alancarrr1

Ok, ive tried that again. Its still installed: All processes killed========== OTL ==========Prefs.js: "" removed from browser.search.defaultenginename,Prefs.js: "" removed from browser.search.order.1Prefs.js: "" removed from browser.search.order.1,Prefs.js: "" removed from browser.search.selectedEngine,Prefs.js: "" removed from keyword.URLRegistry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.bat deleted successfully.C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: Alan->Temp folder emptied: 371531 bytes->Temporary Internet Files folder emptied: 2368526 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytes->Google Chrome cache emptied: 247717444 bytes->Apple Safari cache emptied: 0 bytes->Opera cache emptied: 0 bytes->Flash cache emptied: 639 bytes User: All Users User: AppData User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 1254 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 239.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 03302014_121153 Files\Folders moved on Reboot...File move failed. C:\Windows\temp\ib2 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib3 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib4 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib5 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib6 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...

Still present: All processes killedError: Unable to interpret <------------ QUOTE ----------> in the current context!========== OTL ==========Prefs.js: "" removed from browser.search.defaultenginename,Prefs.js: "" removed from browser.search.order.1Prefs.js: "" removed from browser.search.order.1,Prefs.js: "" removed from browser.search.selectedEngine,Prefs.js: "" removed from keyword.URLRegistry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir deleted successfully.Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.bat deleted successfully.C:\Users\Alan\Desktop\VIRUS REMOVAL\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: Alan->Temp folder emptied: 888375 bytes->Temporary Internet Files folder emptied: 2415824 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytes->Google Chrome cache emptied: 384326841 bytes->Apple Safari cache emptied: 0 bytes->Opera cache emptied: 0 bytes->Flash cache emptied: 405 bytes User: All Users User: AppData User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 7490 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 270628325 bytes Total Files Cleaned = 628.00 mb Restore point Set: OTL Restore PointError: Unable to interpret <-----------------------------> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 03292014_182647 Files\Folders moved on Reboot...File move failed. C:\Windows\temp\ib2 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib3 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib4 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib5 scheduled to be moved on reboot.File move failed. C:\Windows\temp\ib6 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...

Thanks for all your help. Here's the log: OTL logfile created on: 28/03/2014 18:50:22 - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.87 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 59.41% Memory free7.96 Gb Paging File | 6.06 Gb Available in Paging File | 76.11% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 451.62 Gb Total Space | 250.02 Gb Free Space | 55.36% Space Free | Partition Type: NTFSDrive D: | 14.14 Gb Total Space | 1.92 Gb Free Space | 13.55% Space Free | Partition Type: NTFS Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2007/04/18 15:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exePRC - [2006/05/26 03:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ========== Modules (No Company Name) ========== MOD - [2014/02/13 04:04:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dllMOD - [2014/02/13 04:03:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3ab5ab0fbb86c36425e6902e54a547b\System.Runtime.Remoting.ni.dllMOD - [2014/02/13 04:03:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\24c666e940e61baf4d33315346a03ab6\System.Transactions.ni.dllMOD - [2014/02/13 04:03:01 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.ni.dllMOD - [2014/02/13 04:03:01 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.Wrapper.dllMOD - [2014/02/13 04:02:53 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dllMOD - [2014/02/13 03:49:56 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dllMOD - [2014/02/13 03:49:40 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dllMOD - [2014/02/13 03:49:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dllMOD - [2014/02/13 03:49:17 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\6252b82373099322bef5f577bab408b6\System.Data.ni.dllMOD - [2014/02/13 03:49:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dllMOD - [2014/02/13 03:49:05 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dllMOD - [2014/02/13 03:48:46 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dllMOD - [2014/02/13 03:48:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dllMOD - [2014/02/13 03:48:28 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dllMOD - [2014/02/13 03:48:21 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dllMOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2009/04/11 06:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\SysWOW64\msjetoledb40.dllMOD - [2009/04/11 02:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dllMOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllMOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllMOD - [2008/07/03 11:45:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dllMOD - [2008/07/03 11:42:56 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dllMOD - [2008/07/03 11:42:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dllMOD - [2008/07/03 11:42:48 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dllMOD - [2008/07/03 11:42:46 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dllMOD - [2008/07/03 11:42:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dllMOD - [2008/07/03 11:42:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dllMOD - [2008/07/03 11:42:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/10/21 09:36:16 | 000,121,856 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com)O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)O4 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not foundO4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files (x86)\Tracker\Tracker.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)O15 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000\..Trusted Ranges: Range1 ([http] in Local intranet)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DD8DB8-06EA-4D40-A3CC-B974B24382EB}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpgO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpgO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/03/28 16:48:54 | 000,000,000 | ---D | C] -- C:\_OTL[2014/03/28 16:06:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe[2014/03/28 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\test[2014/03/28 13:52:14 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Futura Font[2014/03/27 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Stripe-Larry-Ullman[2014/03/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\WP Page Speed[2014/03/26 17:54:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\futura[2014/03/26 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wppagespeed[2014/03/26 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Alannah Optimized[2014/03/25 17:04:26 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe[2014/03/25 17:00:52 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\171281[2014/03/25 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wp-whos-online[2014/03/25 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-likes[2014/03/25 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-by-email[2014/03/24 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\PSDs[2014/03/24 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Tax Zone Plus[2014/03/23 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Sumil[2014/03/23 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Epray V2[2014/03/21 03:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2014/03/21 02:51:51 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2014/03/21 01:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2014/03/21 01:52:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2014/03/21 01:52:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2014/03/21 01:52:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2014/03/21 01:52:19 | 000,000,000 | --SD | C] -- C:\ComboFix[2014/03/21 01:51:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW[2014/03/21 01:49:11 | 000,000,000 | ---D | C] -- C:\Qoobox[2014/03/21 01:48:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2014/03/21 01:32:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2014/03/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\VIRUS REMOVAL[2014/03/21 01:18:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller[2014/03/18 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Najlepsze Lokaty[2014/03/17 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Free Bitcoins Online[2014/03/15 22:10:19 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Master Resale[2014/03/15 20:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype[2014/03/14 17:38:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype[2014/03/13 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2014/03/13 20:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2014/03/06 12:51:58 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Undercover Tipster[2014/03/05 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Skype ========== Files - Modified Within 30 Days ========== [2014/03/28 18:52:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2014/03/28 18:52:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2014/03/28 18:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/03/28 18:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/03/28 16:52:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/03/28 16:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe[2014/03/28 14:55:18 | 000,003,933 | ---- | M] () -- C:\Users\Alan\Desktop\terms-in-comments.php[2014/03/28 14:01:34 | 000,365,691 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png[2014/03/28 13:52:37 | 000,216,089 | ---- | M] () -- C:\Users\Alan\Desktop\Futura Font.zip[2014/03/28 13:15:35 | 000,533,740 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png[2014/03/27 23:29:56 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\PUTTY.RND[2014/03/27 23:29:08 | 000,002,804 | ---- | M] () -- C:\Users\Alan\Desktop\bg.jpg[2014/03/27 23:23:44 | 000,025,539 | ---- | M] () -- C:\Users\Alan\Desktop\bg.png[2014/03/27 21:18:45 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-checkout.php[2014/03/27 19:58:58 | 000,007,276 | ---- | M] () -- C:\Users\Alan\Desktop\images.jpg[2014/03/27 18:51:14 | 000,000,416 | ---- | M] () -- C:\Users\Alan\Desktop\close.png[2014/03/27 18:51:08 | 000,000,715 | ---- | M] () -- C:\Users\Alan\Desktop\open.png[2014/03/27 17:08:02 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\sidebar.php[2014/03/27 16:21:29 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-speed-service.php[2014/03/27 16:21:18 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-faq.php[2014/03/27 16:21:10 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php[2014/03/27 16:20:54 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-contact.php[2014/03/26 21:29:57 | 000,023,552 | ---- | M] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2014/03/26 21:29:54 | 001,713,132 | ---- | M] () -- C:\Users\Alan\Desktop\salesvideo.wmv[2014/03/26 21:10:11 | 000,012,208 | ---- | M] () -- C:\Users\Alan\Desktop\google-page-speed.png[2014/03/26 21:08:46 | 000,232,310 | ---- | M] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png[2014/03/26 21:07:22 | 000,004,881 | ---- | M] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png[2014/03/26 21:03:10 | 000,005,210 | ---- | M] () -- C:\Users\Alan\Desktop\gtmetrix.png[2014/03/26 19:44:25 | 000,008,033 | ---- | M] () -- C:\Users\Alan\Desktop\progress.gif[2014/03/26 18:12:25 | 004,535,820 | ---- | M] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf[2014/03/26 15:35:03 | 000,000,260 | ---- | M] () -- C:\Users\Alan\Desktop\.htaccess[2014/03/26 15:08:33 | 000,010,609 | ---- | M] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg[2014/03/26 15:08:24 | 000,013,706 | ---- | M] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg[2014/03/26 15:08:14 | 000,009,617 | ---- | M] () -- C:\Users\Alan\Desktop\photo26.jpg[2014/03/26 15:08:05 | 000,015,124 | ---- | M] () -- C:\Users\Alan\Desktop\keyboard.jpg[2014/03/26 15:07:55 | 000,011,675 | ---- | M] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png[2014/03/26 15:05:18 | 000,325,635 | ---- | M] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg[2014/03/26 14:15:14 | 000,021,787 | ---- | M] () -- C:\Users\Alan\Desktop\screen.jpg[2014/03/26 12:36:12 | 000,061,571 | ---- | M] () -- C:\Users\Alan\Desktop\RobInvoice.jpg[2014/03/26 12:19:18 | 000,546,475 | ---- | M] () -- C:\Users\Alan\Desktop\hometopbg.jpg[2014/03/26 12:15:30 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-prayer-wall.php[2014/03/25 17:04:23 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe[2014/03/25 17:01:22 | 001,179,320 | ---- | M] () -- C:\Users\Alan\Desktop\171281.zip[2014/03/25 17:01:01 | 001,157,816 | ---- | M] () -- C:\Users\Alan\Desktop\171281.rar[2014/03/25 16:25:37 | 000,053,594 | ---- | M] () -- C:\Users\Alan\Desktop\six.jpg[2014/03/25 15:17:42 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\squeeze-page-3.php[2014/03/25 11:45:18 | 000,136,974 | ---- | M] () -- C:\Users\Alan\Desktop\style.css[2014/03/25 11:39:37 | 000,019,846 | ---- | M] () -- C:\Users\Alan\Desktop\footerbg.png[2014/03/25 11:22:27 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-home.php[2014/03/25 11:20:34 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\new.css[2014/03/25 10:45:19 | 000,003,680 | ---- | M] () -- C:\Users\Alan\Desktop\page-members.php[2014/03/25 00:50:01 | 000,011,691 | ---- | M] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg[2014/03/24 15:19:22 | 000,003,895 | ---- | M] () -- C:\Users\Alan\Desktop\small-nav-icon.png[2014/03/22 17:30:10 | 000,010,434 | ---- | M] () -- C:\Users\Alan\Desktop\777coin.png[2014/03/21 02:51:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2014/03/21 01:51:15 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini[2014/03/21 01:29:24 | 005,290,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2014/03/15 20:07:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/03/14 17:38:44 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk[2014/03/14 03:32:06 | 000,000,766 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk[2014/03/03 18:45:31 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd[2014/02/27 03:02:23 | 000,748,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2014/02/27 03:02:23 | 000,637,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2014/02/27 03:02:23 | 000,120,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2014/02/27 03:02:15 | 000,748,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2014/03/28 14:55:18 | 000,003,933 | ---- | C] () -- C:\Users\Alan\Desktop\terms-in-comments.php[2014/03/28 14:00:51 | 000,365,691 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png[2014/03/28 13:52:37 | 000,216,089 | ---- | C] () -- C:\Users\Alan\Desktop\Futura Font.zip[2014/03/28 13:15:15 | 000,533,740 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png[2014/03/27 23:29:08 | 000,002,804 | ---- | C] () -- C:\Users\Alan\Desktop\bg.jpg[2014/03/27 23:23:44 | 000,025,539 | ---- | C] () -- C:\Users\Alan\Desktop\bg.png[2014/03/27 21:18:45 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-checkout.php[2014/03/27 19:58:58 | 000,007,276 | ---- | C] () -- C:\Users\Alan\Desktop\images.jpg[2014/03/27 19:07:15 | 001,431,354 | ---- | C] () -- C:\Users\Alan\Desktop\EmailNinja.pdf[2014/03/27 18:51:14 | 000,000,416 | ---- | C] () -- C:\Users\Alan\Desktop\close.png[2014/03/27 18:51:06 | 000,000,715 | ---- | C] () -- C:\Users\Alan\Desktop\open.png[2014/03/27 17:08:02 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\sidebar.php[2014/03/27 16:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-speed-service.php[2014/03/27 16:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-faq.php[2014/03/27 16:21:10 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php[2014/03/27 16:20:54 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-contact.php[2014/03/26 21:28:59 | 001,713,132 | ---- | C] () -- C:\Users\Alan\Desktop\salesvideo.wmv[2014/03/26 21:10:11 | 000,012,208 | ---- | C] () -- C:\Users\Alan\Desktop\google-page-speed.png[2014/03/26 21:08:46 | 000,232,310 | ---- | C] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png[2014/03/26 21:07:22 | 000,004,881 | ---- | C] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png[2014/03/26 21:03:10 | 000,005,210 | ---- | C] () -- C:\Users\Alan\Desktop\gtmetrix.png[2014/03/26 19:44:24 | 000,008,033 | ---- | C] () -- C:\Users\Alan\Desktop\progress.gif[2014/03/26 18:11:56 | 004,535,820 | ---- | C] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf[2014/03/26 15:08:26 | 000,010,609 | ---- | C] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg[2014/03/26 15:08:16 | 000,013,706 | ---- | C] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg[2014/03/26 15:08:07 | 000,009,617 | ---- | C] () -- C:\Users\Alan\Desktop\photo26.jpg[2014/03/26 15:07:58 | 000,015,124 | ---- | C] () -- C:\Users\Alan\Desktop\keyboard.jpg[2014/03/26 15:07:47 | 000,011,675 | ---- | C] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png[2014/03/26 15:05:18 | 000,325,635 | ---- | C] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg[2014/03/26 14:15:14 | 000,021,787 | ---- | C] () -- C:\Users\Alan\Desktop\screen.jpg[2014/03/26 12:36:12 | 000,061,571 | ---- | C] () -- C:\Users\Alan\Desktop\RobInvoice.jpg[2014/03/26 12:19:18 | 000,546,475 | ---- | C] () -- C:\Users\Alan\Desktop\hometopbg.jpg[2014/03/26 12:15:30 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-prayer-wall.php[2014/03/25 17:01:22 | 001,179,320 | ---- | C] () -- C:\Users\Alan\Desktop\171281.zip[2014/03/25 17:01:00 | 001,157,816 | ---- | C] () -- C:\Users\Alan\Desktop\171281.rar[2014/03/25 16:25:35 | 000,053,594 | ---- | C] () -- C:\Users\Alan\Desktop\six.jpg[2014/03/25 15:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\squeeze-page-3.php[2014/03/25 12:02:15 | 000,000,260 | ---- | C] () -- C:\Users\Alan\Desktop\.htaccess[2014/03/25 11:44:53 | 000,136,974 | ---- | C] () -- C:\Users\Alan\Desktop\style.css[2014/03/25 11:39:36 | 000,019,846 | ---- | C] () -- C:\Users\Alan\Desktop\footerbg.png[2014/03/25 11:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-home.php[2014/03/25 11:20:34 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\new.css[2014/03/25 10:45:19 | 000,003,680 | ---- | C] () -- C:\Users\Alan\Desktop\page-members.php[2014/03/25 00:50:00 | 000,011,691 | ---- | C] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg[2014/03/24 15:19:21 | 000,003,895 | ---- | C] () -- C:\Users\Alan\Desktop\small-nav-icon.png[2014/03/22 17:30:10 | 000,010,434 | ---- | C] () -- C:\Users\Alan\Desktop\777coin.png[2014/03/21 01:52:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2014/03/21 01:52:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2014/03/21 01:52:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2014/03/21 01:52:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2014/03/21 01:52:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2014/03/21 01:51:10 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini[2014/03/15 20:07:56 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk[2014/03/15 20:07:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/03/14 17:38:44 | 000,002,499 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk[2013/12/20 23:23:07 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll[2013/10/01 13:03:01 | 000,000,028 | ---- | C] () -- C:\Users\Alan\.gitconfig[2013/05/23 22:28:21 | 000,001,456 | ---- | C] () -- C:\Users\Alan\AppData\Local\Adobe Save for Web 13.0 Prefs[2013/04/25 23:32:54 | 000,748,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/04/25 23:32:32 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI[2013/02/24 17:37:10 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd[2012/09/02 10:59:14 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll[2012/09/02 10:59:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll[2012/09/02 10:59:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll[2012/07/15 12:18:24 | 000,023,552 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/06/08 22:25:27 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Local\PUTTY.RND[2011/05/13 13:08:58 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat[2011/03/29 09:38:49 | 000,013,078 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat[2011/03/28 12:38:47 | 000,015,812 | ---- | C] () -- C:\Users\Alan\danube.zip[2011/03/28 12:37:46 | 000,023,841 | ---- | C] () -- C:\Users\Alan\bedizen.zip[2011/03/26 17:58:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2006/11/02 15:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 17:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 07:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 02:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2014/03/15 21:45:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Audacity[2013/10/01 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG[2011/03/26 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG10[2013/12/20 22:13:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2014/02/05 22:05:33 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.elance.tracker[2013/12/03 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Dropbox[2014/03/28 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FileZilla[2013/10/01 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GitHub[2013/10/01 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GoodSync[2011/04/08 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Inspyder Sitemap Creator[2013/04/25 23:37:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\MySQL[2013/10/01 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Nico Mak Computing[2013/04/26 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Notepad++[2012/06/01 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\OpenOffice.org[2013/03/25 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Opera[2013/05/23 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2012/07/21 11:10:40 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Subversion[2012/09/06 07:02:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Tatara Systems[2012/06/01 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template[2013/04/28 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TuneUp Software[2012/07/22 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\UBot Studio[2014/02/18 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WinFF[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D5AD7675 < End of report >

Ok here's the log. But even though it says its removed them, the minute i start up chrome again it goes straight back to conduit search and the extension is still installed. All processes killed========== OTL ==========Prefs.js: S", "" removed from browser.search.defaultenginename,SPrefs.js: "" removed from browser.search.order.1Prefs.js: S", "" removed from browser.search.order.1,SPrefs.js: S", "" removed from browser.search.selectedEngine,SC:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\extensions\tafo@oescgz.org\content folder moved successfully.C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\extensions\tafo@oescgz.org folder moved successfully.C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggdnalmmmoogbjpihpbafcjfmoppdkk\2.4_0 folder moved successfully.C:\Users\Alan\AppData\Roaming\uTorrent folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Alan\Desktop\cmd.bat deleted successfully.C:\Users\Alan\Desktop\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: Alan->Temp folder emptied: 3693885 bytes->Temporary Internet Files folder emptied: 87387167 bytes->Java cache emptied: 7098229 bytes->FireFox cache emptied: 58714732 bytes->Google Chrome cache emptied: 463384655 bytes->Apple Safari cache emptied: 38018048 bytes->Opera cache emptied: 12761350 bytes->Flash cache emptied: 3045 bytes User: All Users User: AppData User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 1446602748 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59585 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782730 bytesRecycleBin emptied: 69681296 bytes Total Files Cleaned = 2,120.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03282014_164854 Files\Folders moved on Reboot...File\Folder C:\Windows\temp\ib62 not found!File\Folder C:\Windows\temp\ib63 not found!File\Folder C:\Windows\temp\ib64 not found!File\Folder C:\Windows\temp\ib65 not found!File\Folder C:\Windows\temp\ib66 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...

