Scorpion Saver

[AstwickMartin]

Ran the Farbar

 

FRST.txt

 

========= Processes (Whitelisted) ===================
;pl
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Swearware) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\dds.scr
() C:\DOCUME~1\USER~1.SYS\LOCALS~1\Temp\nskEF.tmp\nsF0.tmp
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
() C:\DOCUME~1\USER~1.SYS\LOCALS~1\Temp\nskEF.tmp\PEV.DAT

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2575712 2012-02-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware)
HKU\Administrator.SYSTEM-53DADEA5.000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\Administrator.SYSTEM-53DADEA5.000\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
Startup: C:\Documents and Settings\Administrator.SYSTEM-53DADEA5.000\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Documents and Settings\Administrator.SYSTEM-53DADEA5.000\Application Data\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\User.SYSTEM-53DADEA5\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E6F3A199101CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKCU - {46326615-F6B8-47AE-8401-566C9C42E8FA} URL = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=5C34F159-4F99-4353-B6D7-0FDB841DE61E&apn_sauid=6E8438EE-C1E3-4C8E-B7FC-4EE20D1A7229
SearchScopes: HKCU - {E5B934EB-95EE-4668-8C0D-B438ED75F9B9} URL = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=f81699b80000000000000016cfa5c087&q={searchTerms}&r=250
BHO: Best Youtube Downloader - {95EDC833-368A-417E-8243-937FD07DF489} - C:\Program Files\Best Youtube Downloader\Basement\Extension32.dll ()
BHO: No Name - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\system32\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\system32\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.180.42.68

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890
FF user.js: detected! => C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\user.js
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF HKLM\...\Firefox\Extensions: [{8FB26E8E-9DAE-4BCC-96C6-4648C954AE8F}] - C:\Program Files\Best Youtube Downloader\{8FB26E8E-9DAE-4BCC-96C6-4648C954AE8F}.xpi
FF Extension: defaults - C:\Program Files\Best Youtube Downloader\{8FB26E8E-9DAE-4BCC-96C6-4648C954AE8F}.xpi
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\GreatArcadeHits\gahff.xpi

