Windows\OCRAEXT.tt2 [2013/04/06 09:13:28 | 021,543,568 | ---- | M] () -- C:\Windows\MSYH.tt2 [2013/04/06 09:13:27 | 000,222,632 | ---- | M] () -- C:\Windows\MSUIGHUR.tt2 [2013/04/06 09:13:17 | 014,343,024 | ---- | M] () -- C:\Windows\MSJHBD.tt2 [2013/04/06 09:13:13 | 021,302,624 | ---- | M] () -- C:\Windows\MSJH.tt2 [2013/04/06 09:13:03 | 000,094,064 | ---- | M] () -- C:\Windows\LEELAWAD.tt2 [2013/04/06 09:13:03 | 000,093,836 | ---- | M] () -- C:\Windows\LEELAWDB.tt2 [2013/04/06 09:13:01 | 000,132,516 | ---- | M] () -- C:\Windows\FRAMDCN.tt2 [2013/04/06 09:12:55 | 000,179,368 | ---- | M] () -- C:\Windows\ARIALNI.tt2 [2013/04/06 09:12:46 | 000,178,864 | ---- | M] () -- C:\Windows\ARIALNB.tt2 [2013/04/06 09:12:46 | 000,178,316 | ---- | M] () -- C:\Windows\ARIALNBI.tt2 [2013/04/06 09:12:46 | 000,173,936 | ---- | M] () -- C:\Windows\ARIALN.tt2 [2013/04/06 09:12:45 | 000,007,656 | ---- | M] () -- C:\Windows\MTEXTRA.tt2 [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/03 12:36:01 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/05/03 12:32:12 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot.lnk [2013/05/03 12:32:12 | 000,000,000 | ---- | C] () -- C:\END [2013/04/28 09:50:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/04/28 09:50:49 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/04/27 16:16:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/27 16:16:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/27 16:16:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/27 16:16:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/27 16:16:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/27 09:48:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/19 09:23:45 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk [2013/04/17 18:35:58 | 000,001,088 | ---- | C] () -- C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk [2013/04/11 16:44:53 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/04/06 09:13:41 | 000,066,696 | ---- | C] () -- C:\Windows\VIVALDII.tt2 [2013/04/06 09:13:40 | 021,543,568 | ---- | C] () -- C:\Windows\MSYH.tt2 [2013/04/06 09:13:40 | 014,381,616 | ---- | C] () -- C:\Windows\MSYHBD.tt2 [2013/04/06 09:13:40 | 000,055,400 | ---- | C] () -- C:\Windows\OCRAEXT.tt2 [2013/04/06 09:13:39 | 021,302,624 | ---- | C] () -- C:\Windows\MSJH.tt2 [2013/04/06 09:13:39 | 014,343,024 | ---- | C] () -- C:\Windows\MSJHBD.tt2 [2013/04/06 09:13:39 | 000,222,632 | ---- | C] () -- C:\Windows\MSUIGHUR.tt2 [2013/04/06 09:13:38 | 000,132,516 | ---- | C] () -- C:\Windows\FRAMDCN.tt2 [2013/04/06 09:13:38 | 000,094,064 | ---- | C] () -- C:\Windows\LEELAWAD.tt2 [2013/04/06 09:13:38 | 000,093,836 | ---- | C] () -- C:\Windows\LEELAWDB.tt2 [2013/04/06 09:13:35 | 000,179,368 | ---- | C] () -- C:\Windows\ARIALNI.tt2 [2013/04/06 09:13:35 | 000,178,864 | ---- | C] () -- C:\Windows\ARIALNB.tt2 [2013/04/06 09:13:35 | 000,178,316 | ---- | C] () -- C:\Windows\ARIALNBI.tt2 [2013/04/06 09:13:35 | 000,173,936 | ---- | C] () -- C:\Windows\ARIALN.tt2 [2013/04/06 09:13:35 | 000,007,656 | ---- | C] () -- C:\Windows\MTEXTRA.tt2 [2013/03/14 09:22:45 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2013/01/10 21:27:31 | 000,007,605 | ---- | C] () -- C:\Users\Todd\AppData\Local\Resmon.ResmonCfg [2012/11/08 21:03:18 | 000,010,945 | ---- | C] () -- C:\Users\Todd\lakers.jpg [2012/08/14 12:57:44 | 000,027,520 | ---- | C] () -- C:\Users\Todd\AppData\Local\dt.dat [2012/08/09 09:34:37 | 000,001,075 | ---- | C] () -- C:\Users\Todd\Documents - Shortcut.lnk [2012/06/19 09:44:19 | 000,000,397 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/06/19 09:42:20 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2012/04/27 08:34:39 | 000,167,754 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.1 [2012/04/27 08:34:36 | 000,438,649 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.0 [2012/04/27 08:34:36 | 000,172,135 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG [2011/12/15 06:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/12/15 06:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/12/15 06:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/07/18 18:02:31 | 000,001,854 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml [2011/02/02 21:46:18 | 000,290,614 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp0804092050A.JPG [2011/01/09 22:06:58 | 000,644,496 | ---- | C] () -- C:\Users\Todd\EBOOT.BIN [2010/09/23 19:33:59 | 002,772,410 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp011.JPG [2010/08/08 10:46:55 | 000,010,622 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.0 [2010/08/08 10:46:55 | 000,009,555 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG [2010/04/23 22:21:06 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Local\prvlcl.dat [2010/03/27 11:36:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010/03/09 10:08:34 | 000,002,868 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >

Well, I just screwed up. When trying to download MSE, I clicked on the first link which was a bunch of malware like an idiot. I got OT shot, 24x7 help, PC fix speed, Solid savings, Wajam, and Keybar. I tried to delete them with REVO. On the plus side, it seems like MSE is working now after I reinstalled fromn the correct link. Is MSE even any good? I used to use AVG, but a friend told me that it slowed down the computer too much.

