Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default Google Chrome keeps crashing on start up! (HJT + Super + Anti-malware logs included)

    Running: MS Windows XP SP3

    Pages freeze and I have to kill them sometimes. Takes a day and a half when I first open the browser, glitching/stalling and is usually ready for surfing in no sooner than 5mins. Unsure whats causing it but know that my PC wasn't operating like this about a month ago. Thanks in advance to the voluntary techs

    HJT

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 12:50:18 PM, on 5/25/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ASRock\XFast LAN\spd.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    C:\WINDOWS\system32\KaraokeSer.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\XFastUSB\XFastUsb.exe
    C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
    C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    C:\DOCUME~1\Xtrakt\LOCALS~1\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Xtrakt\My Documents\Downloads\HijackThis.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files\XFastUSB\XFastUsb.exe"
    O4 - HKLM\..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\7.0"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Vodafone Media Manager.lnk = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~1\contin~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    --
    End of file - 11674 bytes

    Super

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/25/2013 at 10:53 AM

    Application Version : 5.6.1014

    Core Rules Database Version : 10444
    Trace Rules Database Version: 8256

    Scan type : Complete Scan
    Total Scan Time : 00:32:43

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 567
    Memory threats detected : 0
    Registry items scanned : 36087
    Registry threats detected : 0
    File items scanned : 44381
    File threats detected : 16

    Adware.Tracking Cookie
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .stats.complex.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .stats.complex.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .stats.complex.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    Search New Zealand Business Directory, Listings and Reviews on finda [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .finda.co.nz [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .finda.co.nz [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .finda.co.nz [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .vodafonenz.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    ANTI-MALWARE

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.05.24.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Xtrakt :: LWRAKL-2112 [administrator]

    Protection: Enabled

    5/25/2013 10:53:27 AM
    mbam-log-2013-05-25 (10-53-27).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 259160
    Time elapsed: 1 hour(s), 48 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi xtrakt,

    I apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    If you have since resolved the original problem you were having, we would appreciate you letting us know.

    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. This may cause a delay between posts so your patience will be appreciated, though do keep in mind that you have the advantage, as you have 2 people examining your issue.

    Please read this post completely before beginning the fix. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

    Please take note of the guidelines for this fix:
    • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
    • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
    • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
    • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
    • Continue to read and follow my instructions until I tell you that your machine is clean.
    • Scanning with programs and reading the logs do take a fair amount of time, again, your patience will be necessary.


    Let's begin our diagnostics to see what might be causing your issues

    Please download OTL to your Desktop
    • Double click on the to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Next:

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista/Windows 7 users please right click and select Run as administrator
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[xx].txt where xx denotes the number of times the application has been run


    In your next reply, please post the following logs:
    OTL.txt
    Extras.tx
    AdwCleaner[xx].txt


    Thank you,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following User Says Thank You to DonnaB For This Useful Post:


  4. #3
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi xtrakt,

    Do you still need help?

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #4
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Help is still needed DonnaB. Im thankful for the assistance offered here ten fold. Here are the logs as requested >>>

    EXTRAS

    OTL Extras logfile created on: 6/2/2013 7:32:49 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 70.26% Memory free
    5.06 Gb Paging File | 4.21 Gb Available in Paging File | 83.23% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 122.65 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 265.68 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "94:TCP" = 94:TCP:*:Enabled:VRS Recording System TCP/IP Port
    "4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
    "C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()
    "C:\Program Files\IAHGames\Counter-Strike Online\Bin\NMService.exe" = C:\Program Files\IAHGames\Counter-Strike Online\Bin\NMService.exe:*:Enabled:Nexon Messenger Core
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
    "C:\Program Files\tixati\tixati.exe" = C:\Program Files\tixati\tixati.exe:*:Enabled:Tixati -- (Tixati Software Inc.)
    "C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia -- (PacketVideo)
    "C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer -- ()
    "C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe" = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe:*:Enabled:TwonkyMediaManager -- (PacketVideo )
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
    "{152A537F-45E9-4B15-8847-2E3E5BE61859}" = Intel® Trusted Connect Service Client
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2554589E-3EF9-4669-A482-76DBFEB77A68}" = ContinueToSave
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.110
    "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
    "{7E052F74-10A7-42E7-84EB-01C172F5AB5D}" = SlimDrivers
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CA236E47-2B28-40F3-8DDB-45BE148AD986}" = TP-LINK TL-WN725N Driver
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EBED0919-4BD0-4718-BA7A-5D2B503F9BC6}_is1" = ZTE Handset USB Driver 5.2066.1.7
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ASRock App Charger_is1" = ASRock App Charger v1.0.5
    "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.169
    "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EPSON Scanner" = EPSON Scan
    "ExpressBurn" = Express Burn
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Optical Disc Doctor_is1" = Optical Disc Doctor
    "Orbit_is1" = Orbit Downloader
    "PhotoPad" = PhotoPad Image Editor
    "PokerStars" = PokerStars
    "SP_09b71135" =
    "SP_b0285714" = Search Assistant WebSearch 1.74
    "tixati" = Tixati
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VLC media player 2.0.4
    "Vodafone Media Manager" = Vodafone Media Manager
    "WavePad" = WavePad Sound Editor
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WNLT" = IB Updater Service
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XFast LAN" = XFast LAN v6.61
    "XFastUSB" = XFastUSB