Chrome:
=======
CHR Extension: (Docs) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Best Youtube Downloader) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\goacemjobhmmbdlbbfjgifjcojdfnjfm\1.0.39_0
CHR Extension: (avast! WebRep) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: () - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38
CHR Extension: (GreatArcadeHits Add-on) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Scorpion Saver) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx
CHR HKLM\...\Chrome\Extension: [goacemjobhmmbdlbbfjgifjcojdfnjfm] - C:\Program Files\Best Youtube Downloader\Chrome.crx
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] ()
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [418296 2013-10-31] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 vToolbarUpdater11.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-11] ()
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\avgidsehx.sys [22992 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299472 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-27] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslf9ce4cd0; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9142CF4C-BA6B-451A-A1A1-4525D6F44BDE}\MpKslf9ce4cd0.sys [40392 2013-11-28] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U3 mbr; \??\C:\DOCUME~1\USER~1.SYS\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 15:29 - 2013-11-28 15:29 - 00021501 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\attach.txt
2013-11-28 15:29 - 2013-11-28 15:29 - 00013670 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\dds.txt
2013-11-28 15:25 - 2013-11-28 15:25 - 00000000 ____D C:\FRST
2013-11-28 03:41 - 2013-11-28 03:41 - 00001234 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\did paul play a role in.txt
2013-11-28 02:48 - 2013-11-28 02:48 - 00025818 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Jesse letter.txt
2013-11-27 21:30 - 2013-11-27 21:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Albums
2013-11-27 21:26 - 2013-11-27 21:27 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Thomas Sowell
2013-11-26 23:56 - 2013-11-26 23:56 - 00000044 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\text people paltalk.txt
2013-11-26 22:30 - 2013-11-26 22:30 - 00070839 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ.htm
2013-11-26 22:30 - 2013-11-26 22:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ_files
2013-11-25 17:16 - 2013-11-25 17:17 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-24 14:03 - 2013-11-24 14:28 - 138873058 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-22-2013-Full-Show-YouTube.mp4
2013-11-24 13:33 - 2013-11-24 13:33 - 00000000 ____D C:\Program Files\ScorpionSaver
2013-11-20 09:32 - 2013-11-20 12:11 - 00008864 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\stagflationary blues.txt
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\modules
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\js
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\images
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\html
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\css
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Program Files\Free YouTube Downloader
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Free YouTube Downloader
2013-11-20 04:37 - 2013-11-20 04:36 - 00351124 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\mysearchdial-speeddial.crx
2013-11-20 04:03 - 2013-11-20 04:05 - 00004954 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Rkill.txt
2013-11-20 04:02 - 2013-11-20 04:02 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\rkill.exe
2013-11-19 07:03 - 2013-11-28 15:22 - 00373169 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 06:12 - 2013-11-19 07:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 03:34 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\WINDOWS\system32\AdpeakProxy.dll
2013-11-17 05:52 - 2013-11-17 05:53 - 14723046 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-400-POUND-HIGH-SCHOOL-RUNNING-BACK-TONY-PICARD-ON-FILM-YouTube.mp4
2013-11-17 05:46 - 2013-11-17 05:51 - 94873518 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Whistle-BLOWER-Secret-Plot-to-NUKE-parts-of-the-USA-Exposed-YouTube.mp4
2013-11-17 05:44 - 2013-11-17 05:45 - 16444545 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Milton-Friedman-Schools-Young-Idealist-2-Stanford-YouTube.mp4
2013-11-17 05:16 - 2013-11-17 05:32 - 248750068 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Sofia-Smallstorm-Unraveling-Sandy-Hook-YouTube.mp4
2013-11-16 05:06 - 2013-11-19 04:54 - 00000266 _____ C:\WINDOWS\Tasks\PrismDowngrade.job
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-16 02:56 - 2013-11-16 02:56 - 00023790 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\weirdmet.zip
2013-11-16 02:55 - 2013-11-16 02:55 - 00894600 _____ (CNET Download.com) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cbsidlm-cbsi134-Weird_Metronome-SEO-10073673.exe
2013-11-15 04:11 - 2013-11-15 04:20 - 135425947 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-14-2013-Full-Show-YouTube.mp4
2013-11-15 00:18 - 2013-11-15 00:23 - 65624452 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Frasier-Full-Episodes-Season-5-episodes-15-Room-Service-YouTube.mp4
2013-11-14 03:28 - 2013-11-14 03:32 - 61148340 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-7-E18-Hot-Pursuit-YouTube-1.mp4
2013-11-14 00:50 - 2013-11-14 00:56 - 38181995 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Coming-to-America-The-Truth-That-will-Leave-You-Speechless-Part-1.mp4
2013-11-14 00:48 - 2013-11-14 00:56 - 46450536 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Dream Theater Pull-Me-Under-Live-At-Luna Park.mp4
2013-11-14 00:46 - 2013-11-14 00:57 - 79412533 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-11-E15-Caught-In-The-Act-YouTube.mp4
2013-11-14 00:38 - 2013-11-14 00:41 - 35629204 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-8-of-8-YouTube.mp4
2013-11-14 00:30 - 2013-11-14 00:34 - 40242089 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-7-of-8-YouTube-1.mp4
2013-11-14 00:28 - 2013-11-14 00:33 - 40305640 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-6-of-8-YouTube.mp4
2013-11-14 00:23 - 2013-11-14 00:27 - 40211520 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-5-of-8-YouTube.mp4
2013-11-14 00:22 - 2013-11-14 00:26 - 32733669 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-4-of-8-YouTube.mp4
2013-11-14 00:17 - 2013-11-14 00:20 - 32444498 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-3-of-8-YouTube.mp4
2013-11-14 00:16 - 2013-11-14 00:19 - 32680014 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-2-of-8-YouTube.mp4
2013-11-14 00:00 - 2013-11-14 00:04 - 32396186 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-1-of-8-YouTube.mp4
2013-11-13 23:40 - 2013-11-13 23:41 - 16621408 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Far-Beyond-the-Sun-by-Yngwie-Malmsteen-by-Afterschool.mp4
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-12 04:19 - 2013-11-12 04:36 - 204614888 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Alex-Jones-ShowCommercial-Free-AUDIO-Friday-November-8-2013-Michael-Maloof-YouTube.mp4
2013-11-12 03:48 - 2013-11-12 03:51 - 19592568 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\The-24-Elders-Chuck-Missler-YouTube.mp4
2013-11-12 03:00 - 2013-11-12 03:12 - 134819435 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Michael-Savage-The-Savage-Nation-November-11-2013-Full-Show-YouTube.mp4
2013-11-11 20:25 - 2013-11-11 20:25 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\SUPERAntiSpyware.com
2013-11-11 20:24 - 2013-11-11 20:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-11-11 03:59 - 2013-11-11 03:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2013-11-11 03:58 - 2013-11-11 03:59 - 00000000 ____D C:\Program Files\Defraggler
2013-11-11 02:49 - 2013-11-11 02:49 - 00001722 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Paltalk Messenger.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00001240 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Upgrade to Paltalk Extreme.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Start Menu\Programs\Paltalk Messenger
2013-11-11 01:16 - 2013-11-11 01:16 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\PCHealth
2013-11-11 01:01 - 2013-11-28 14:56 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-11 00:51 - 2013-11-11 00:51 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-11 00:50 - 2013-11-11 00:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 00:07 - 2013-11-11 00:08 - 00079128 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cc_20131111_000357.reg
2013-11-10 23:27 - 2013-11-10 23:27 - 12659428 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Lords-God-YouTube.mp4
2013-11-10 23:26 - 2013-11-17 05:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-11-10 23:26 - 2013-11-10 23:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-11-10 23:17 - 2013-11-10 23:18 - 13926351 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-Caller-Hysterical-Occupy-Wall-Street-Supporter.mp4
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-11-10 23:15 - 2013-11-28 15:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 23:15 - 2013-11-28 14:46 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 20:56 - 2013-01-21 16:54 - 00000892 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Sothink FLV Player.lnk
2013-11-10 20:55 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-10 20:55 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-10 20:55 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-10 20:55 - 2013-10-08 06:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-10 20:08 - 2013-11-11 02:48 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Paltalk
2013-11-10 19:50 - 2013-11-19 04:46 - 00001206 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\bytes.txt
2013-11-10 16:53 - 2013-11-12 00:06 - 00000091 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\amazon.txt
2013-11-10 02:33 - 2013-11-10 02:47 - 135514871 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-November-8-2013.mp4
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\WINDOWS\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\WINDOWS\system32\AdpeakProxyOff.ini
2013-10-31 10:48 - 2013-10-31 10:48 - 00000000 __SHD C:\found.000