Here is the Extras.Txt OTL Extras logfile created on: 28/03/2014 16:07:42 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.87 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.28% Memory free7.95 Gb Paging File | 5.62 Gb Available in Paging File | 70.63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 451.62 Gb Total Space | 247.92 Gb Free Space | 54.90% Space Free | Partition Type: NTFSDrive D: | 14.14 Gb Total Space | 1.92 Gb Free Space | 13.55% Space Free | Partition Type: NTFS Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-465606687-3642172284-1488456202-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"UacDisableNotify" = 0"InternetSettingsDisableNotify" = 0"AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]"VistaSp2" = 05 E8 16 0A 64 11 CC 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0B14EC29-05CE-4055-996C-2704A19B5434}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0FA94DFF-9D8F-4A85-86EE-C9A128D8837F}" = lport=445 | protocol=6 | dir=in | app=system | "{299230F4-9AD1-480C-84C9-756E9EFBB42E}" = rport=138 | protocol=17 | dir=out | app=system | "{3D18C346-3705-427F-8978-0365603FC6F7}" = lport=3306 | protocol=6 | dir=in | name=port 3306 | "{3D20804A-0C3C-4825-839A-5E15F4A31254}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3E935899-21FF-457C-ACD6-2EAD888E2257}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6E7B3BC4-F55F-4B41-84DD-8BF9350208E5}" = lport=139 | protocol=6 | dir=in | app=system | "{7D9D76F2-E432-486B-B98D-6FA923D9C6B4}" = rport=139 | protocol=6 | dir=out | app=system | "{8502597B-2792-463D-B9C7-5F2A8DA386F1}" = lport=137 | protocol=17 | dir=in | app=system | "{8A6DF4D9-3672-410C-8E39-8F4D74E7D1A1}" = rport=137 | protocol=17 | dir=out | app=system | "{960284B3-F3DD-4FB2-95CB-74B08DB2772E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9865A2BE-262B-44C9-AC25-D938E2D81C4B}" = lport=138 | protocol=17 | dir=in | app=system | "{9A208D2F-9734-4576-A36A-8E7D759BC271}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A9BBB353-CEE6-4E28-9644-4E495BA7A8C6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ADA914F3-7A93-410E-8B3F-6EB94A0E70E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B1DE4EAE-A611-4245-9DCA-A35536A0B2F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C28D95FF-F6EA-4D0E-981B-346E7B54745D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA75102F-8D05-415B-8E7B-F91945E285B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{CE05F875-FA40-4D4C-8D11-3B4D07E8D9C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FB7AFD5A-0F1F-4F2B-B493-7AB53EECD980}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0612832C-7687-4178-A9F7-6B0B011B53B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{0AC8AEBA-7BA6-4B0B-8EEA-3511EE801D92}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{0E64F9D9-393A-498D-878D-172E6C37F9A9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{11806196-10C1-4657-99B0-47BFD28B0AFA}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\utorrent\utorrent.exe | "{11BF93CC-5121-47DB-A743-754EF45E47C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{1A53FE47-99DC-4221-BBF7-CC3601BB18F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1B36B17F-E53E-40BB-ADD0-734D9B4062A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{28B51B18-72A1-42E3-9A7B-5BD28E1A9FEF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2A926A0D-8AD7-4B56-848E-D617560AB89D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{30308EA9-6875-4BDE-8AF0-24E8FA3AC7E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{31BFE311-F547-4036-86E5-E3A4C7762F05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{35EC6DEB-DE08-4214-8FC5-BBF306356285}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{3B281A6A-E311-4ABF-A83E-C07AE61F3235}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{446A008A-0ACF-4AA2-B385-E26736C20423}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{4853E2EB-B626-46F2-9300-3A07DA20C475}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4BE9A37F-A924-4735-A141-565E328452D5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{5692A342-9BBB-45BD-9279-A892661D3679}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5A588F6A-8E2E-45AB-845E-317ADFEB6441}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{5D33DA63-F658-47A8-9051-6798B791AA81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{5F322D9C-8972-496E-A4CB-4361B5A4DB95}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe | "{68B0430B-EFE3-4DF4-93C4-A53C618F189D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6D8569E4-7E69-4221-A03C-FC355CCA5FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6EE11953-382D-4BF0-8FCA-7FA89D19B2B2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{70D0AF06-BA22-4DC4-B979-4CE7E7A6D892}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{7259F815-5E4B-4ACF-A593-434151EDC481}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{733F5C1B-2A40-4A25-B91F-41345E2AE38D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{747ABCF4-1887-41FE-821C-3E8920B32DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{79B63810-7AEC-4897-8C31-52BABF4CEB6F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{7B9E43A0-36FE-44BC-B4F4-0C085915FFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{880BD4C6-D952-4F1D-88DE-00C4297C6F54}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{93CADEEE-9203-42D9-B48C-70754201A8A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9FF75489-9C8C-4560-8FD9-32F130A3590A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{A1115A83-3F58-4BB5-B835-46781B677C97}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A92BA0A8-1CB1-4B87-BFB7-DC2C8B12BAAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B51F4220-FC99-44E8-B2A2-CA11B872D1C3}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\temp\~osa093.tmp\rlvknlg.exe | "{BA9E8C22-E43A-4DED-A5A0-7237D2C2E3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BBE2EF81-815F-4832-A0C1-BA9D1CCF9D10}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{BC38FFF4-C1D2-4FF9-A3A7-B67DFEDF52EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BF2B3A7A-9744-4C8F-A46F-C09259BDCB2E}" = protocol=17 | dir=in | app=c:\program files (x86)\backlinkbeast\backlinkbeast.exe | "{C9BFC780-1762-4F31-A316-1F24701A84D6}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\utorrent\utorrent.exe | "{CA565F3D-B961-4333-8A98-0C18109F6052}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{CD4A3B97-88B2-4F6F-A3DB-381705DE0B44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DDD8B34A-6987-4B22-AEE4-D215CD1370F4}" = protocol=6 | dir=in | app=c:\program files (x86)\backlinkbeast\backlinkbeast.exe | "{E7C2B351-2D90-412A-89BC-D52BF91AC0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{F908FEA0-7C05-4D78-A4FB-114D871F9FD6}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe | "{FB96A5B1-33C3-4635-BADB-DD03E60989A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "TCP Query User{18F9DCE1-D2DD-47D1-AE0A-BC0BBA69557E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{6CB19EBF-9ADC-47AA-842B-FA026394B2D2}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "TCP Query User{CB14B550-951D-4C75-BFD5-1707B0554192}C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe | "UDP Query User{27625680-604E-43B2-A475-C4B165543997}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{33E7F37C-7127-493D-98E2-A290A559C0CF}C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe | "UDP Query User{A9DF4872-4C7F-4FF5-AE48-FF291A58BFEF}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148"HP Photosmart Essential" = HP Photosmart Essential 3.0"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"NVIDIA Drivers" = NVIDIA Drivers"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator"WinRAR archiver" = WinRAR 5.01 (64-bit)"ZTE USB Driver" = ZTE USB Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check"{362755FC-209C-4B69-93C3-BE8101A29F8B}" = MySQL Server 5.0"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5"{DDFB9315-8964-B381-2167-0C0FE726CD99}" = Tracker"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2"Adobe Shockwave Player" = Adobe Shockwave Player 12.0"Audacity_is1" = Audacity 2.0.5"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager"com.elance.tracker" = Tracker"ENTERPRISE" = Microsoft Office Enterprise 2007"FileZilla Client" = FileZilla Client 3.7.0.2"Google Chrome" = Google Chrome"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Notepad++" = Notepad++"Opera 12.14.1738" = Opera 12.14"PC-Doctor for Windows" = Hardware Diagnostic Tools"Revo Uninstaller" = Revo Uninstaller 1.95"winscp3_is1" = WinSCP 5.1.4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-465606687-3642172284-1488456202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 25/03/2014 13:45:24 | Computer Name = Alan-PC | Source = WinMgmt | ID = 10Description = [ System Events ]Error - 25/03/2014 13:45:25 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000Description = Error - 25/03/2014 13:45:25 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000Description = Error - 25/03/2014 13:45:25 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7026Description = < End of report >