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/20/2013 4:10:47 PM | Computer Name = LWRAKL-2112 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 5/20/2013 4:11:20 PM | Computer Name = LWRAKL-2112 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 5/20/2013 4:11:20 PM | Computer Name = LWRAKL-2112 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 5/20/2013 4:11:21 PM | Computer Name = LWRAKL-2112 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 5/20/2013 4:21:08 PM | Computer Name = LWRAKL-2112 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 5/21/2013 1:13:07 AM | Computer Name = LWRAKL-2112 | Source = Chrome | ID = 1
    Description =

    Error - 5/22/2013 5:38:20 AM | Computer Name = LWRAKL-2112 | Source = Chrome | ID = 1
    Description =

    Error - 5/22/2013 3:41:08 PM | Computer Name = LWRAKL-2112 | Source = Chrome | ID = 1
    Description =

    Error - 5/24/2013 5:49:35 PM | Computer Name = LWRAKL-2112 | Source = Chrome | ID = 1
    Description =

    Error - 5/25/2013 11:30:46 AM | Computer Name = LWRAKL-2112 | Source = Chrome | ID = 1
    Description =

    [ System Events ]
    Error - 5/30/2013 5:47:00 PM | Computer Name = LWRAKL-2112 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address BC5FF4448839 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 5/31/2013 5:25:17 PM | Computer Name = LWRAKL-2112 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address BC5FF4448839 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/1/2013 6:18:05 AM | Computer Name = LWRAKL-2112 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address BC5FF4448839 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/1/2013 6:18:11 AM | Computer Name = LWRAKL-2112 | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 6/1/2013 6:18:11 AM | Computer Name = LWRAKL-2112 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 6/1/2013 6:18:45 AM | Computer Name = LWRAKL-2112 | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.1.2
    with the system having network hardware address 38:48:4C:A9:2D:4E. Network operations
    on this system may be disrupted as a result.

    Error - 6/1/2013 6:18:45 AM | Computer Name = LWRAKL-2112 | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.1.2
    with the system having network hardware address 38:48:4C:A9:2D:4E. Network operations
    on this system may be disrupted as a result.

    Error - 6/1/2013 6:52:30 PM | Computer Name = LWRAKL-2112 | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 6/1/2013 6:52:30 PM | Computer Name = LWRAKL-2112 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 6/1/2013 11:05:19 PM | Computer Name = LWRAKL-2112 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address BC5FF4448839 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >

    OTL

    OTL logfile created on: 6/2/2013 7:32:49 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 70.26% Memory free
    5.06 Gb Paging File | 4.21 Gb Available in Paging File | 83.23% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 122.65 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 265.68 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/02 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\Desktop\OTL.exe
    PRC - [2013/06/02 10:53:14 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    PRC - [2013/05/25 12:53:53 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/05/03 08:26:17 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/01/27 10:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/01/09 12:03:08 | 017,951,400 | ---- | M] (Tixati Software Inc.) -- C:\Program Files\tixati\tixati.exe
    PRC - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    PRC - [2012/11/22 14:50:25 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\XFastUSB\XFastUsb.exe
    PRC - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/04/20 13:11:32 | 000,462,048 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
    PRC - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\spd.exe
    PRC - [2011/10/19 15:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    PRC - [2010/07/10 08:59:10 | 007,488,577 | ---- | M] (PacketVideo ) -- C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe
    PRC - [2010/07/10 06:44:18 | 000,466,944 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
    PRC - [2010/07/10 06:43:16 | 001,343,488 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
    PRC - [2009/07/08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
    PRC - [2009/05/04 18:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    PRC - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/06/02 10:53:29 | 000,253,952 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\11.mdd
    MOD - [2013/06/02 10:53:29 | 000,204,800 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\6.mdd
    MOD - [2013/06/02 10:53:29 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\3.mdd
    MOD - [2013/06/02 10:53:29 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\5.mdd
    MOD - [2013/06/02 10:53:29 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\10.mdd
    MOD - [2013/06/02 10:53:29 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\0.mdd
    MOD - [2013/06/02 10:53:29 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\9.mdd
    MOD - [2013/06/02 10:53:29 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\4.mdd
    MOD - [2013/06/02 10:53:29 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\2.mdd
    MOD - [2013/06/02 10:53:29 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\7.mdd
    MOD - [2013/06/02 10:53:29 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd1001c.~lk\1.mdd
    MOD - [2013/06/02 10:53:16 | 000,592,896 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0003\~de6248.tmp
    MOD - [2013/06/02 10:53:14 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0003\~df394b.tmp
    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/07/10 08:38:42 | 000,270,336 | ---- | M] () -- C:\Program Files\TwonkyMedia\MediaManager\renderer.dll
    MOD - [2010/07/10 08:38:36 | 000,577,536 | ---- | M] () -- C:\Program Files\TwonkyMedia\MediaManager\controlpoint.dll
    MOD - [2010/07/10 08:37:56 | 000,077,824 | ---- | M] () -- C:\Program Files\TwonkyMedia\MediaManager\cplisc.dll
    MOD - [2010/07/10 06:43:16 | 001,343,488 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
    MOD - [2010/07/10 06:09:28 | 000,143,360 | ---- | M] () -- C:\Program Files\TwonkyMedia\wmdrmdll.dll
    MOD - [2000/01/01 12:00:00 | 001,198,912 | ---- | M] () -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/05/15 19:47:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/11/22 14:53:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
    SRV - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/04/20 13:11:32 | 000,462,048 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
    SRV - [2010/07/10 06:44:18 | 000,466,944 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
    SRV - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/06/02 18:18:32 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
    DRV - [2013/06/02 18:17:45 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B7698D5-AF36-4B78-8693-EFF956FD543C}\MpKslab5eb366.sys -- (MpKslab5eb366)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/11/22 14:50:25 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2012/03/14 08:04:18 | 001,076,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/04 14:18:58 | 001,156,992 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
    DRV - [2011/05/10 15:28:20 | 000,015,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV - [2011/01/14 19:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/10/20 15:09:28 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/10/18 13:24:14 | 000,032,408 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
    DRV - [2010/10/18 13:12:56 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
    DRV - [2000/01/01 12:00:00 | 002,558,200 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2000/01/01 12:00:00 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
    DRV - [2000/01/01 12:00:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
    DRV - [2000/01/01 12:00:00 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2000/01/01 12:00:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/05/01&hid=3783226011&lg=EN&cc=NZ