==================== One Month Modified Files and Folders =======

2013-11-28 15:29 - 2013-11-28 15:29 - 00021501 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\attach.txt
2013-11-28 15:29 - 2013-11-28 15:29 - 00013670 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\dds.txt
2013-11-28 15:29 - 2013-11-10 23:15 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 15:28 - 2013-06-10 19:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-28 15:25 - 2013-11-28 15:25 - 00000000 ____D C:\FRST
2013-11-28 15:22 - 2013-11-19 07:03 - 00373169 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-28 14:56 - 2013-11-11 01:01 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-28 14:47 - 2004-08-04 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-28 14:46 - 2013-11-10 23:15 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 14:46 - 2013-06-09 21:55 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-11-28 14:46 - 2013-06-04 18:35 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-28 14:46 - 2013-01-27 21:42 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-28 14:46 - 2011-11-28 11:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-28 04:34 - 2011-11-28 11:05 - 00032366 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-28 03:41 - 2013-11-28 03:41 - 00001234 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\did paul play a role in.txt
2013-11-28 03:37 - 2013-07-22 10:21 - 00002187 _____ C:\Documents and Settings\All Users\Desktop\Safari.lnk
2013-11-28 02:48 - 2013-11-28 02:48 - 00025818 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Jesse letter.txt
2013-11-27 21:41 - 2013-01-26 21:50 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Quotes, Facts, and Funny Stories
2013-11-27 21:41 - 2012-07-09 07:20 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\prophetic magnum
2013-11-27 21:30 - 2013-11-27 21:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Albums
2013-11-27 21:28 - 2013-07-13 23:40 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\why people hate mother theresa_files
2013-11-27 21:28 - 2012-06-26 17:24 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\priscilla dang kung fu_files
2013-11-27 21:28 - 2012-06-18 22:18 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\putin and obama_files
2013-11-27 21:27 - 2013-11-27 21:26 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Thomas Sowell
2013-11-26 23:56 - 2013-11-26 23:56 - 00000044 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\text people paltalk.txt
2013-11-26 23:00 - 2013-02-07 23:54 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Pre-Catholic Faith
2013-11-26 22:30 - 2013-11-26 22:30 - 00070839 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ.htm
2013-11-26 22:30 - 2013-11-26 22:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ_files
2013-11-25 17:29 - 2013-10-15 20:38 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Files of Files
2013-11-25 17:17 - 2013-11-25 17:16 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-24 22:04 - 2013-08-07 05:08 - 00000235 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\michael savage august 6th.txt
2013-11-24 21:01 - 2011-11-28 13:58 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB978601$
2013-11-24 14:28 - 2013-11-24 14:03 - 138873058 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-22-2013-Full-Show-YouTube.mp4
2013-11-24 13:33 - 2013-11-24 13:33 - 00000000 ____D C:\Program Files\ScorpionSaver
2013-11-22 07:21 - 2013-02-02 15:49 - 00000178 ___SH C:\Documents and Settings\User.SYSTEM-53DADEA5\ntuser.ini
2013-11-20 12:11 - 2013-11-20 09:32 - 00008864 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\stagflationary blues.txt
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\modules
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\js
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\images
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\html
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\css
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Program Files\Free YouTube Downloader
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Free YouTube Downloader
2013-11-20 04:36 - 2013-11-20 04:37 - 00351124 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\mysearchdial-speeddial.crx
2013-11-20 04:05 - 2013-11-20 04:03 - 00004954 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Rkill.txt
2013-11-20 04:02 - 2013-11-20 04:02 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\rkill.exe
2013-11-20 03:30 - 2013-01-25 22:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 07:01 - 2013-11-19 06:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 06:59 - 2013-02-02 15:49 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5
2013-11-19 05:17 - 2011-11-29 10:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-19 04:54 - 2013-11-16 05:06 - 00000266 _____ C:\WINDOWS\Tasks\PrismDowngrade.job
2013-11-19 04:54 - 2013-10-10 08:13 - 00000266 _____ C:\WINDOWS\Tasks\PrismReminder.job
2013-11-19 04:46 - 2013-11-10 19:50 - 00001206 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\bytes.txt
2013-11-19 04:21 - 2012-04-08 19:54 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-17 06:19 - 2011-11-28 13:59 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB979482$
2013-11-17 05:53 - 2013-11-17 05:52 - 14723046 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-400-POUND-HIGH-SCHOOL-RUNNING-BACK-TONY-PICARD-ON-FILM-YouTube.mp4
2013-11-17 05:51 - 2013-11-17 05:46 - 94873518 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Whistle-BLOWER-Secret-Plot-to-NUKE-parts-of-the-USA-Exposed-YouTube.mp4
2013-11-17 05:45 - 2013-11-17 05:44 - 16444545 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Milton-Friedman-Schools-Young-Idealist-2-Stanford-YouTube.mp4
2013-11-17 05:38 - 2013-11-10 23:26 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-11-17 05:32 - 2013-11-17 05:16 - 248750068 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Sofia-Smallstorm-Unraveling-Sandy-Hook-YouTube.mp4
2013-11-16 09:41 - 2013-02-02 23:17 - 00021504 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-16 09:40 - 2013-02-02 23:17 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\WMTools Downloaded Files
2013-11-16 09:17 - 2004-08-04 04:00 - 00000558 _____ C:\WINDOWS\win.ini
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-16 02:56 - 2013-11-16 02:56 - 00023790 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\weirdmet.zip
2013-11-16 02:55 - 2013-11-16 02:55 - 00894600 _____ (CNET Download.com) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cbsidlm-cbsi134-Weird_Metronome-SEO-10073673.exe
2013-11-15 04:20 - 2013-11-15 04:11 - 135425947 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-14-2013-Full-Show-YouTube.mp4
2013-11-15 00:23 - 2013-11-15 00:18 - 65624452 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Frasier-Full-Episodes-Season-5-episodes-15-Room-Service-YouTube.mp4
2013-11-15 00:04 - 2013-01-18 03:01 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-11-14 03:32 - 2013-11-14 03:28 - 61148340 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-7-E18-Hot-Pursuit-YouTube-1.mp4
2013-11-14 00:57 - 2013-11-14 00:46 - 79412533 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-11-E15-Caught-In-The-Act-YouTube.mp4
2013-11-14 00:56 - 2013-11-14 00:50 - 38181995 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Coming-to-America-The-Truth-That-will-Leave-You-Speechless-Part-1.mp4
2013-11-14 00:56 - 2013-11-14 00:48 - 46450536 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Dream Theater Pull-Me-Under-Live-At-Luna Park.mp4
2013-11-14 00:41 - 2013-11-14 00:38 - 35629204 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-8-of-8-YouTube.mp4
2013-11-14 00:34 - 2013-11-14 00:30 - 40242089 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-7-of-8-YouTube-1.mp4
2013-11-14 00:33 - 2013-11-14 00:28 - 40305640 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-6-of-8-YouTube.mp4
2013-11-14 00:27 - 2013-11-14 00:23 - 40211520 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-5-of-8-YouTube.mp4
2013-11-14 00:26 - 2013-11-14 00:22 - 32733669 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-4-of-8-YouTube.mp4
2013-11-14 00:20 - 2013-11-14 00:17 - 32444498 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-3-of-8-YouTube.mp4
2013-11-14 00:19 - 2013-11-14 00:16 - 32680014 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-2-of-8-YouTube.mp4
2013-11-14 00:04 - 2013-11-14 00:00 - 32396186 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-1-of-8-YouTube.mp4
2013-11-13 23:41 - 2013-11-13 23:40 - 16621408 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Far-Beyond-the-Sun-by-Yngwie-Malmsteen-by-Afterschool.mp4
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 03:04 - 2011-11-28 16:06 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 03:03 - 2013-07-16 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 03:00 - 2011-11-28 12:33 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-12 04:36 - 2013-11-12 04:19 - 204614888 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Alex-Jones-ShowCommercial-Free-AUDIO-Friday-November-8-2013-Michael-Maloof-YouTube.mp4
2013-11-12 03:51 - 2013-11-12 03:48 - 19592568 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\The-24-Elders-Chuck-Missler-YouTube.mp4
2013-11-12 03:12 - 2013-11-12 03:00 - 134819435 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Michael-Savage-The-Savage-Nation-November-11-2013-Full-Show-YouTube.mp4
2013-11-12 02:44 - 2011-11-28 03:46 - 00569430 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-12 02:35 - 2013-08-16 15:43 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\French
2013-11-12 00:06 - 2013-11-10 16:53 - 00000091 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\amazon.txt
2013-11-11 20:25 - 2013-11-11 20:25 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\SUPERAntiSpyware.com
2013-11-11 20:25 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-11-11 03:59 - 2013-11-11 03:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2013-11-11 03:59 - 2013-11-11 03:58 - 00000000 ____D C:\Program Files\Defraggler
2013-11-11 02:49 - 2013-11-11 02:49 - 00001722 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Paltalk Messenger.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00001240 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Upgrade to Paltalk Extreme.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Start Menu\Programs\Paltalk Messenger
2013-11-11 02:48 - 2013-11-10 20:08 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Paltalk
2013-11-11 02:48 - 2012-02-20 03:19 - 00000000 ____D C:\Program Files\Paltalk Messenger
2013-11-11 01:16 - 2013-11-11 01:16 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\PCHealth
2013-11-11 00:51 - 2013-11-11 00:51 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-11 00:51 - 2013-11-11 00:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 00:51 - 2012-04-08 19:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-11-11 00:26 - 2011-12-15 18:01 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-11 00:08 - 2013-11-11 00:07 - 00079128 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cc_20131111_000357.reg
2013-11-10 23:27 - 2013-11-10 23:27 - 12659428 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Lords-God-YouTube.mp4
2013-11-10 23:26 - 2013-11-10 23:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-11-10 23:22 - 2013-01-27 15:03 - 00000000 ____D C:\Program Files\Google
2013-11-10 23:18 - 2013-11-10 23:17 - 13926351 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-Caller-Hysterical-Occupy-Wall-Street-Supporter.mp4
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-11-10 23:15 - 2013-02-02 16:00 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google
2013-11-10 23:04 - 2012-06-25 15:07 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Tabs
2013-11-10 20:58 - 2013-10-26 05:31 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Old Firefox Data
2013-11-10 20:29 - 2013-02-04 20:42 - 00000000 ____D C:\Program Files\NCH Software
2013-11-10 20:17 - 2013-09-23 02:04 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\xvideo
2013-11-10 20:17 - 2013-04-28 03:21 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Desktop things
2013-11-10 17:10 - 2013-03-15 02:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-11-10 02:47 - 2013-11-10 02:33 - 135514871 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-November-8-2013.mp4
2013-11-09 21:19 - 2013-06-28 10:54 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\News
2013-11-09 19:29 - 2011-11-28 11:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\WINDOWS\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\WINDOWS\system32\AdpeakProxyOff.ini
2013-10-31 10:48 - 2013-10-31 10:48 - 00000000 __SHD C:\found.000