Ok here is the OTL.txt OTL logfile created on: 28/03/2014 16:07:42 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.87 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.28% Memory free7.95 Gb Paging File | 5.62 Gb Available in Paging File | 70.63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 451.62 Gb Total Space | 247.92 Gb Free Space | 54.90% Space Free | Partition Type: NTFSDrive D: | 14.14 Gb Total Space | 1.92 Gb Free Space | 13.55% Space Free | Partition Type: NTFS Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2007/04/18 15:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exePRC - [2006/05/26 03:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ========== Modules (No Company Name) ========== MOD - [2014/02/13 04:04:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dllMOD - [2014/02/13 04:03:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3ab5ab0fbb86c36425e6902e54a547b\System.Runtime.Remoting.ni.dllMOD - [2014/02/13 04:03:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\24c666e940e61baf4d33315346a03ab6\System.Transactions.ni.dllMOD - [2014/02/13 04:03:01 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.ni.dllMOD - [2014/02/13 04:03:01 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.Wrapper.dllMOD - [2014/02/13 04:02:53 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dllMOD - [2014/02/13 03:49:56 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dllMOD - [2014/02/13 03:49:40 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dllMOD - [2014/02/13 03:49:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dllMOD - [2014/02/13 03:49:17 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\6252b82373099322bef5f577bab408b6\System.Data.ni.dllMOD - [2014/02/13 03:49:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dllMOD - [2014/02/13 03:49:05 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dllMOD - [2014/02/13 03:48:46 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dllMOD - [2014/02/13 03:48:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dllMOD - [2014/02/13 03:48:28 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dllMOD - [2014/02/13 03:48:21 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dllMOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2009/04/11 06:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\SysWOW64\msjetoledb40.dllMOD - [2009/04/11 02:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dllMOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllMOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllMOD - [2008/07/03 11:45:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dllMOD - [2008/07/03 11:42:56 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dllMOD - [2008/07/03 11:42:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dllMOD - [2008/07/03 11:42:48 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dllMOD - [2008/07/03 11:42:46 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dllMOD - [2008/07/03 11:42:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dllMOD - [2008/07/03 11:42:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dllMOD - [2008/07/03 11:42:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/10/21 09:36:16 | 000,121,856 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com)O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)O4 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not foundO4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files (x86)\Tracker\Tracker.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)O15 - HKU\S-1-5-21-465606687-3642172284-1488456202-1000\..Trusted Ranges: Range1 ([http] in Local intranet)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DD8DB8-06EA-4D40-A3CC-B974B24382EB}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpgO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpgO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/03/28 16:06:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe[2014/03/28 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\test[2014/03/28 13:52:14 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Futura Font[2014/03/27 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Stripe-Larry-Ullman[2014/03/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\WP Page Speed[2014/03/26 17:54:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\futura[2014/03/26 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wppagespeed[2014/03/26 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Alannah Optimized[2014/03/25 17:04:26 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe[2014/03/25 17:00:52 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\171281[2014/03/25 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\wp-whos-online[2014/03/25 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-likes[2014/03/25 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\p2-by-email[2014/03/24 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\PSDs[2014/03/24 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Tax Zone Plus[2014/03/23 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Sumil[2014/03/23 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Epray V2[2014/03/21 03:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2014/03/21 02:51:51 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2014/03/21 01:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2014/03/21 01:52:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2014/03/21 01:52:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2014/03/21 01:52:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2014/03/21 01:52:19 | 000,000,000 | --SD | C] -- C:\ComboFix[2014/03/21 01:51:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW[2014/03/21 01:49:11 | 000,000,000 | ---D | C] -- C:\Qoobox[2014/03/21 01:48:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2014/03/21 01:32:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2014/03/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\VIRUS REMOVAL[2014/03/21 01:18:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group[2014/03/21 00:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller[2014/03/18 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Najlepsze Lokaty[2014/03/17 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Free Bitcoins Online[2014/03/15 22:10:19 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Master Resale[2014/03/15 20:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2014/03/14 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype[2014/03/14 17:38:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype[2014/03/13 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2014/03/13 20:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2014/03/06 12:51:58 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\Undercover Tipster[2014/03/05 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Skype[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/03/28 16:05:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe[2014/03/28 15:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/03/28 15:44:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2014/03/28 15:44:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2014/03/28 15:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/03/28 14:55:18 | 000,003,933 | ---- | M] () -- C:\Users\Alan\Desktop\terms-in-comments.php[2014/03/28 14:01:34 | 000,365,691 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png[2014/03/28 13:52:37 | 000,216,089 | ---- | M] () -- C:\Users\Alan\Desktop\Futura Font.zip[2014/03/28 13:15:35 | 000,533,740 | ---- | M] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png[2014/03/28 07:46:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/03/27 23:29:56 