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hola Search
    IE - HKCU\..\SearchScopes,DefaultScope = {5EC4BD7B-272F-44D4-BFFF-58057313333F}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=7C03BC5FF4448839
    IE - HKCU\..\SearchScopes\{5EC4BD7B-272F-44D4-BFFF-58057313333F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/27 23:41:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/20 20:00:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2012/12/05 15:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Extensions
    [2013/02/11 20:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions
    [2012/12/14 08:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
    [2013/05/26 22:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: Google
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
    CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: WOT = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Facebook Colour Changer = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam\1.3.1_0\
    CHR - Extension: Adblock Plus = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: IB Updater = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.110_0\
    CHR - Extension: Crimson Red Theme = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfgbckkcgepopaojnhcnkcdiafkcdjo\1_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/03/01 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
    O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
    O4 - HKCU..\Run: [ASRockXTU] File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\Xtrakt\Start Menu\Programs\Startup\Vodafone Media Manager.lnk = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe (PacketVideo )
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1353839826781 (WUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A8E5973-F52F-4907-A514-4E75D20BE945}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/22 12:49:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/02 19:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\Desktop\OTL.exe
    [2013/06/02 19:00:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xtrakt\Recent
    [2013/05/28 11:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\My Documents\Faamanu's C.V
    [2013/05/26 22:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/05/26 22:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Application Data\PerformerSoft
    [2013/05/26 22:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    [2013/05/26 19:16:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
    [2013/05/25 11:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars
    [2013/05/25 11:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
    [2013/05/25 10:34:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Xtrakt\Desktop\HijackThis.exe
    [2013/05/24 18:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2013/05/24 18:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2013/05/24 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/05/24 18:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/05/24 18:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/05/24 18:53:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/05/21 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
    [2013/05/20 20:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
    [2013/05/07 20:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/02 19:36:29 | 1238,182,247 | ---- | M] () -- C:\Documents and Settings\Xtrakt\My Documents\[ Usabit.com ] - Fast And Furious 6 2013 CAM x264-PLAYNOW.mp4
    [2013/06/02 19:31:39 | 001,099,650 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\Ice Cube - A Bird In The Hand.mp3
    [2013/06/02 19:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/02 19:14:12 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\adwcleaner.exe
    [2013/06/02 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\Desktop\OTL.exe
    [2013/06/02 18:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/06/02 18:18:32 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS
    [2013/06/02 11:18:12 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{424B9883-2761-4F0A-8374-ACE6791BA891}.job
    [2013/06/02 10:53:56 | 000,000,000 | ---- | M] () -- C:\clients.data
    [2013/06/02 10:52:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/02 10:51:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/06/01 22:18:01 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/05/31 18:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/05/27 20:31:49 | 000,011,446 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\THD IV.odt
    [2013/05/26 18:02:05 | 000,000,000 | ---- | M] () -- C:\trbyebye
    [2013/05/26 11:03:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2013/05/25 11:33:50 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2013/05/25 10:34:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Xtrakt\Desktop\HijackThis.exe
    [2013/05/25 10:19:12 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Slim Drivers.lnk
    [2013/05/25 10:17:57 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2013/05/25 10:17:54 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2013/05/19 11:06:09 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/05/16 13:14:27 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/05/16 09:05:24 | 000,433,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/05/16 09:05:24 | 000,068,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/05/15 19:47:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/05/15 19:47:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/05/08 07:19:10 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/05/07 20:51:28 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/05/07 16:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2013/05/06 14:00:46 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/05/05 07:45:43 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Start Menu\Programs\Startup\Vodafone Media Manager.lnk
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/02 19:30:42 | 001,099,650 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\Ice Cube - A Bird In The Hand.mp3
    [2013/06/02 19:14:01 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\adwcleaner.exe
    [2013/06/02 18:36:13 | 1238,182,247 | ---- | C] () -- C:\Documents and Settings\Xtrakt\My Documents\[ Usabit.com ] - Fast And Furious 6 2013 CAM x264-PLAYNOW.mp4
    [2013/05/27 19:38:51 | 000,011,446 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\THD IV.odt
    [2013/05/26 18:02:05 | 000,000,000 | ---- | C] () -- C:\trbyebye
    [2013/05/26 18:01:17 | 000,000,000 | ---- | C] () -- C:\clients.data
    [2013/05/25 11:33:50 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2013/05/25 10:17:57 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2013/05/25 10:17:54 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2013/05/07 20:53:23 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/05/05 11:03:47 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2013/05/05 07:45:43 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Start Menu\Programs\Startup\Vodafone Media Manager.lnk
    [2013/04/17 20:02:22 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
    [2013/01/30 13:37:42 | 000,111,664 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\VideoPad.dmp
    [2013/01/29 11:49:33 | 000,724,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/12/02 21:45:08 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/30 11:28:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2012/11/27 23:41:39 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
    [2012/11/26 09:09:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/11/23 01:39:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/11/23 01:38:59 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/11/22 20:07:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\$_hpcst$.hpc
    [2012/11/22 19:59:48 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2012/11/22 15:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2012/11/22 14:53:35 | 000,011,323 | R--- | C] () -- C:\WINDOWS\System32\CTSBAMB.INI
    [2012/11/22 14:52:57 | 000,014,040 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
    [2012/11/22 14:52:57 | 000,005,288 | ---- | C] () -- C:\WINDOWS\xFi_MiddleLayerKey32.ini
    [2012/11/22 14:52:36 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\AMBSPI.DLL
    [2012/11/22 14:50:34 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\user_data.ini
    [2012/11/22 14:40:52 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2012/11/22 14:39:09 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2012/11/22 14:39:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2012/11/22 14:39:08 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
    [2012/11/22 14:39:08 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
    [2012/11/22 14:39:08 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
    [2012/11/22 12:50:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/11/22 12:46:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/04/20 12:57:00 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2012/11/25 20:52:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/10 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