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\User\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\User\Local Settings\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\User\Local Settings\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Documents and Settings\User\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-6u38-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\User\Local Settings\Temp\setup.exe
C:\Documents and Settings\User\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\5283uninstall.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe16.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe1A.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe2.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe36.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe45.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe60.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe7.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe8.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe9.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\Sqlite3.dll
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

attach.txt

[MrCharlie]

Welcome to the forum.

Did you run AdwCleaner and Malwarebytes first???

MrC

[AstwickMartin]

Where is the link for AdWCleaner? And MalwareBytes ran last night and picked up one item but I removed it.

[AstwickMartin]

ADWCLEANER# AdwCleaner v3.013 - Report created 28/11/2013 at 15:58:01
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - SYSTEM-53DADEA5
# Running from : C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater11.1.0

***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\User~1.SYS\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\user.js
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\searchplugins\avg-secure-search.xml
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\searchplugins\spamfreesearch.xml
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\user.js
File Found : C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\mysearchdial-speeddial.crx
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\NCH Software
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\NCH Software
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\NCH Software
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702



-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\prefs.js ]

Line Found : user_pref("browser.search.order.1", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd1103");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.cr", "1829368823");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "793C29F8BF80D3ABB57B91EF0F8CF43D");
Line Found : user_pref("extensions.mysearchdial.hmpg", true);

Line Found : user_pref("extensions.mysearchdial.id", "0016CFA5C08799B8");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16029");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");

Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.04:36:19");

Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.sg", "none");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.04:36:19");
Line Found : user_pref("searchreset.backup.browser.search.defaultenginename", "Mysearchdial");


[ File : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\prefs.js ]



Line Found : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Line Found : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");


Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18212 octets] - [28/11/2013 15:58:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18273 octets] ##########
 

[MrCharlie]

Now......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Then run another scan with FRST and post the new log.