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\PUTTY.RND[2014/03/27 23:29:08 | 000,002,804 | ---- | M] () -- C:\Users\Alan\Desktop\bg.jpg[2014/03/27 23:23:44 | 000,025,539 | ---- | M] () -- C:\Users\Alan\Desktop\bg.png[2014/03/27 21:18:45 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-checkout.php[2014/03/27 19:58:58 | 000,007,276 | ---- | M] () -- C:\Users\Alan\Desktop\images.jpg[2014/03/27 18:51:14 | 000,000,416 | ---- | M] () -- C:\Users\Alan\Desktop\close.png[2014/03/27 18:51:08 | 000,000,715 | ---- | M] () -- C:\Users\Alan\Desktop\open.png[2014/03/27 17:08:02 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\sidebar.php[2014/03/27 16:21:29 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-speed-service.php[2014/03/27 16:21:18 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-faq.php[2014/03/27 16:21:10 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php[2014/03/27 16:20:54 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-contact.php[2014/03/26 21:29:57 | 000,023,552 | ---- | M] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2014/03/26 21:29:54 | 001,713,132 | ---- | M] () -- C:\Users\Alan\Desktop\salesvideo.wmv[2014/03/26 21:10:11 | 000,012,208 | ---- | M] () -- C:\Users\Alan\Desktop\google-page-speed.png[2014/03/26 21:08:46 | 000,232,310 | ---- | M] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png[2014/03/26 21:07:22 | 000,004,881 | ---- | M] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png[2014/03/26 21:03:10 | 000,005,210 | ---- | M] () -- C:\Users\Alan\Desktop\gtmetrix.png[2014/03/26 19:44:25 | 000,008,033 | ---- | M] () -- C:\Users\Alan\Desktop\progress.gif[2014/03/26 18:12:25 | 004,535,820 | ---- | M] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf[2014/03/26 15:35:03 | 000,000,260 | ---- | M] () -- C:\Users\Alan\Desktop\.htaccess[2014/03/26 15:08:33 | 000,010,609 | ---- | M] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg[2014/03/26 15:08:24 | 000,013,706 | ---- | M] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg[2014/03/26 15:08:14 | 000,009,617 | ---- | M] () -- C:\Users\Alan\Desktop\photo26.jpg[2014/03/26 15:08:05 | 000,015,124 | ---- | M] () -- C:\Users\Alan\Desktop\keyboard.jpg[2014/03/26 15:07:55 | 000,011,675 | ---- | M] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png[2014/03/26 15:05:18 | 000,325,635 | ---- | M] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg[2014/03/26 14:15:14 | 000,021,787 | ---- | M] () -- C:\Users\Alan\Desktop\screen.jpg[2014/03/26 12:36:12 | 000,061,571 | ---- | M] () -- C:\Users\Alan\Desktop\RobInvoice.jpg[2014/03/26 12:19:18 | 000,546,475 | ---- | M] () -- C:\Users\Alan\Desktop\hometopbg.jpg[2014/03/26 12:15:30 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-prayer-wall.php[2014/03/25 17:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/03/25 17:04:23 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe[2014/03/25 17:01:22 | 001,179,320 | ---- | M] () -- C:\Users\Alan\Desktop\171281.zip[2014/03/25 17:01:01 | 001,157,816 | ---- | M] () -- C:\Users\Alan\Desktop\171281.rar[2014/03/25 16:25:37 | 000,053,594 | ---- | M] () -- C:\Users\Alan\Desktop\six.jpg[2014/03/25 15:17:42 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\squeeze-page-3.php[2014/03/25 11:45:18 | 000,136,974 | ---- | M] () -- C:\Users\Alan\Desktop\style.css[2014/03/25 11:39:37 | 000,019,846 | ---- | M] () -- C:\Users\Alan\Desktop\footerbg.png[2014/03/25 11:22:27 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\page-home.php[2014/03/25 11:20:34 | 000,000,000 | ---- | M] () -- C:\Users\Alan\Desktop\new.css[2014/03/25 10:45:19 | 000,003,680 | ---- | M] () -- C:\Users\Alan\Desktop\page-members.php[2014/03/25 00:50:01 | 000,011,691 | ---- | M] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg[2014/03/24 15:19:22 | 000,003,895 | ---- | M] () -- C:\Users\Alan\Desktop\small-nav-icon.png[2014/03/22 17:30:10 | 000,010,434 | ---- | M] () -- C:\Users\Alan\Desktop\777coin.png[2014/03/21 02:51:51 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2014/03/21 01:51:15 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini[2014/03/21 01:29:24 | 005,290,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2014/03/15 20:07:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/03/14 17:38:44 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk[2014/03/14 03:32:06 | 000,000,766 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk[2014/03/03 18:45:31 | 000,000,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd[2014/02/27 03:02:23 | 000,748,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2014/02/27 03:02:23 | 000,637,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2014/02/27 03:02:23 | 000,120,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2014/02/27 03:02:15 | 000,748,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/03/28 14:55:18 | 000,003,933 | ---- | C] () -- C:\Users\Alan\Desktop\terms-in-comments.php[2014/03/28 14:00:51 | 000,365,691 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.49.56 AM.png[2014/03/28 13:52:37 | 000,216,089 | ---- | C] () -- C:\Users\Alan\Desktop\Futura Font.zip[2014/03/28 13:15:15 | 000,533,740 | ---- | C] () -- C:\Users\Alan\Desktop\Screen Shot 2014-03-28 at 9.14.22 AM.png[2014/03/27 23:29:08 | 000,002,804 | ---- | C] () -- C:\Users\Alan\Desktop\bg.jpg[2014/03/27 23:23:44 | 000,025,539 | ---- | C] () -- C:\Users\Alan\Desktop\bg.png[2014/03/27 21:18:45 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-checkout.php[2014/03/27 19:58:58 | 000,007,276 | ---- | C] () -- C:\Users\Alan\Desktop\images.jpg[2014/03/27 19:07:15 | 001,431,354 | ---- | C] () -- C:\Users\Alan\Desktop\EmailNinja.pdf[2014/03/27 18:51:14 | 000,000,416 | ---- | C] () -- C:\Users\Alan\Desktop\close.png[2014/03/27 18:51:06 | 000,000,715 | ---- | C] () -- C:\Users\Alan\Desktop\open.png[2014/03/27 17:08:02 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\sidebar.php[2014/03/27 16:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-speed-service.php[2014/03/27 16:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-faq.php[2014/03/27 16:21:10 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-custom-enquiry.php[2014/03/27 16:20:54 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-contact.php[2014/03/26 21:28:59 | 001,713,132 | ---- | C] () -- C:\Users\Alan\Desktop\salesvideo.wmv[2014/03/26 21:10:11 | 000,012,208 | ---- | C] () -- C:\Users\Alan\Desktop\google-page-speed.png[2014/03/26 21:08:46 | 000,232,310 | ---- | C] () -- C:\Users\Alan\Desktop\new-google-logo-knockoff.png[2014/03/26 21:07:22 | 000,004,881 | ---- | C] () -- C:\Users\Alan\Desktop\google-pagespeed-logo.png[2014/03/26 21:03:10 | 000,005,210 | ---- | C] () -- C:\Users\Alan\Desktop\gtmetrix.png[2014/03/26 19:44:24 | 000,008,033 | ---- | C] () -- C:\Users\Alan\Desktop\progress.gif[2014/03/26 18:11:56 | 004,535,820 | ---- | C] () -- C:\Users\Alan\Desktop\TAXZONE PLUS Features Walk Through.pdf[2014/03/26 15:08:26 | 000,010,609 | ---- | C] () -- C:\Users\Alan\Desktop\scope_square-940x940.jpg[2014/03/26 15:08:16 | 000,013,706 | ---- | C] () -- C:\Users\Alan\Desktop\2013-10-31-12.40.23-940x702.jpg[2014/03/26 15:08:07 | 000,009,617 | ---- | C] () -- C:\Users\Alan\Desktop\photo26.jpg[2014/03/26 15:07:58 | 000,015,124 | ---- | C] () -- C:\Users\Alan\Desktop\keyboard.jpg[2014/03/26 15:07:47 | 000,011,675 | ---- | C] () -- C:\Users\Alan\Desktop\wordpress-logo-square.png[2014/03/26 15:05:18 | 000,325,635 | ---- | C] () -- C:\Users\Alan\Desktop\2012-04-05-11.46.04.jpg[2014/03/26 14:15:14 | 000,021,787 | ---- | C] () -- C:\Users\Alan\Desktop\screen.jpg[2014/03/26 12:36:12 | 000,061,571 | ---- | C] () -- C:\Users\Alan\Desktop\RobInvoice.jpg[2014/03/26 12:19:18 | 000,546,475 | ---- | C] () -- C:\Users\Alan\Desktop\hometopbg.jpg[2014/03/26 12:15:30 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-prayer-wall.php[2014/03/25 17:01:22 | 001,179,320 | ---- | C] () -- C:\Users\Alan\Desktop\171281.zip[2014/03/25 17:01:00 | 001,157,816 | ---- | C] () -- C:\Users\Alan\Desktop\171281.rar[2014/03/25 16:25:35 | 000,053,594 | ---- | C] () -- C:\Users\Alan\Desktop\six.jpg[2014/03/25 15:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\squeeze-page-3.php[2014/03/25 12:02:15 | 000,000,260 | ---- | C] () -- C:\Users\Alan\Desktop\.htaccess[2014/03/25 11:44:53 | 000,136,974 | ---- | C] () -- C:\Users\Alan\Desktop\style.css[2014/03/25 11:39:36 | 000,019,846 | ---- | C] () -- C:\Users\Alan\Desktop\footerbg.png[2014/03/25 11:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\page-home.php[2014/03/25 