still having the same issue with the MS security client. Couldn't disable it for combofix. ComboFix 13-05-01.03 - Todd 05/03/2013 10:07:59.7.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6440 [GMT -5:00] Running from: c:\users\Todd\Desktop\Security\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Todd\AppData\Local\Temp\_MEI13402\_ctypes.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\_elementtree.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\_hashlib.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\_multiprocessing.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\_socket.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\_ssl.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\pyexpat.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\pysqlite2._sqlite.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\python27.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\pythoncom27.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\PyWinTypes27.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\select.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\unicodedata.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32api.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32com.shell.shell.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32crypt.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32event.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32file.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32inet.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32pdh.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32process.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32profile.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32security.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\win32ts.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\windows._cacheinvalidation.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._controls_.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._core_.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._gdi_.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._html2.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._misc_.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._windows_.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._wizard.pyd c:\users\Todd\AppData\Local\Temp\_MEI13402\wxbase294u_net_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\wxbase294u_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_adv_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_core_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_html_vc90.dll c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_webview_vc90.dll c:\users\Todd\AppData\Local\Temp\tmp8lj2ym\googledrivesync.exe c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 ))))))))))))))))))))))))))))))) . . 2013-05-03 15:14 . 2013-05-03 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-03 15:14 . 2013-05-03 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-03 15:14 . 2013-05-03 15:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-05-03 15:05 . 2013-05-03 15:05 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData 2013-05-02 21:24 . 2013-05-02 21:24 -------- d-----w- c:\users\Todd\AppData\Roaming\Mining 2013-05-02 16:48 . 2013-05-02 16:48 -------- d-----w- C:\FRST 2013-04-26 14:19 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9AF2ED-B91A-48C9-9A05-F01FCF5186AD}\mpengine.dll 2013-04-24 23:54 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 17:05 . 2013-04-23 17:05 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{831F2B9E-59ED-4BC1-8E22-6C1CE8BB95AA}\gapaengine.dll 2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken 2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes 2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod 2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys 2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys 2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax 2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax 2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 10:34 . 2010-03-01 19:15 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-27 01:57 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] . c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392] R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41] . 2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31] . 2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31] . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07] . 2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07] . 2013-04-30 c:\windows\Tasks\HPCeeScheduleForTodd.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161 . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*] "datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0, c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\ "rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57 . [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}] @Denied: (A 4) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe c:\windows\SysWOW64\schtasks.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Completion time: 2013-05-03 10:20:07 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-03 15:20 ComboFix2.txt 2013-04-30 17:52 ComboFix3.txt 2013-04-28 02:56 ComboFix4.txt 2013-04-27 21:30 . Pre-Run: 740,690,583,552 bytes free Post-Run: 740,560,596,992 bytes free . - - End Of File - - 0905392F48C13CAE8DC5911528CD8A44