MrC

[AstwickMartin]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: SYSTEM-53DADEA5 [administrator]

11/28/2013 5:14:02 PM
mbam-log-2013-11-28 (17-14-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306040
Time elapsed: 25 minute(s), 13 second(s)

Memory Processes Detected: 1
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> 1776 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> Delete on reboot.

Registry Keys Detected: 5
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Scorpion Saver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCR\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\AdpeakProxy (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Program Files\ScorpionSaver Services (PUP.Optional.ScorpionSaver) -> Delete on reboot.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Files Detected: 23
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\dlm23.tmp\mp4towmv_setup.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\dlm26.tmp\mp4towmv_setup.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\AdpeakProxy.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> Delete on reboot.
C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\Installbat.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\InstallDLL.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> Delete on reboot.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\background.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon128.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon16.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon32.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon48.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon64.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon8.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\marcopolo.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

(end)
 

[AstwickMartin]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013
Ran by User (administrator) on SYSTEM-53DADEA5 on 28-11-2013 18:06:15
Running from C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2575712 2012-02-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware)
HKU\Administrator.SYSTEM-53DADEA5.000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\Administrator.SYSTEM-53DADEA5.000\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
Startup: C:\Documents and Settings\Administrator.SYSTEM-53DADEA5.000\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Documents and Settings\Administrator.SYSTEM-53DADEA5.000\Application Data\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\User.SYSTEM-53DADEA5\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E6F3A199101CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1829368823&ir=
SearchScopes: HKCU - {46326615-F6B8-47AE-8401-566C9C42E8FA} URL = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=5C34F159-4F99-4353-B6D7-0FDB841DE61E&apn_sauid=6E8438EE-C1E3-4C8E-B7FC-4EE20D1A7229
SearchScopes: HKCU - {E5B934EB-95EE-4668-8C0D-B438ED75F9B9} URL = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=f81699b80000000000000016cfa5c087&q={searchTerms}&r=250
BHO: Best Youtube Downloader - {95EDC833-368A-417E-8243-937FD07DF489} - C:\Program Files\Best Youtube Downloader\Basement\Extension32.dll ()
BHO: No Name - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\system32\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\system32\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.180.42.68

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890
FF user.js: detected! => C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\user.js
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF HKLM\...\Firefox\Extensions: [{8FB26E8E-9DAE-4BCC-96C6-4648C954AE8F}] - C:\Program Files\Best Youtube Downloader\{8FB26E8E-9DAE-4BCC-96C6-4648C954AE8F}.xpi
FF Extension: defaults - C:\Program Files\Best Youtube Downloader\{8FB26E8E-9DAE-4BCC-96C6-4648C954AE8F}.xpi
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\GreatArcadeHits\gahff.xpi