11:20:34 | 000,000,000 | ---- | C] () -- C:\Users\Alan\Desktop\new.css[2014/03/25 10:45:19 | 000,003,680 | ---- | C] () -- C:\Users\Alan\Desktop\page-members.php[2014/03/25 00:50:00 | 000,011,691 | ---- | C] () -- C:\Users\Alan\Desktop\411ce1_home_office_100.jpg[2014/03/24 15:19:21 | 000,003,895 | ---- | C] () -- C:\Users\Alan\Desktop\small-nav-icon.png[2014/03/22 17:30:10 | 000,010,434 | ---- | C] () -- C:\Users\Alan\Desktop\777coin.png[2014/03/21 01:52:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2014/03/21 01:52:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2014/03/21 01:52:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2014/03/21 01:52:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2014/03/21 01:52:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2014/03/21 01:51:10 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini[2014/03/15 20:07:56 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk[2014/03/15 20:07:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/03/14 17:38:44 | 000,002,499 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk[2013/12/20 23:23:07 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll[2013/10/01 13:03:01 | 000,000,028 | ---- | C] () -- C:\Users\Alan\.gitconfig[2013/05/23 22:28:21 | 000,001,456 | ---- | C] () -- C:\Users\Alan\AppData\Local\Adobe Save for Web 13.0 Prefs[2013/04/25 23:32:54 | 000,748,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/04/25 23:32:32 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI[2013/02/24 17:37:10 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd[2012/09/02 10:59:14 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll[2012/09/02 10:59:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll[2012/09/02 10:59:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll[2012/07/15 12:18:24 | 000,023,552 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/06/08 22:25:27 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Local\PUTTY.RND[2011/05/13 13:08:58 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat[2011/03/29 09:38:49 | 000,013,078 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat[2011/03/28 12:38:47 | 000,015,812 | ---- | C] () -- C:\Users\Alan\danube.zip[2011/03/28 12:37:46 | 000,023,841 | ---- | C] () -- C:\Users\Alan\bedizen.zip[2011/03/26 17:58:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2006/11/02 15:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 17:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 07:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 02:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2014/03/15 21:45:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Audacity[2013/10/01 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG[2011/03/26 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG10[2013/12/20 22:13:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2014/02/05 22:05:33 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.elance.tracker[2013/12/03 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Dropbox[2014/03/28 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FileZilla[2013/10/01 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GitHub[2013/10/01 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\GoodSync[2011/04/08 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Inspyder Sitemap Creator[2013/04/25 23:37:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\MySQL[2013/10/01 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Nico Mak Computing[2013/04/26 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Notepad++[2012/06/01 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\OpenOffice.org[2013/03/25 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Opera[2013/05/23 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2012/07/21 11:10:40 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Subversion[2012/09/06 07:02:10 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Tatara Systems[2012/06/01 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template[2013/04/28 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TuneUp Software[2012/07/22 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\UBot Studio[2014/01/22 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\uTorrent[2014/02/18 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WinFF[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/02/14 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D5AD7675 < End of report >

No it's still present

Hi, thanks for your help, here are the logs: Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.3 (03.23.2014:1)OS: Windows Vista Home Premium x64Ran by Alan on 25/03/2014 at 17:05:24.54~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\5lqwfxjt.default\prefs.js user_pref("extensions.yUB.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"su ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 25/03/2014 at 17:16:01.09End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADW Cleaner # AdwCleaner v3.022 - Report created 25/03/2014 at 17:42:15# Updated 13/03/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Alan - ALAN-PC# Running from : C:\Users\Alan\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16540 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\prefs.js ] Line Deleted : user_pref("extensions.yUB.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf[...] -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [18089 octets] - [21/03/2014 01:18:45]AdwCleaner[R1].txt - [1025 octets] - [21/03/2014 02:26:58]AdwCleaner[R2].txt - [1371 octets] - [25/03/2014 17:19:27]AdwCleaner[s0].txt - [14280 octets] - [21/03/2014 01:23:55]AdwCleaner[s1].txt - [1087 octets] - [21/03/2014 02:34:09]AdwCleaner[s2].txt - [1294 octets] - [25/03/2014 17:42:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1354 octets] ##########

Hi Maniac, Here's the log, it said nothing was found. Although it is definitely there. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.25.04 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Alan :: ALAN-PC [administrator] Protection: Enabled 25/03/2014 15:23:29mbam-log-2014-03-25 (15-23-29).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 225516Time elapsed: 12 minute(s), 6 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

Hi Borislav, Thanks for your reply. Below is the contents of the two files: ATTACH.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 25/03/2011 12:58:04System Uptime: 21/03/2014 11:13:41 (56 hours ago).Motherboard: OEM_MB | | AcaciaProcessor: AMD Phenom 8250e Triple-Core Processor | Socket AM2 | 1900/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 452 GiB total, 248.951 GiB free.D: is FIXED (NTFS) - 14 GiB total, 1.916 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP788: 11/03/2014 01:39:27 - Scheduled CheckpointRP789: 12/03/2014 01:10:44 - Scheduled CheckpointRP790: 13/03/2014 00:37:37 - Scheduled CheckpointRP791: 13/03/2014 20:52:39 - Installed Java 7 Update 51RP792: 14/03/2014 03:00:31 - Windows UpdateRP793: 14/03/2014 16:18:46 - Removed Skype™ 6.14RP794: 14/03/2014 16:25:56 - Removed Skype Click to CallRP795: 14/03/2014 16:26:43 - Removed Skype Click to CallRP796: 14/03/2014 16:28:51 - Removed Visual Studio 2008 x64 RedistributablesRP797: 14/03/2014 16:29:08 - Removed Visual Studio 2008 x64 RedistributablesRP798: 14/03/2014 16:30:21 - Removed BonjourRP799: 14/03/2014 16:31:05 - Removed Camtasia Studio 6RP800: 15/03/2014 17:53:50 - Scheduled CheckpointRP801: 17/03/2014 01:05:42 - Scheduled CheckpointRP802: 18/03/2014 00:51:48 - Scheduled CheckpointRP803: 18/03/2014 05:44:33 - Windows UpdateRP804: 19/03/2014 00:00:06 - Scheduled CheckpointRP805: 19/03/2014 03:00:12 - Windows UpdateRP806: 20/03/2014 04:03:47 - Scheduled CheckpointRP807: 21/03/2014 00:33:38 - Revo Uninstaller's restore point - Network AccelerationRP808: 21/03/2014 00:38:27 - Revo Uninstaller's restore point - Adobe AIRRP809: 21/03/2014 00:40:09 - Revo Uninstaller's restore point - ConTEXT v0.98.6RP810: 21/03/2014 00:45:03 - Revo Uninstaller's restore point - firstobject XML Editor version 2.4.2RP811: 21/03/2014 00:46:11 - Revo Uninstaller's restore point - MainConcept MPEG2 Software Encoder_x64RP812: 21/03/2014 00:47:00 - Removed MainConcept MPEG2 Software Encoder_x64RP813: 21/03/2014 00:47:56 - Revo Uninstaller's restore point - DVD Play BDRP814: 21/03/2014 01:01:40 - Revo Uninstaller's restore point - muvee autoProducer 6.1RP815: 21/03/2014 01:03:17 - Removed muvee autoProducer 6.1RP816: 21/03/2014 02:17:45 - Revo Uninstaller's restore point - Adobe Reader X (10.1.9)RP817: 21/03/2014 02:22:23 - Revo Uninstaller's restore point - Java 7 Update 51RP818: 21/03/2014 02:22:35 - Removed Java 7 Update 51RP819: 21/03/2014 17:00:18 - Scheduled Checkpoint.