I still get a pop up box upon restart that says microsoft security client failed upon initialization. Chrome seems to work ok, though. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2013 Ran by SYSTEM at 2013-05-03 09:12:06 Run:1 Running from H:\ Boot Mode: Recovery ============================================== HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key not found. C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe => Moved successfully. txkomqu => Service deleted successfully. xgctr => Service deleted successfully. xotflx => Service deleted successfully. bwbptv => Service deleted successfully. C:\Windows\SysWOW64\Drivers\szdtz.sys => Moved successfully. C:\Windows\SysWOW64\pqbjv.txt => Moved successfully. C:\Windows\SysWOW64\Drivers\vndyk.sys => Moved successfully. C:\qgsdool.txt => Moved successfully. C:\cleanup.exe => Moved successfully. C:\Windows\SysWOW64\Drivers\naedkp.sys => Moved successfully. C:\piiov.txt => Moved successfully. C:\avenger.txt => Moved successfully. C:\Windows\SysWOW64\Drivers\xufhby.sys => Moved successfully. C:\Program Files (x86)\acxpyr.txt => Moved successfully. ==== End of Fixlog ====

My Microsoft security essentials and Chrome were still not working prior to this last step. Should I try to uninstall and reinstall them or just wait? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2013 Ran by SYSTEM on 02-05-2013 08:48:34 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST could be run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16335464 2009-09-29] (NVIDIA Corporation) HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] () HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard) HKU\Todd\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19357112 2013-03-07] (Google) IMEO\mbam.exe: [Debugger] tx_.exe IMEO\mbamgui.exe: [Debugger] bz_.exe Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe (Minecraft Skillz) ==================== Services (Whitelisted) ================= S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-14] (Microsoft Corporation) S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x] S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x] ==================== Drivers (Whitelisted) ==================== S3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2013-04-10] (Hauppauge Computer Works, Inc.) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-20] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-20] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-20] (LG Electronics Inc.) S0 bwbptv; system32\drivers\szdtz.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S0 txkomqu; system32\drivers\vndyk.sys [x] S0 xgctr; system32\drivers\naedkp.sys [x] S0 xotflx; system32\drivers\xufhby.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-02 08:48 - 2013-05-02 08:48 - 00000000 ____D C:\FRST 2013-05-01 05:50 - 2013-05-01 05:50 - 00061440 ____A C:\Windows\SysWOW64\Drivers\szdtz.sys 2013-05-01 05:50 - 2013-05-01 05:50 - 00000246 ____A C:\Windows\SysWOW64\pqbjv.txt 2013-05-01 05:46 - 2013-05-01 05:46 - 00061440 ____A C:\Windows\SysWOW64\Drivers\vndyk.sys 2013-05-01 05:46 - 2013-05-01 05:46 - 00000246 ____A C:\qgsdool.txt 2013-04-30 21:37 - 2013-05-01 05:50 - 00019286 ____A C:\cleanup.exe 2013-04-30 21:37 - 2013-04-30 21:37 - 00061440 ____A C:\Windows\SysWOW64\Drivers\naedkp.sys 2013-04-30 21:37 - 2013-04-30 21:37 - 00000242 ____A C:\piiov.txt 2013-04-30 21:36 - 2013-04-30 21:36 - 00000712 ____A C:\avenger.txt 2013-04-30 21:24 - 2013-04-30 21:24 - 00061440 ____A C:\Windows\SysWOW64\Drivers\xufhby.sys 2013-04-30 21:24 - 2013-04-30 21:24 - 00000242 ____A C:\Program Files (x86)\acxpyr.txt 2013-04-30 09:52 - 2013-04-30 09:52 - 00026187 ____A C:\ComboFix.txt 2013-04-28 06:50 - 2013-04-28 06:50 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-04-27 18:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-04-27 13:16 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-04-27 13:16 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-04-27 13:16 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-04-27 13:16 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-04-27 13:16 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-04-27 13:16 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-04-27 13:16 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-04-27 13:13 - 2013-04-30 09:52 - 00000000 ____D C:\Qoobox 2013-04-27 12:19 - 2013-04-27 12:21 - 00000000 ____D C:\Users\Todd\Desktop\RK_Quarantine 2013-04-27 12:14 - 2013-04-27 12:14 - 00002486 ____A