    ADWARE

    # AdwCleaner v2.301 - Logfile created 06/02/2013 at 19:37:34
    # Updated 16/05/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Xtrakt - LWRAKL-2112
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Xtrakt\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\WINDOWS\system32\ImhxxpComm.dll
    Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found : C:\Documents and Settings\All Users\Application Data\cOuntiynUEyteOsave
    Folder Found : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\Xtrakt\Application Data\Babylon
    Folder Found : C:\Documents and Settings\Xtrakt\Application Data\OpenCandy
    Folder Found : C:\Documents and Settings\Xtrakt\Application Data\PerformerSoft
    Folder Found : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Found : C:\Program Files\continuetosave
    Folder Found : C:\Program Files\IB Updater
    Folder Found : C:\Program Files\WebSearch
    Folder Found : C:\WINDOWS\system32\WNLT

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\5c55dedab635eb14
    Key Found : HKCU\Software\AppDataLow\SProtector
    Key Found : HKCU\Software\BabylonToolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\IB Updater
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A965254D-E778-592A-1B9A-03BCFF84AA61}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A965254D-E778-592A-1B9A-03BCFF84AA61}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\WNLT
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Found : HKLM\Software\IB Updater
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Found : HKLM\Software\SP Global
    Key Found : HKLM\Software\SProtector
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKLM\Software\WNLT
    Key Found : HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=7C03BC5FF4448839
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=NT_ss&mntrId=7C03BC5FF4448839
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.youwillfind.info/?pid=658&r=2013/05/01&hid=3783226011&lg=EN&cc=NZ

    -\\ Google Chrome v27.0.1453.94

    File : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [6479 octets] - [02/06/2013 19:37:34]

    ########## EOF - C:\AdwCleaner[R1].txt - [6539 octets] ##########

    Hopefully the nasties are located with those scans having had been done, my computer is still acting suspicious

  6. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi xtrakt,

    Those scans were just for a more detailed look to see what the problem might be. I didn't see any real nasties except for what AdwCleaner found.

    Let's remove what AdwCleaner found:

    • Double-click AdwCleaner.exe to run the tool.
    • Click Delete button as shown below.


    • Everything that was found will be deleted.
    • Save any open files and approve the reboot. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.


    Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1


    Next:

    To find out what is causing Chrome to crash, we're going to have to perform a bit of troubleshooting.

    Check for conflicting software. To do so:
    • Type about:conflicts into the address bar of Chrome.
    • Press Enter key.
      If there is any software installed that is known to cause conflicts it will be highlighted.


    If no joy:

    Next:

    Another common cause for Chrome to crash is that the user profile of the browser might be corrupt. Let's check that.

    • Close your Google Chrome browser.
    • Go to the Start menu > Run.
    • Type in the following directory as is (or copy and paste) in the text field and press OK.
      %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data
    • Rename the folder called Default in the directory window to Backup default.


    Open Google Chrome again. This will create a new Default folder automatically.

    Let me know if you have any success.

    Next:

    • Double click on the to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, OTL.Txt will open. The log will be saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post in your next reply.


    Please provide the following logs in your next reply:
    C:\AdwCleaner[XX].txt
    OTL.Txt
    Results from Chrome troubleshooting


    Thank you,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #6
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    ADWARE

    # AdwCleaner v2.301 - Logfile created 06/03/2013 at 20:06:18
    # Updated 16/05/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Xtrakt - LWRAKL-2112
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Xtrakt\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\cOuntiynUEyteOsave
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\Xtrakt\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\Xtrakt\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\Xtrakt\Application Data\PerformerSoft
    Folder Deleted : C:\Program Files\continuetosave
    Folder Deleted : C:\Program Files\IB Updater
    Folder Deleted : C:\Program Files\WebSearch
    Folder Deleted : C:\WINDOWS\system32\WNLT

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\5c55dedab635eb14
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\IB Updater
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A965254D-E778-592A-1B9A-03BCFF84AA61}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A965254D-E778-592A-1B9A-03BCFF84AA61}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\Software\WNLT
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=7C03BC5FF4448839 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=NT_ss&mntrId=7C03BC5FF4448839 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.youwillfind.info/?pid=658&r=2013/05/01&hid=3783226011&lg=EN&cc=NZ --> hxxp://www.google.com

    -\\ Google Chrome v27.0.1453.94

    File : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [6608 octets] - [02/06/2013 19:37:34]
    AdwCleaner[S1].txt - [6487 octets] - [03/06/2013 20:06:18]

    ########## EOF - C:\AdwCleaner[S1].txt - [6547 octets] ##########

    OTL

    OTL logfile created on: 6/3/2013 8:19:38 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 78.60% Memory free
    5.06 Gb Paging File | 4.28 Gb Available in Paging File | 84.53% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 121.90 Gb Free Space | 60.95% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 265.68 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive H: | 39.94 Mb Total Space | 26.08 Mb Free Space | 65.30% Space Free | Partition Type: FAT