==== Installed Programs ======================.Adobe Bridge 1.0Adobe Common File InstallerAdobe Download AssistantAdobe Flash Player 12 PluginAdobe Flash Player ActiveXAdobe Help Center 1.0Adobe Help ManagerAdobe Photoshop CS2Adobe Shockwave Player 12.0Adobe Stock Photos 1.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 2.0.5Cards_Calendar_OrderGift_DoMorePlugoutCompatibility Pack for the 2007 Office systemCyberLink DVD Suite DeluxeEnhanced Multimedia Keyboard SolutionFileZilla Client 3.7.0.2Google ChromeGoogle Update HelperHardware Diagnostic ToolsHewlett-Packard Active Check for Health CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer FeedbackHP DemoHP Easy Setup - FrontendHP On-Screen Cap/Num/Scroll Lock IndicatorHP Photosmart Essential 2.5HP Photosmart Essential 3.0HP Picasso Media Center Add-InHP Recovery Manager RSSHP Total Care AdvisorHP UpdateHPPhotoSmartPhotobookWebPack1HTML5 Video PlayeriTunesJava 7 Update 21 (64-bit)LabelPrintLightScribe System Software 1.14.17.1Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4.5.1Microsoft CorporationMicrosoft LifeCamMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft WorksMicrosoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MySQL Server 5.0Notepad++NVIDIA DriversOpera 12.14Power2GoPowerDirectorPSSWCOREPython 2.5.2QuickTimeRealtek High Definition Audio DriverRevo Uninstaller 1.95SafariSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Skype™ 6.14swMSMTrackerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VideoToolkit01WinRAR 5.01 (64-bit)WinSCP 5.1.4ZTE USB Driver.==== Event Viewer Messages From Past Week ========.21/03/2014 11:15:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt21/03/2014 11:15:45, Error: Service Control Manager [7000] - The MySQL56 service failed to start due to the following error: The system cannot find the path specified.21/03/2014 11:15:45, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.21/03/2014 10:57:15, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.169.394.0).21/03/2014 02:19:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.21/03/2014 02:19:46, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.21/03/2014 02:19:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}21/03/2014 02:05:37, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.21/03/2014 01:57:39, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).21/03/2014 01:48:45, Error: Service Control Manager [7034] - The Easybits Shared Services for Windows service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16540Run by Alan at 19:43:08 on 2014-03-23Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3966.1345 [GMT 0:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\rundll32.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\SysWOW64\svchost.exe -k netsvcsc:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\lxdwcoms.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Microsoft LifeCam\MSCamS64.exeC:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\PrintCtrl.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\PrintDisp.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\WUDFHost.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\ehome\ehmsas.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\hp\kbd\kbd.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exeC:\Users\Alan\AppData\Local\Temp\Adobelm_Cleanup.0001C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeC:\Users\Alan\AppData\Local\Temp\Adobelm_Cleanup.0001C:\Windows\splwow64.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXEC:\Program Files (x86)\FileZilla FTP Client\filezilla.exeC:\Windows\System32\mobsync.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = localhost:8080uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUNuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [KBD] C:\HP\KBD\KbdStub.EXEmRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exemRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctMTcxMjQyMzM4Ni1MSUMrMTEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVNUMTBGQVBQKzEtRERUKzAtRjEwTTEyUisxLVZJUDEyKzEtRjEwTTEyUjIrMS1DSUQxMCsxLUNJRCsxMA"&"prod=90"&"ver=10.0.1432dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeStartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tracker.lnk - C:\Program Files (x86)\Tracker\Tracker.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.254TCP: Interfaces\{20DD8DB8-06EA-4D40-A3CC-B974B24382EB} : DHCPNameServer = 192.168.1.254Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInitx64-Run: [PrintDisp] C:\Windows\System32\PrintDisp.exex64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\5lqwfxjt.default\FF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dllFF - plugin: C:\Users\Alan\AppData\Local\Citrix\Plugins\104\npappdetector.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll.============= SERVICES / DRIVERS ===============.R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-21 27648]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-6-20 72216]R2 lxdw_device;lxdw_device;C:\Windows\System32\lxdwcoms.exe -service --> C:\Windows\System32\lxdwcoms.exe -service [?]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-18 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-18 701512]R2 Printer Control;Printer Control;C:\Windows\System32\PrintCtrl.exe [2013-12-20 121856]R3 3xHybr64;ASUSTek SAA713x PCI Card;C:\Windows\System32\drivers\3xHybr64.sys [2007-1-26 3110656]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-25 25928]R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-9-5 11776]S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-21 19968]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-3-29 89920].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* [userChoice]FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2014-03-21 02:51:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-03-19 03:01:02 90015360 ----a-w- C:\Windows\System32\mrt.exe2014-03-12 04:34:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 04:34:52 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-02-23 07:12:29 17847808 ----a-w- C:\Windows\System32\mshtml.dll2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll2014-02-23 06:52:45 10926592 ----a-w- C:\Windows\System32\ieframe.dll2014-02-23 06:48:43 1347072 ----a-w- C:\Windows\System32\urlmon.dll2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2014-02-23 06:46:20 237056 ----a-w- C:\Windows\System32\url.dll2014-02-23 06:46:08 86016 ----a-w- C:\Windows\System32\jsproxy.dll2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2014-02-23 06:45:32 816640 ----a-w- C:\Windows\System32\jscript.dll2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll2014-02-23 06:44:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll2014-02-23 06:44:57 2147840 ----a-w- C:\Windows\System32\iertutil.dll2014-02-23 06:44:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll2014-02-23 06:44:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-23 06:43:22 248320 ----a-w- C:\Windows\System32\ieui.dll2014-02-23 05:50:22 12347904 ----a-w- C:\Windows\SysWow64\mshtml.dll2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-23 05:43:55 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll2014-02-23 05:41:03 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-02-23 05:38:15 231936 ----a-w- C:\Windows\SysWow64\url.dll2014-02-23 05:38:08 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-02-23 05:37:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2014-02-23 05:37:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2014-02-23 05:37:09 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2014-02-23 05:36:31 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-23 05:35:49 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll.============= FINISH: 19:44:08.51 ===============

Attached is the protection log from Malware Bytes. Any help would be greatly appreciated. Thanks protection-log-2014-03-15.txt

I have a bad extension added to Chrome and Firefox that is attempting to insert ads in to the browser. It is called YoTuBerAddsRemoVu No matter what I do I can't get rid of it, can someone please help?