C:\AdwCleaner[s3].txt 2013-04-27 06:48 - 2013-04-27 09:34 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-26 16:29 - 2013-04-26 16:29 - 00001548 ____A C:\AdwCleaner[R4].txt 2013-04-26 14:47 - 2013-04-26 14:47 - 05561287 ____A C:\Users\Todd\Downloads\minecraft.jar 2013-04-26 14:45 - 2013-04-26 14:45 - 05071043 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus+Optifine.zip 2013-04-26 14:38 - 2013-04-26 14:38 - 04688194 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus (1).zip 2013-04-25 15:22 - 2013-04-25 15:22 - 04944266 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus.zip 2013-04-25 06:58 - 2013-04-25 06:58 - 00000000 ____D C:\Users\Todd\Desktop\2013-04 (Apr) 2013-04-24 06:03 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-19 06:23 - 2013-04-19 06:27 - 00000000 ____D C:\Program Files (x86)\Quicken 2013-04-19 06:23 - 2013-04-19 06:23 - 00001768 ____A C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk 2013-04-19 06:13 - 2013-04-19 06:14 - 100659880 ____A (Intuit Inc. ) C:\Users\Todd\Desktop\QW13DLX.exe 2013-04-19 06:13 - 2013-04-19 06:13 - 00941568 ____A (Amazon Services LLC) C:\Users\Todd\Downloads\Quicken_Deluxe_2013_Downloader.exe 2013-04-19 05:56 - 2013-04-19 05:56 - 00006780 ____A C:\Users\Todd\Downloads\Export (99).QFX 2013-04-17 15:35 - 2013-04-17 15:35 - 00001088 ____A C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk 2013-04-17 15:20 - 2013-04-17 15:20 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader (1).zip 2013-04-17 15:08 - 2013-04-17 15:08 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (2).zip 2013-04-17 15:01 - 2013-04-17 15:01 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader.zip 2013-04-17 15:00 - 2013-04-17 15:00 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (1).zip 2013-04-17 12:42 - 2013-04-17 12:42 - 00028229 ____A C:\Users\Todd\Downloads\SPMods.cfg 2013-04-17 12:40 - 2013-04-17 12:40 - 00080097 ____A C:\Users\Todd\Downloads\MPMods.cfg 2013-04-16 13:40 - 2013-04-16 13:40 - 01494679 ____A C:\Users\Todd\Downloads\W@W CFG ALL YOU NEED.rar 2013-04-16 13:29 - 2013-04-16 13:29 - 00080097 ____A C:\Users\Todd\Downloads\SourDiesel_admin-x_build.cfg.17 2013-04-16 13:09 - 2013-04-16 13:09 - 00006738 ____A C:\Users\Todd\Downloads\flashinglightsv1.rar 2013-04-16 12:42 - 2013-04-16 12:42 - 01469992 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar 2013-04-15 15:13 - 2013-04-15 15:13 - 02042239 ____A C:\Users\Todd\Downloads\CFGs.zip 2013-04-15 15:13 - 2013-04-15 15:13 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar (1).zip 2013-04-15 15:00 - 2013-04-15 15:00 - 02337686 ____A C:\Users\Todd\Downloads\WAW PRE-MADE MENU! 4 U.zip 2013-04-15 13:51 - 2013-04-15 13:51 - 00048156 ____A C:\Users\Todd\Downloads\FirstMenu.cfg 2013-04-15 13:41 - 2013-04-15 13:41 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar.zip 2013-04-11 13:44 - 2013-04-11 13:44 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iTunes 2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iPod 2013-04-11 13:37 - 2013-04-11 13:38 - 90130256 ____A (Apple Inc.) C:\Users\Todd\Downloads\iTunes64Setup (2).exe 2013-04-10 16:32 - 2013-04-10 16:32 - 01907440 ____A (Hauppauge Computer Works) C:\Windows\System32\Drivers\HCW85BDA.sys 2013-04-10 16:32 - 2013-04-10 16:32 - 00139776 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85enc.ax 2013-04-10 16:32 - 2013-04-10 16:32 - 00110592 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85prop.ax 2013-04-10 16:32 - 2013-04-10 16:32 - 00033792 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir3.sys 2013-04-10 13:32 - 2013-04-10 13:32 - 01331819 ____A C:\Users\Todd\Downloads\Essentials.zip 2013-04-10 08:55 - 2013-04-10 08:55 - 00003533 ____A C:\Users\Todd\Downloads\Export (98).QFX 2013-04-10 06:29 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 06:29 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 06:29 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 06:29 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-10 06:29 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-10 06:29 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-10 06:28 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 06:28 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 06:28 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-10 06:28 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-10 06:28 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-10 06:28 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 06:28 - 2013-03-01 21:56 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 06:28 - 2013-03-01 21:55 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 06:28 - 2013-03-01 21:55 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 06:28 - 2013-03-01 21:50 - 09059328 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 06:28 - 2013-03-01 21:50 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 06:28 - 2013-03-01 21:50 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 06:28 - 2013-03-01 21:49 