Chrome:
=======
CHR Extension: (Docs) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Best Youtube Downloader) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\goacemjobhmmbdlbbfjgifjcojdfnjfm\1.0.39_0
CHR Extension: (avast! WebRep) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: () - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38
CHR Extension: (GreatArcadeHits Add-on) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\USER~1.SYS\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx
CHR HKLM\...\Chrome\Extension: [goacemjobhmmbdlbbfjgifjcojdfnjfm] - C:\Program Files\Best Youtube Downloader\Chrome.crx
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] ()
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [418296 2013-10-31] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 vToolbarUpdater11.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-11] ()
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\avgidsehx.sys [22992 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299472 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-27] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 17:27 - 2013-11-28 17:27 - 00000560 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\songs to buy.txt
2013-11-28 17:19 - 2013-11-28 17:19 - 00001190 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Continue Free MP4 to WMV Converter.lnk
2013-11-28 15:59 - 2013-11-28 15:59 - 00018354 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\AdwCleaner[R0].txt
2013-11-28 15:57 - 2013-11-28 15:59 - 00000000 ____D C:\AdwCleaner
2013-11-28 15:29 - 2013-11-28 15:29 - 00021501 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\attach.txt
2013-11-28 15:29 - 2013-11-28 15:29 - 00013670 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\dds.txt
2013-11-28 15:25 - 2013-11-28 15:25 - 00000000 ____D C:\FRST
2013-11-28 03:41 - 2013-11-28 03:41 - 00001234 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\did paul play a role in.txt
2013-11-28 02:48 - 2013-11-28 02:48 - 00025818 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Jesse letter.txt
2013-11-27 21:30 - 2013-11-27 21:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Albums
2013-11-27 21:26 - 2013-11-27 21:27 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Thomas Sowell
2013-11-26 23:56 - 2013-11-26 23:56 - 00000044 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\text people paltalk.txt
2013-11-26 22:30 - 2013-11-26 22:30 - 00070839 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ.htm
2013-11-26 22:30 - 2013-11-26 22:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ_files
2013-11-24 14:03 - 2013-11-24 14:28 - 138873058 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-22-2013-Full-Show-YouTube.mp4
2013-11-24 13:33 - 2013-11-24 13:33 - 00000000 ____D C:\Program Files\ScorpionSaver
2013-11-20 09:32 - 2013-11-20 12:11 - 00008864 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\stagflationary blues.txt
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\modules
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\js
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\images
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\html
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\css
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Program Files\Free YouTube Downloader
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Free YouTube Downloader
2013-11-20 04:37 - 2013-11-20 04:36 - 00351124 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\mysearchdial-speeddial.crx
2013-11-20 04:03 - 2013-11-20 04:05 - 00004954 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Rkill.txt
2013-11-20 04:02 - 2013-11-20 04:02 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\rkill.exe
2013-11-19 07:03 - 2013-11-28 18:03 - 00394526 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 06:12 - 2013-11-19 07:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 03:34 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\WINDOWS\system32\AdpeakProxy.dll
2013-11-17 05:52 - 2013-11-17 05:53 - 14723046 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-400-POUND-HIGH-SCHOOL-RUNNING-BACK-TONY-PICARD-ON-FILM-YouTube.mp4
2013-11-17 05:46 - 2013-11-17 05:51 - 94873518 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Whistle-BLOWER-Secret-Plot-to-NUKE-parts-of-the-USA-Exposed-YouTube.mp4
2013-11-17 05:44 - 2013-11-17 05:45 - 16444545 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Milton-Friedman-Schools-Young-Idealist-2-Stanford-YouTube.mp4
2013-11-17 05:16 - 2013-11-17 05:32 - 248750068 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Sofia-Smallstorm-Unraveling-Sandy-Hook-YouTube.mp4
2013-11-16 05:06 - 2013-11-19 04:54 - 00000266 _____ C:\WINDOWS\Tasks\PrismDowngrade.job
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-16 02:56 - 2013-11-16 02:56 - 00023790 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\weirdmet.zip
2013-11-16 02:55 - 2013-11-16 02:55 - 00894600 _____ (CNET Download.com) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cbsidlm-cbsi134-Weird_Metronome-SEO-10073673.exe
2013-11-15 04:11 - 2013-11-15 04:20 - 135425947 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-14-2013-Full-Show-YouTube.mp4
2013-11-15 00:18 - 2013-11-15 00:23 - 65624452 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Frasier-Full-Episodes-Season-5-episodes-15-Room-Service-YouTube.mp4
2013-11-14 03:28 - 2013-11-14 03:32 - 61148340 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-7-E18-Hot-Pursuit-YouTube-1.mp4
2013-11-14 00:50 - 2013-11-14 00:56 - 38181995 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Coming-to-America-The-Truth-That-will-Leave-You-Speechless-Part-1.mp4
2013-11-14 00:48 - 2013-11-14 00:56 - 46450536 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Dream Theater Pull-Me-Under-Live-At-Luna Park.mp4
2013-11-14 00:46 - 2013-11-14 00:57 - 79412533 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-11-E15-Caught-In-The-Act-YouTube.mp4
2013-11-14 00:38 - 2013-11-14 00:41 - 35629204 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-8-of-8-YouTube.mp4
2013-11-14 00:30 - 2013-11-14 00:34 - 40242089 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-7-of-8-YouTube-1.mp4
2013-11-14 00:28 - 2013-11-14 00:33 - 40305640 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-6-of-8-YouTube.mp4
2013-11-14 00:23 - 2013-11-14 00:27 - 40211520 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-5-of-8-YouTube.mp4
2013-11-14 00:22 - 2013-11-14 00:26 - 32733669 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-4-of-8-YouTube.mp4
2013-11-14 00:17 - 2013-11-14 00:20 - 32444498 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-3-of-8-YouTube.mp4
2013-11-14 00:16 - 2013-11-14 00:19 - 32680014 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-2-of-8-YouTube.mp4
2013-11-14 00:00 - 2013-11-14 00:04 - 32396186 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-1-of-8-YouTube.mp4
2013-11-13 23:40 - 2013-11-13 23:41 - 16621408 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Far-Beyond-the-Sun-by-Yngwie-Malmsteen-by-Afterschool.mp4
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-12 04:19 - 2013-11-12 04:36 - 204614888 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Alex-Jones-ShowCommercial-Free-AUDIO-Friday-November-8-2013-Michael-Maloof-YouTube.mp4
2013-11-12 03:48 - 2013-11-12 03:51 - 19592568 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\The-24-Elders-Chuck-Missler-YouTube.mp4
2013-11-12 03:00 - 2013-11-12 03:12 - 134819435 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Michael-Savage-The-Savage-Nation-November-11-2013-Full-Show-YouTube.mp4
2013-11-11 20:25 - 2013-11-11 20:25 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\SUPERAntiSpyware.com
2013-11-11 20:24 - 2013-11-11 20:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-11-11 03:59 - 2013-11-11 03:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2013-11-11 03:58 - 2013-11-11 03:59 - 00000000 ____D C:\Program Files\Defraggler
2013-11-11 02:49 - 2013-11-11 02:49 - 00001722 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Paltalk Messenger.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00001240 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Upgrade to Paltalk Extreme.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Start Menu\Programs\Paltalk Messenger
2013-11-11 01:16 - 2013-11-11 01:16 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\PCHealth
2013-11-11 01:01 - 2013-11-28 15:55 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-11 00:51 - 2013-11-11 00:51 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-11 00:50 - 2013-11-11 00:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 00:07 - 2013-11-11 00:08 - 00079128 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cc_20131111_000357.reg
2013-11-10 23:27 - 2013-11-10 23:27 - 12659428 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Lords-God-YouTube.mp4
2013-11-10 23:26 - 2013-11-17 05:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-11-10 23:26 - 2013-11-10 23:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-11-10 23:17 - 2013-11-10 23:18 - 13926351 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-Caller-Hysterical-Occupy-Wall-Street-Supporter.mp4
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-11-10 23:15 - 2013-11-28 18:01 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 23:15 - 2013-11-28 17:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 20:56 - 2013-01-21 16:54 - 00000892 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Sothink FLV Player.lnk
2013-11-10 20:55 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-10 20:55 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-10 20:55 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-10 20:55 - 2013-10-08 06:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-10 20:08 - 2013-11-11 02:48 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Paltalk
2013-11-10 19:50 - 2013-11-19 04:46 - 00001206 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\bytes.txt
2013-11-10 16:53 - 2013-11-12 00:06 - 00000091 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\amazon.txt
2013-11-10 02:33 - 2013-11-10 02:47 - 135514871 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-November-8-2013.mp4
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\WINDOWS\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\WINDOWS\system32\AdpeakProxyOff.ini
2013-10-31 10:48 - 2013-10-31 10:48 - 00000000 __SHD C:\found.000