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/03 20:10:11 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    PRC - [2013/06/02 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\Desktop\OTL.exe
    PRC - [2013/05/25 12:53:53 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/05/03 08:26:17 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/01/27 10:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    PRC - [2012/11/22 14:50:25 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\XFastUSB\XFastUsb.exe
    PRC - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/04/20 13:11:32 | 000,462,048 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
    PRC - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\spd.exe
    PRC - [2011/10/19 15:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    PRC - [2010/07/10 08:59:10 | 007,488,577 | ---- | M] (PacketVideo ) -- C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe
    PRC - [2010/07/10 06:44:18 | 000,466,944 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
    PRC - [2010/07/10 06:43:16 | 001,343,488 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
    PRC - [2009/07/08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
    PRC - [2009/05/04 18:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    PRC - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/06/03 20:10:28 | 000,253,952 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\11.mdd
    MOD - [2013/06/03 20:10:28 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\10.mdd
    MOD - [2013/06/03 20:10:28 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\9.mdd
    MOD - [2013/06/03 20:10:28 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\7.mdd
    MOD - [2013/06/03 20:10:27 | 000,204,800 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\6.mdd
    MOD - [2013/06/03 20:10:27 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\3.mdd
    MOD - [2013/06/03 20:10:27 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\5.mdd
    MOD - [2013/06/03 20:10:27 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\0.mdd
    MOD - [2013/06/03 20:10:27 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\4.mdd
    MOD - [2013/06/03 20:10:27 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\2.mdd
    MOD - [2013/06/03 20:10:27 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\wrd10780.~lk\1.mdd
    MOD - [2013/06/03 20:10:13 | 000,592,896 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0004\~de6248.tmp
    MOD - [2013/06/03 20:10:11 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0004\~df394b.tmp
    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/07/10 08:38:42 | 000,270,336 | ---- | M] () -- C:\Program Files\TwonkyMedia\MediaManager\renderer.dll
    MOD - [2010/07/10 08:38:36 | 000,577,536 | ---- | M] () -- C:\Program Files\TwonkyMedia\MediaManager\controlpoint.dll
    MOD - [2010/07/10 08:37:56 | 000,077,824 | ---- | M] () -- C:\Program Files\TwonkyMedia\MediaManager\cplisc.dll
    MOD - [2010/07/10 06:43:16 | 001,343,488 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
    MOD - [2010/07/10 06:09:28 | 000,143,360 | ---- | M] () -- C:\Program Files\TwonkyMedia\wmdrmdll.dll
    MOD - [2000/01/01 12:00:00 | 001,198,912 | ---- | M] () -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/05/15 19:47:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/11/22 14:53:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
    SRV - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/04/20 13:11:32 | 000,462,048 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
    SRV - [2010/07/10 06:44:18 | 000,466,944 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
    SRV - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/06/02 18:18:32 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/11/22 14:50:25 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2012/03/14 08:04:18 | 001,076,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/04 14:18:58 | 001,156,992 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
    DRV - [2011/05/10 15:28:20 | 000,015,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV - [2011/01/14 19:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/10/20 15:09:28 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/10/18 13:24:14 | 000,032,408 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
    DRV - [2010/10/18 13:12:56 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
    DRV - [2000/01/01 12:00:00 | 002,558,200 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2000/01/01 12:00:00 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
    DRV - [2000/01/01 12:00:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
    DRV - [2000/01/01 12:00:00 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2000/01/01 12:00:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{5EC4BD7B-272F-44D4-BFFF-58057313333F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/20 20:00:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2012/12/05 15:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Extensions
    [2013/02/11 20:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions
    [2012/12/14 08:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
    [2013/05/26 22:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
    CHR - Extension: Docs = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/03/01 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
    O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
    O4 - HKCU..\Run: [ASRockXTU] File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\Xtrakt\Start Menu\Programs\Startup\Vodafone Media Manager.lnk = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe (PacketVideo )
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1353839826781 (WUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A8E5973-F52F-4907-A514-4E75D20BE945}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/22 12:49:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/03 19:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Desktop\PX
    [2013/06/02 19:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\Desktop\OTL.exe
    [2013/06/02 19:00:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xtrakt\Recent
    [2013/05/28 11:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\My Documents\Faamanu's C.V
    [2013/05/26 22:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/05/25 11:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars
    [2013/05/25 11:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
    [2013/05/25 10:34:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Xtrakt\Desktop\HijackThis.exe
    [2013/05/24 18:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2013/05/24 18:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2013/05/24 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/05/24 18:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/05/24 18:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/05/24 18:53:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/05/21 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
    [2013/05/20 20:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
    [2013/05/07 20:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/03 20:10:55 | 000,000,000 | ---- | M] () -- C:\clients.data