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 06:28 - 2013-03-01 21:49 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 06:28 - 2013-03-01 21:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 06:28 - 2013-03-01 21:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 06:28 - 2013-03-01 20:58 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 06:28 - 2013-03-01 20:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 06:28 - 2013-03-01 20:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-10 06:28 - 2013-03-01 20:54 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 06:28 - 2013-03-01 20:54 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 06:28 - 2013-03-01 20:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-10 06:28 - 2013-03-01 20:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 06:28 - 2013-03-01 20:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 06:28 - 2013-03-01 20:52 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 06:28 - 2013-03-01 20:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-10 06:28 - 2013-03-01 19:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 06:28 - 2013-03-01 19:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 06:28 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 06:28 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-09 12:47 - 2013-04-09 12:47 - 00482549 ____A C:\Users\Todd\Downloads\FTB_Launcher.jar 2013-04-07 07:06 - 2013-04-07 07:06 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (2).exe 2013-04-07 06:55 - 2013-04-07 06:55 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (1).exe 2013-04-07 06:17 - 2013-04-07 06:17 - 00002304 ____A C:\Users\Todd\Downloads\Export (97).QFX 2013-04-07 06:14 - 2013-04-07 06:14 - 00004154 ____A C:\Users\Todd\Downloads\Export (96).QFX 2013-04-06 06:13 - 2013-04-06 06:13 - 21543568 ____A C:\Windows\MSYH.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 21302624 ____A C:\Windows\MSJH.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 14381616 ____A C:\Windows\MSYHBD.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 14343024 ____A C:\Windows\MSJHBD.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00222632 ____A C:\Windows\MSUIGHUR.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00132516 ____A C:\Windows\FRAMDCN.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00094064 ____A C:\Windows\LEELAWAD.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00093836 ____A C:\Windows\LEELAWDB.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00066696 ____A C:\Windows\VIVALDII.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00055400 ____A C:\Windows\OCRAEXT.tt2 2013-04-06 06:13 - 2013-04-06 06:12 - 00179368 ____A C:\Windows\ARIALNI.tt2 2013-04-06 06:13 - 2013-04-06 06:12 - 00178864 ____A C:\Windows\ARIALNB.tt2 2013-04-06 06:13 - 2013-04-06 06:12 - 00178316 ____A C:\Windows\ARIALNBI.tt2 2013-04-06 06:13 - 2013-04-06 06:12 - 00173936 ____A C:\Windows\ARIALN.tt2 2013-04-06 06:13 - 2013-04-06 06:12 - 00007656 ____A C:\Windows\MTEXTRA.tt2 2013-04-06 06:11 - 2013-04-06 06:22 - 00000000 ____D C:ProgramData\regid.1991-06.com.microsoft 2013-04-06 06:06 - 2013-04-06 06:07 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-04-06 06:06 - 2013-04-06 06:06 - 00560296 ____A (Microsoft Corporation) C:\Users\Todd\Downloads\Setup.x86.en-US_ProPlusRetail_GW3BT-N64V6-M686C-TCXB6-8TWQD_TX_PR_act_1_.exe 2013-04-04 15:26 - 2013-04-04 15:26 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322 (1).zip 2013-04-04 15:17 - 2013-04-04 15:17 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322.zip 2013-04-03 06:15 - 2013-04-03 06:15 - 00004613 ____A C:\Users\Todd\Downloads\Export (95).QFX 2013-04-03 06:13 - 2013-04-03 06:13 - 00003627 ____A C:\Users\Todd\Downloads\Export (3).OFX 2013-04-02 11:08 - 2012-05-29 12:53 - 00027456 ____A (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\Drivers\cpqdfw.sys 2013-04-02 11:07 - 2013-04-02 11:07 - 00002147 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk 2013-04-02 11:05 - 2013-04-02 11:05 - 00000000 ____D C:ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} ==================== One Month Modified Files and Folders ======= 2013-05-02 08:48 - 2013-05-02 08:48 - 00000000 ____D C:\FRST 2013-05-02 05:44 - 2009-12-07 11:28 - 01548171 ____A C:\Windows\WindowsUpdate.log 2013-05-02 05:41 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-02 05:41 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-02 05:41 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-02 05:38 - 2013-02-08 07:32 - 00000000 ___SD C:\Users\Todd\Google Drive 2013-05-02 05:38 - 2013-02-08 07:31 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-02 05:36 - 2013-02-08 07:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-02 05:34 - 2013-03-06 13:05 - 00024128 ____A C:\Windows\setupact.log 2013-05-02 05:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-01 07:05 - 2012-02-27 22:07 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job 2013-05-01 07:02 - 2012-05-30 08:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-01 05:50 - 2013-05-01 05:50 - 00061440 ____A C:\Windows\SysWOW64\Drivers\szdtz.sys 2013-05-01 05:50 - 2013-05-01 05:50 - 00000246 ____A C:\Windows\SysWOW64\pqbjv.txt 2013-05-01 05:50 - 2013-04-30 21:37 - 00019286 ____A C:\cleanup.exe 2013-05-01 05:46 - 2013-05-01 05:46 - 00061440 ____A C:\Windows\SysWOW64\Drivers\vndyk.sys 2013-05-01 05:46 - 2013-05-01 05:46 - 00000246 ____A C:\qgsdool.txt 2013-04-30 21:37 - 2013-04-30 21:37 - 00061440 ____A C:\Windows\SysWOW64\Drivers\naedkp.sys 2013-04-30 21:37 - 2013-04-30 21:37 - 00000242 ____A C:\piiov.txt 2013-04-30 21:36 - 2013-04-30 21:36 - 00000712 ____A C:\avenger.txt 2013-04-30 21:24 - 2013-04-30 21:24 - 00061440 ____A C:\Windows\SysWOW64\Drivers\xufhby.sys 2013-04-30 21:24 - 2013-04-30 21:24 - 00000242 ____A C:\Program Files (x86)\acxpyr.txt 2013-04-30 21:22 - 2012-05-31 06:42 - 00000000 ____D C:\Users\Todd\Desktop\Security 2013-04-30 16:11 - 2010-03-27 08:35 - 00000000 ____D C:\Users\Todd\AppData\Local\CrashDumps 2013-04-30 09:52 - 2013-04-30 09:52 - 00026187 ____A C:\ComboFix.txt 2013-04-30 09:52 - 2013-04-27 13:13 - 00000000 ____D C:\Qoobox 2013-04-30 09:46 - 2013-01-07 18:13 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForTodd.job 2013-04-30 09:46 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2013-04-30 09:45 - 2013-03-07 04:30 - 00011464 ____A C:\Windows\PFRO.log 2013-04-30 05:40 - 2011-11-01 05:35 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-04-30 05:40 - 2010-03-18 13:17 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-04-30 05:34 - 2012-12-27 22:51 - 00000000 ____D C:\JRT 2013-04-28 18:05 - 2012-02-27 22:07 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job 2013-04-28 12:59 - 2013-03-28 19:44 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1 2013-04-28 06:51 - 2010-03-08 07:43 - 00000000 ____D C:ProgramData\Adobe 2013-04-28 06:50 - 2013-04-28 06:50 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-04-28 06:50 - 2010-03-08 07:44 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-04-28 06:40 - 2012-12-23 11:28 - 00000000 ____D C:\Program Files\Elgato 2013-04-28 06:31 - 2012-12-27 10:03 - 00000000 ____D C:\Users\Todd\AppData\Local\DayZCommander 2013-04-28 06:27 - 2009-07-13 19:20 - 00000000 ___SD C:ProgramData\Microsoft 2013-04-28 06:25 - 2011-05-18 15:11 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Unified Remote 2013-04-28 06:21 - 2013-02-28 16:00 - 00000000 ____D C:\Program Files (x86)\Java 2013-04-27 13:24 - 2012-05-31 21:17 - 00000000 ____D C:\Windows\ERDNT 2013-04-27 12:21 - 2013-04-27 12:19 - 00000000 ____D C:\Users\Todd\Desktop\RK_Quarantine 2013-04-27 12:14 - 2013-04-27 12:14 - 00002486 ____A C:\AdwCleaner[s3].txt 2013-04-27 09:51 - 2011-05-06 15:07 - 00461312 __ASH C:\Users\Todd\Desktop\Thumbs.db 2013-04-27 09:34 - 2013-04-27 06:48 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-27 09:34 - 2011-03-23 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-26 17:22 - 2012-10-25 05:54 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-04-26 16:29 - 2013-04-26 16:29 - 00001548 ____A C:\AdwCleaner[R4].txt 2013-04-26 15:11 - 2012-05-05 07:46 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Skype 2013-04-26 15:08 - 2013-03-02 09:49 - 00000000 ____D C:\Users\Todd\AppData\Roaming\.minecraft 2013-04-26 14:47 - 2013-04-26 14:47 - 05561287 ____A C:\Users\Todd\Downloads\minecraft.jar 2013-04-26 14:47 - 2013-01-10 18:59 - 00000000 ____D C:\Users\Todd\Desktop\Brendon 2013-04-26 14:45 - 2013-04-26 14:45 - 05071043 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus+Optifine.zip 2013-04-26 14:38 - 2013-04-26 14:38 - 04688194 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus (1).zip 2013-04-25 15:22 - 2013-04-25 15:22 - 04944266 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus.zip 2013-04-25 06:58 - 2013-04-25 06:58 - 00000000 ____D C:\Users\Todd\Desktop\2013-04 (Apr) 2013-04-25 06:41 - 2012-05-30 08:08 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-25 06:41 - 2011-05-27 07:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-24 17:52 - 2012-05-05 07:46 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-04-24 17:52 - 2012-05-05 07:46 - 00000000 ____D C:ProgramData\Skype 2013-04-22 17:16 - 2010-03-18 13:15 - 00000000 ____D C:\Users\Todd\AppData\Roaming\HpUpdate 2013-04-22 17:16 - 2010-03-18 13:15 - 00000000 ____D C:\Users\Todd\AppData\Roaming\HP Support Assistant 2013-04-22 13:33 - 2012-06-28 12:02 - 00000000 ____D C:\Program Files (x86)\Steam 2013-04-21 12:05 - 2010-03-01 11:10 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Mozilla 2013-04-20 10:22 - 2013-03-28 19:44 - 00000000 ____D C:\Users\Todd\Documents\Bandicam 2013-04-19 06:28 - 2010-03-08 11:32 - 00000000 ____D C:\Users\Todd\Documents\Quicken 2013-04-19 06:27 - 2013-04-19 06:23 - 00000000 ____D C:\Program Files (x86)\Quicken 2013-04-19 06:23 - 2013-04-19 06:23 - 00001768 ____A C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk 2013-04-19 06:23 - 2010-03-08 11:14 - 00000171 ____A C:\Windows\QUICKEN.INI 