==================== One Month Modified Files and Folders =======

2013-11-28 18:03 - 2013-11-19 07:03 - 00394526 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-28 18:02 - 2004-08-04 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-28 18:01 - 2013-11-10 23:15 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 18:01 - 2013-06-09 21:55 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-11-28 18:01 - 2013-06-04 18:35 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-28 18:01 - 2013-01-27 21:42 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-28 18:01 - 2011-11-28 11:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-28 18:00 - 2011-11-28 11:05 - 00032366 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-28 17:58 - 2011-11-28 13:55 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB973687_1$
2013-11-28 17:28 - 2013-11-10 23:15 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 17:28 - 2013-06-10 19:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-28 17:27 - 2013-11-28 17:27 - 00000560 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\songs to buy.txt
2013-11-28 17:19 - 2013-11-28 17:19 - 00001190 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Continue Free MP4 to WMV Converter.lnk
2013-11-28 16:01 - 2013-07-22 10:21 - 00002187 _____ C:\Documents and Settings\All Users\Desktop\Safari.lnk
2013-11-28 15:59 - 2013-11-28 15:59 - 00018354 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\AdwCleaner[R0].txt
2013-11-28 15:59 - 2013-11-28 15:57 - 00000000 ____D C:\AdwCleaner
2013-11-28 15:55 - 2013-11-11 01:01 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-28 15:29 - 2013-11-28 15:29 - 00021501 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\attach.txt
2013-11-28 15:29 - 2013-11-28 15:29 - 00013670 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\dds.txt
2013-11-28 15:25 - 2013-11-28 15:25 - 00000000 ____D C:\FRST
2013-11-28 03:41 - 2013-11-28 03:41 - 00001234 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\did paul play a role in.txt
2013-11-28 02:48 - 2013-11-28 02:48 - 00025818 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Jesse letter.txt
2013-11-27 21:41 - 2013-01-26 21:50 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Quotes, Facts, and Funny Stories
2013-11-27 21:41 - 2012-07-09 07:20 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\prophetic magnum
2013-11-27 21:30 - 2013-11-27 21:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Albums
2013-11-27 21:28 - 2013-07-13 23:40 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\why people hate mother theresa_files
2013-11-27 21:28 - 2012-06-26 17:24 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\priscilla dang kung fu_files
2013-11-27 21:28 - 2012-06-18 22:18 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\putin and obama_files
2013-11-27 21:27 - 2013-11-27 21:26 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Thomas Sowell
2013-11-26 23:56 - 2013-11-26 23:56 - 00000044 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\text people paltalk.txt
2013-11-26 23:00 - 2013-02-07 23:54 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Pre-Catholic Faith
2013-11-26 22:30 - 2013-11-26 22:30 - 00070839 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ.htm
2013-11-26 22:30 - 2013-11-26 22:30 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Focus on the Family Simplicity In Christ_files
2013-11-25 17:29 - 2013-10-15 20:38 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Files of Files
2013-11-24 22:04 - 2013-08-07 05:08 - 00000235 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\michael savage august 6th.txt
2013-11-24 21:01 - 2011-11-28 13:58 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB978601$
2013-11-24 14:28 - 2013-11-24 14:03 - 138873058 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-22-2013-Full-Show-YouTube.mp4
2013-11-24 13:33 - 2013-11-24 13:33 - 00000000 ____D C:\Program Files\ScorpionSaver
2013-11-22 07:21 - 2013-02-02 15:49 - 00000178 ___SH C:\Documents and Settings\User.SYSTEM-53DADEA5\ntuser.ini
2013-11-20 12:11 - 2013-11-20 09:32 - 00008864 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\stagflationary blues.txt
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\modules
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\js
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\images
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\html
2013-11-20 04:47 - 2013-11-20 04:47 - 00000000 ____D C:\WINDOWS\system32\css
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Program Files\Free YouTube Downloader
2013-11-20 04:44 - 2013-11-20 04:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Free YouTube Downloader
2013-11-20 04:36 - 2013-11-20 04:37 - 00351124 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\mysearchdial-speeddial.crx
2013-11-20 04:05 - 2013-11-20 04:03 - 00004954 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Rkill.txt
2013-11-20 04:02 - 2013-11-20 04:02 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\rkill.exe
2013-11-20 03:30 - 2013-01-25 22:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 07:01 - 2013-11-19 06:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 06:59 - 2013-02-02 15:49 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5
2013-11-19 05:17 - 2011-11-29 10:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-19 04:54 - 2013-11-16 05:06 - 00000266 _____ C:\WINDOWS\Tasks\PrismDowngrade.job
2013-11-19 04:54 - 2013-10-10 08:13 - 00000266 _____ C:\WINDOWS\Tasks\PrismReminder.job
2013-11-19 04:46 - 2013-11-10 19:50 - 00001206 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\bytes.txt
2013-11-19 04:21 - 2012-04-08 19:54 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-17 06:19 - 2011-11-28 13:59 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB979482$
2013-11-17 05:53 - 2013-11-17 05:52 - 14723046 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-400-POUND-HIGH-SCHOOL-RUNNING-BACK-TONY-PICARD-ON-FILM-YouTube.mp4
2013-11-17 05:51 - 2013-11-17 05:46 - 94873518 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Whistle-BLOWER-Secret-Plot-to-NUKE-parts-of-the-USA-Exposed-YouTube.mp4
2013-11-17 05:45 - 2013-11-17 05:44 - 16444545 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Milton-Friedman-Schools-Young-Idealist-2-Stanford-YouTube.mp4
2013-11-17 05:38 - 2013-11-10 23:26 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-11-17 05:32 - 2013-11-17 05:16 - 248750068 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Sofia-Smallstorm-Unraveling-Sandy-Hook-YouTube.mp4
2013-11-16 09:41 - 2013-02-02 23:17 - 00021504 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-16 09:40 - 2013-02-02 23:17 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\WMTools Downloaded Files