    [2013/06/03 20:08:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/03 20:08:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/06/03 19:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/06/03 19:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/03 11:59:16 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{424B9883-2761-4F0A-8374-ACE6791BA891}.job
    [2013/06/03 10:29:30 | 001,141,446 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\J-Slang - Sonic Boom (Remix).mp3
    [2013/06/03 10:26:37 | 002,734,706 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\J-Slang - Dippin.mp3
    [2013/06/03 10:00:04 | 001,103,874 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\Ice Cube - A Bird In The Hand.mp3
    [2013/06/03 00:47:01 | 786,432,000 | ---- | M] () -- C:\Documents and Settings\Xtrakt\My Documents\Olympus Has Fallen.avi
    [2013/06/02 20:24:45 | 1238,182,247 | ---- | M] () -- C:\Documents and Settings\Xtrakt\My Documents\Fast & Furious 6.mp4
    [2013/06/02 19:14:12 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\adwcleaner.exe
    [2013/06/02 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\Desktop\OTL.exe
    [2013/06/02 18:18:32 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS
    [2013/06/01 22:18:01 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/05/31 18:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/05/26 18:02:05 | 000,000,000 | ---- | M] () -- C:\trbyebye
    [2013/05/26 11:03:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2013/05/25 11:33:50 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2013/05/25 10:34:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Xtrakt\Desktop\HijackThis.exe
    [2013/05/25 10:19:12 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Slim Drivers.lnk
    [2013/05/25 10:17:57 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2013/05/25 10:17:54 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2013/05/19 11:06:09 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/05/16 13:14:27 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/05/16 09:05:24 | 000,433,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/05/16 09:05:24 | 000,068,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/05/08 07:19:10 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/05/07 20:51:28 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/05/06 14:00:46 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/05/05 07:45:43 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Start Menu\Programs\Startup\Vodafone Media Manager.lnk
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/03 10:28:33 | 001,141,446 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\J-Slang - Sonic Boom (Remix).mp3
    [2013/06/03 10:22:30 | 002,734,706 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\J-Slang - Dippin.mp3
    [2013/06/02 23:22:53 | 786,432,000 | ---- | C] () -- C:\Documents and Settings\Xtrakt\My Documents\Olympus Has Fallen.avi
    [2013/06/02 19:30:42 | 001,103,874 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\Ice Cube - A Bird In The Hand.mp3
    [2013/06/02 19:14:01 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\adwcleaner.exe
    [2013/06/02 18:36:13 | 1238,182,247 | ---- | C] () -- C:\Documents and Settings\Xtrakt\My Documents\Fast & Furious 6.mp4
    [2013/05/26 18:02:05 | 000,000,000 | ---- | C] () -- C:\trbyebye
    [2013/05/26 18:01:17 | 000,000,000 | ---- | C] () -- C:\clients.data
    [2013/05/25 11:33:50 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2013/05/25 10:17:57 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2013/05/25 10:17:54 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2013/05/07 20:53:23 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/05/05 11:03:47 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2013/05/05 07:45:43 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Start Menu\Programs\Startup\Vodafone Media Manager.lnk
    [2013/04/17 20:02:22 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
    [2013/01/30 13:37:42 | 000,111,664 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\VideoPad.dmp
    [2013/01/29 11:49:33 | 000,724,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/12/02 21:45:08 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/30 11:28:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2012/11/26 09:09:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/11/23 01:39:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/11/23 01:38:59 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/11/22 20:07:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\$_hpcst$.hpc
    [2012/11/22 19:59:48 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2012/11/22 15:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2012/11/22 14:53:35 | 000,011,323 | R--- | C] () -- C:\WINDOWS\System32\CTSBAMB.INI
    [2012/11/22 14:52:57 | 000,014,040 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
    [2012/11/22 14:52:57 | 000,005,288 | ---- | C] () -- C:\WINDOWS\xFi_MiddleLayerKey32.ini
    [2012/11/22 14:52:36 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\AMBSPI.DLL
    [2012/11/22 14:50:34 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\user_data.ini
    [2012/11/22 14:40:52 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2012/11/22 14:39:09 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2012/11/22 14:39:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2012/11/22 14:39:08 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
    [2012/11/22 14:39:08 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
    [2012/11/22 14:39:08 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
    [2012/11/22 12:50:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/11/22 12:46:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/04/20 12:57:00 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2012/11/25 20:52:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/10 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/05/24 18:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/11/28 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cFos
    [2012/11/25 22:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2012/11/22 14:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
    [2012/12/02 15:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2012/12/02 15:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonSG
    [2013/05/02 08:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarApp
    [2012/11/22 15:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2012/11/23 12:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
    [2013/06/03 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\twonkymedia
    [2012/12/23 19:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2012/11/23 20:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/04/20 14:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\EPSON
    [2012/11/25 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\GrabPro
    [2012/11/27 21:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\OpenOffice.org
    [2013/02/17 12:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\Orbit
    [2012/11/25 20:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\ProgSense
    [2013/05/02 17:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\Systweak
    [2012/12/05 15:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\Thunderbird
    [2013/06/03 20:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\tixati
    [2012/11/23 13:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xtrakt\Application Data\TP-LINK