2013-04-19 06:14 - 2013-04-19 06:13 - 100659880 ____A (Intuit Inc. ) C:\Users\Todd\Desktop\QW13DLX.exe 2013-04-19 06:13 - 2013-04-19 06:13 - 00941568 ____A (Amazon Services LLC) C:\Users\Todd\Downloads\Quicken_Deluxe_2013_Downloader.exe 2013-04-19 05:56 - 2013-04-19 05:56 - 00006780 ____A C:\Users\Todd\Downloads\Export (99).QFX 2013-04-17 15:35 - 2013-04-17 15:35 - 00001088 ____A C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk 2013-04-17 15:20 - 2013-04-17 15:20 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader (1).zip 2013-04-17 15:08 - 2013-04-17 15:08 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (2).zip 2013-04-17 15:01 - 2013-04-17 15:01 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader.zip 2013-04-17 15:00 - 2013-04-17 15:00 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (1).zip 2013-04-17 12:42 - 2013-04-17 12:42 - 00028229 ____A C:\Users\Todd\Downloads\SPMods.cfg 2013-04-17 12:40 - 2013-04-17 12:40 - 00080097 ____A C:\Users\Todd\Downloads\MPMods.cfg 2013-04-17 08:53 - 2012-12-25 13:17 - 00009632 ____A C:\Windows\System32\lvcoinst.log 2013-04-16 13:40 - 2013-04-16 13:40 - 01494679 ____A C:\Users\Todd\Downloads\W@W CFG ALL YOU NEED.rar 2013-04-16 13:29 - 2013-04-16 13:29 - 00080097 ____A C:\Users\Todd\Downloads\SourDiesel_admin-x_build.cfg.17 2013-04-16 13:09 - 2013-04-16 13:09 - 00006738 ____A C:\Users\Todd\Downloads\flashinglightsv1.rar 2013-04-16 12:42 - 2013-04-16 12:42 - 01469992 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar 2013-04-15 15:13 - 2013-04-15 15:13 - 02042239 ____A C:\Users\Todd\Downloads\CFGs.zip 2013-04-15 15:13 - 2013-04-15 15:13 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar (1).zip 2013-04-15 15:00 - 2013-04-15 15:00 - 02337686 ____A C:\Users\Todd\Downloads\WAW PRE-MADE MENU! 4 U.zip 2013-04-15 13:51 - 2013-04-15 13:51 - 00048156 ____A C:\Users\Todd\Downloads\FirstMenu.cfg 2013-04-15 13:41 - 2013-04-15 13:41 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar.zip 2013-04-12 06:45 - 2013-04-24 06:03 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-12 06:25 - 2013-03-14 06:28 - 00000000 ____D C:\Users\Todd\Documents\SimCity 4 2013-04-11 13:44 - 2013-04-11 13:44 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iTunes 2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iPod 2013-04-11 13:44 - 2012-10-06 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-04-11 13:38 - 2013-04-11 13:37 - 90130256 ____A (Apple Inc.) C:\Users\Todd\Downloads\iTunes64Setup (2).exe 2013-04-11 00:22 - 2009-07-13 20:45 - 00462584 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 00:01 - 2010-03-04 06:09 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-10 16:32 - 2013-04-10 16:32 - 01907440 ____A (Hauppauge Computer Works) C:\Windows\System32\Drivers\HCW85BDA.sys 2013-04-10 16:32 - 2013-04-10 16:32 - 00139776 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85enc.ax 2013-04-10 16:32 - 2013-04-10 16:32 - 00110592 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85prop.ax 2013-04-10 16:32 - 2013-04-10 16:32 - 00033792 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir3.sys 2013-04-10 13:32 - 2013-04-10 13:32 - 01331819 ____A C:\Users\Todd\Downloads\Essentials.zip 2013-04-10 08:55 - 2013-04-10 08:55 - 00003533 ____A C:\Users\Todd\Downloads\Export (98).QFX 2013-04-09 12:47 - 2013-04-09 12:47 - 00482549 ____A C:\Users\Todd\Downloads\FTB_Launcher.jar 2013-04-09 12:47 - 2013-03-29 08:49 - 00000000 ____D C:\Users\Todd\AppData\Roaming\ftblauncher 2013-04-07 07:06 - 2013-04-07 07:06 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (2).exe 2013-04-07 06:55 - 2013-04-07 06:55 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (1).exe 2013-04-07 06:17 - 2013-04-07 06:17 - 00002304 ____A C:\Users\Todd\Downloads\Export (97).QFX 2013-04-07 06:14 - 2013-04-07 06:14 - 00004154 ____A C:\Users\Todd\Downloads\Export (96).QFX 2013-04-07 06:12 - 2010-03-01 11:06 - 00124200 ____A C:\Users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT 2013-04-06 06:22 - 2013-04-06 06:11 - 00000000 ____D C:ProgramData\regid.1991-06.com.microsoft 2013-04-06 06:13 - 2013-04-06 06:13 - 21543568 ____A C:\Windows\MSYH.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 21302624 ____A C:\Windows\MSJH.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 14381616 ____A C:\Windows\MSYHBD.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 14343024 ____A C:\Windows\MSJHBD.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00222632 ____A C:\Windows\MSUIGHUR.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00132516 ____A C:\Windows\FRAMDCN.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00094064 ____A C:\Windows\LEELAWAD.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00093836 ____A C:\Windows\LEELAWDB.