    ========== Purity Check ==========



    < End of report >

    CHROME

    NO conflicts found

    P.C's seems to be back to its normal self. Operating how it use to, unless theres any hidden agendas in the scans above I think were done here. Woohoo

  8. #7
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi xtrakt,

    Glad all is "back to normal".

    As for changing your P/W on H2G:

    In the H2G menu bar, click on Forum Actions > Edit Profile > Edit Email & Passwords

    I'll follow up with your thread after work today. Making myself late ---> as always!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi xtrakt,

    Real sorry for the delay. AdwCleaner deleted quite a few nasties from your computer. Now-a-days you have to pay close attention when you download any software. Always choose Custom Install when the option is presented to you so that you can uncheck any pre-checked toolbars, PUP's, scanners, etc. Those types of softwares can and will slow down your computer and hijack home pages and your search engines.

    When in doubt -- don't download it and don't install it until you've researched it. You are always welcome to start a thread and ask about questionable programs for advice.

    Let's clean up the tools we used and create you a clean restore point:

    • Double-click OTL to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Commands
      [ClearAllRestorePoints]
    • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
    • Then click the Run Fix button.
    • Let the program run unhindered. When finished click on OK and close the log that appears.
    • Note: I do not need to review the log produced.
    • Now close all other programs apart from OTL as this step will require a reboot.
    • On the OTL main screen, press the button.
    • Say Yes to the prompt and then allow the program to reboot your computer.


    The above process will flush old System Restore Points and create a new, clean one as well as uninstalling OTL itself.

    Please do the following to uninstall AdwCleaner.

    • Double-click AdwCleaner.exe to run the tool.
    • Click the Uninstall button as shwon below.
    • Confirm with yes

    AdwCleaner will now be uninstalled.

    Also, I have the WOT Add-on installed. It's reputation-based results are based on user ratings, though WOT also uses information from numerous trusted sources, such as phishing and malware blacklists, and hpHOSTS.

    WOT = Web of Trust

    • WOT, (Web of Trust), warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory.
    • WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
    • WOT' has an addon available for Firefox, Google Chrome, Internet Explorer, Safari and Opera.


    I see you do a great job keeping your software updated, which is very important to prevent infection. I use a program called Update Checker. It will show you which software on your system needs to be updated and will provide a download link for you.

    If you'd like to try that you can download it from here

    I see you also have Ccleaner installed. Though it is a really good program, Ccleaner includes a Registry cleaner, and we advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed.

    Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

    Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time. So if you continue to use Ccleaner, please don't use the registry cleaner option.

    I'd like to introduce you to TFC (Temporary File Cleaner) by Oldtimer:

    You can download TFC by Old Timer from here if you wish to try it out:
    • First, save any files as TFC will close ALL open programs including your browser!
    • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete cleaning.

    More info:
    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

    Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
    -- TFC only cleans temp folders.
    -- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

    TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.


    Please take the time to read the links below to educate yourself a bit more about safe surfing/downloading habits. Some of the ideas might be a bit outdated, though you'll get the picture.

    "So how did I get infected in the first place?" by Tony Klein and updated by Corrine
    How Malware Spreads - How did I get infected by quietman7
    How to prevent Malware: by miekemoes

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi xtrakt,

    Did you find the opportunity to follow the instructions above to remove the tools?

    Please let us know if all has been accomplished and we'll close out your thread as "Solved".

    Thank you!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  11. #10
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Hey there Donna!

    Im failing to see where and how to remove the tools you provided for the clean. Im either totally blind or seriously overlooking something here lol Could you re-direct or highlight it for me please, cheers

    Leon

Page 1 of 2 12 LastLast