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00066696 ____A C:\Windows\VIVALDII.tt2 2013-04-06 06:13 - 2013-04-06 06:13 - 00055400 ____A C:\Windows\OCRAEXT.tt2 2013-04-06 06:12 - 2013-04-06 06:13 - 00179368 ____A C:\Windows\ARIALNI.tt2 2013-04-06 06:12 - 2013-04-06 06:13 - 00178864 ____A C:\Windows\ARIALNB.tt2 2013-04-06 06:12 - 2013-04-06 06:13 - 00178316 ____A C:\Windows\ARIALNBI.tt2 2013-04-06 06:12 - 2013-04-06 06:13 - 00173936 ____A C:\Windows\ARIALN.tt2 2013-04-06 06:12 - 2013-04-06 06:13 - 00007656 ____A C:\Windows\MTEXTRA.tt2 2013-04-06 06:11 - 2009-11-24 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-04-06 06:11 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-04-06 06:07 - 2013-04-06 06:06 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-04-06 06:06 - 2013-04-06 06:06 - 00560296 ____A (Microsoft Corporation) C:\Users\Todd\Downloads\Setup.x86.en-US_ProPlusRetail_GW3BT-N64V6-M686C-TCXB6-8TWQD_TX_PR_act_1_.exe 2013-04-04 15:26 - 2013-04-04 15:26 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322 (1).zip 2013-04-04 15:17 - 2013-04-04 15:17 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322.zip 2013-04-04 11:50 - 2011-03-23 17:03 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-03 06:15 - 2013-04-03 06:15 - 00004613 ____A C:\Users\Todd\Downloads\Export (95).QFX 2013-04-03 06:13 - 2013-04-03 06:13 - 00003627 ____A C:\Users\Todd\Downloads\Export (3).OFX 2013-04-02 11:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-04-02 11:08 - 2009-11-23 23:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-04-02 11:07 - 2013-04-02 11:07 - 00002147 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk 2013-04-02 11:07 - 2009-11-23 23:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2013-04-02 11:06 - 2010-03-25 14:08 - 00000000 ____D C:\Users\Todd\AppData\Roaming\hpqLog 2013-04-02 11:05 - 2013-04-02 11:05 - 00000000 ____D C:ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-04-02 11:04 - 2010-12-26 16:40 - 00000000 ___AD C:\swsetup 2013-04-02 02:34 - 2010-03-01 11:15 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-27 06:05:50 Restore point made on: 2013-04-28 06:10:13 Restore point made on: 2013-04-28 06:14:54 Restore point made on: 2013-04-28 06:18:07 Restore point made on: 2013-04-28 06:18:23 Restore point made on: 2013-04-28 06:22:02 Restore point made on: 2013-04-28 06:23:42 Restore point made on: 2013-04-28 06:24:04 Restore point made on: 2013-04-28 06:25:06 Restore point made on: 2013-04-28 06:27:06 Restore point made on: 2013-04-28 06:29:31 Restore point made on: 2013-04-28 06:29:48 Restore point made on: 2013-04-28 06:31:08 Restore point made on: 2013-04-28 06:31:26 Restore point made on: 2013-04-28 06:31:59 Restore point made on: 2013-04-28 06:33:42 Restore point made on: 2013-04-28 06:36:28 Restore point made on: 2013-04-28 06:36:45 Restore point made on: 2013-04-28 06:40:33 Restore point made on: 2013-04-28 06:43:14 Restore point made on: 2013-04-28 06:45:57 Restore point made on: 2013-04-28 13:27:56 Restore point made on: 2013-04-28 14:11:10 Restore point made on: 2013-04-29 06:44:40 Restore point made on: 2013-04-29 07:02:16 Restore point made on: 2013-04-29 07:24:28 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8119.08 MB Available physical RAM: 7153.86 MB Total Pagefile: 8117.23 MB Available Pagefile: 7138.02 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:920.43 GB) (Free:690.15 GB) NTFS (Disk=0 Partition=2) Drive e: (FACTORY_IMAGE) (Fixed) (Total:10.98 GB) (Free:1.58 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive f: (Sims3EP08) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF Drive h: (UDISK) (Removable) (Total:3.81 GB) (Free:3.77 GB) FAT32 (Disk=2 Partition=1) Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 3915 MB 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Disk ID: 1549F232 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 10 GB 920 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C HP NTFS Partition 920 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FACTORY_IMA NTFS Partition 10 GB Healthy ========================================================= Partitions of Disk 2: =============== Disk ID: 04030201 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3913 MB 1380 KB ================================================================================== Disk: 2 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H UDISK FAT32 Removable 3913 MB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS) ==================================================================== Disk: 2 (Size: 4 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=4 GB) - (Type=0C) Last Boot: 2013-04-25 07:27 ==================== End Of Log ============================ Farbar Recovery Scan Tool (x64) Version: 01-05-2013 Ran by SYSTEM at 2013-05-02 08:50:41 Running from H:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\ERDNT\cache64\services.exe [2012-05-31 21:27] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======

////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.1 (build 7601, Service Pack 1) Wed May 01 00:36:45 2013 00:36:45: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// It seems to be showing the exact log file that it did last night. I tried it twice.