2013-11-16 09:17 - 2004-08-04 04:00 - 00000558 _____ C:\WINDOWS\win.ini
2013-11-16 03:06 - 2013-11-16 03:06 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-16 02:56 - 2013-11-16 02:56 - 00023790 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\weirdmet.zip
2013-11-16 02:55 - 2013-11-16 02:55 - 00894600 _____ (CNET Download.com) C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cbsidlm-cbsi134-Weird_Metronome-SEO-10073673.exe
2013-11-15 04:20 - 2013-11-15 04:11 - 135425947 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-The-Savage-Nation-November-14-2013-Full-Show-YouTube.mp4
2013-11-15 00:23 - 2013-11-15 00:18 - 65624452 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Frasier-Full-Episodes-Season-5-episodes-15-Room-Service-YouTube.mp4
2013-11-15 00:04 - 2013-01-18 03:01 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-11-14 03:32 - 2013-11-14 03:28 - 61148340 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-7-E18-Hot-Pursuit-YouTube-1.mp4
2013-11-14 00:57 - 2013-11-14 00:46 - 79412533 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Frasier-Season-11-E15-Caught-In-The-Act-YouTube.mp4
2013-11-14 00:56 - 2013-11-14 00:50 - 38181995 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Coming-to-America-The-Truth-That-will-Leave-You-Speechless-Part-1.mp4
2013-11-14 00:56 - 2013-11-14 00:48 - 46450536 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Dream Theater Pull-Me-Under-Live-At-Luna Park.mp4
2013-11-14 00:41 - 2013-11-14 00:38 - 35629204 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-8-of-8-YouTube.mp4
2013-11-14 00:34 - 2013-11-14 00:30 - 40242089 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-7-of-8-YouTube-1.mp4
2013-11-14 00:33 - 2013-11-14 00:28 - 40305640 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-6-of-8-YouTube.mp4
2013-11-14 00:27 - 2013-11-14 00:23 - 40211520 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-How-Radical-Professors-Indoctrinate-Students-David-Horowitz-5-of-8-YouTube.mp4
2013-11-14 00:26 - 2013-11-14 00:22 - 32733669 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-4-of-8-YouTube.mp4
2013-11-14 00:20 - 2013-11-14 00:17 - 32444498 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-3-of-8-YouTube.mp4
2013-11-14 00:19 - 2013-11-14 00:16 - 32680014 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-2-of-8-YouTube.mp4
2013-11-14 00:04 - 2013-11-14 00:00 - 32396186 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\How-Radical-Professors-Indoctrinate-Students-David-Horowitz-1-of-8-YouTube.mp4
2013-11-13 23:41 - 2013-11-13 23:40 - 16621408 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Far-Beyond-the-Sun-by-Yngwie-Malmsteen-by-Afterschool.mp4
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 03:05 - 2013-11-13 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 03:04 - 2011-11-28 16:06 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 03:03 - 2013-07-16 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 03:00 - 2011-11-28 12:33 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-12 04:36 - 2013-11-12 04:19 - 204614888 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Alex-Jones-ShowCommercial-Free-AUDIO-Friday-November-8-2013-Michael-Maloof-YouTube.mp4
2013-11-12 03:51 - 2013-11-12 03:48 - 19592568 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\The-24-Elders-Chuck-Missler-YouTube.mp4
2013-11-12 03:12 - 2013-11-12 03:00 - 134819435 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-Michael-Savage-The-Savage-Nation-November-11-2013-Full-Show-YouTube.mp4
2013-11-12 02:44 - 2011-11-28 03:46 - 00569430 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-12 02:35 - 2013-08-16 15:43 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\French
2013-11-12 00:06 - 2013-11-10 16:53 - 00000091 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\amazon.txt
2013-11-11 20:25 - 2013-11-11 20:25 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\SUPERAntiSpyware.com
2013-11-11 20:25 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-11-11 20:24 - 2013-11-11 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-11-11 03:59 - 2013-11-11 03:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2013-11-11 03:59 - 2013-11-11 03:58 - 00000000 ____D C:\Program Files\Defraggler
2013-11-11 02:49 - 2013-11-11 02:49 - 00001722 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Paltalk Messenger.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00001240 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Upgrade to Paltalk Extreme.lnk
2013-11-11 02:49 - 2013-11-11 02:49 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Start Menu\Programs\Paltalk Messenger
2013-11-11 02:48 - 2013-11-10 20:08 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Paltalk
2013-11-11 02:48 - 2012-02-20 03:19 - 00000000 ____D C:\Program Files\Paltalk Messenger
2013-11-11 01:16 - 2013-11-11 01:16 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\PCHealth
2013-11-11 00:51 - 2013-11-11 00:51 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-11 00:51 - 2013-11-11 00:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 00:51 - 2012-04-08 19:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-11-11 00:26 - 2011-12-15 18:01 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-11 00:08 - 2013-11-11 00:07 - 00079128 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cc_20131111_000357.reg
2013-11-10 23:27 - 2013-11-10 23:27 - 12659428 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\-The-Lords-God-YouTube.mp4
2013-11-10 23:26 - 2013-11-10 23:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-11-10 23:22 - 2013-01-27 15:03 - 00000000 ____D C:\Program Files\Google
2013-11-10 23:18 - 2013-11-10 23:17 - 13926351 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-Caller-Hysterical-Occupy-Wall-Street-Supporter.mp4
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-11-10 23:15 - 2013-02-02 16:00 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google
2013-11-10 23:04 - 2012-06-25 15:07 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Tabs
2013-11-10 20:58 - 2013-10-26 05:31 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Old Firefox Data
2013-11-10 20:29 - 2013-02-04 20:42 - 00000000 ____D C:\Program Files\NCH Software
2013-11-10 20:17 - 2013-09-23 02:04 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\xvideo
2013-11-10 20:17 - 2013-04-28 03:21 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\Desktop\Desktop things
2013-11-10 17:10 - 2013-03-15 02:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-11-10 02:47 - 2013-11-10 02:33 - 135514871 _____ C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Michael-Savage-November-8-2013.mp4
2013-11-09 21:19 - 2013-06-28 10:54 - 00000000 ____D C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\News
2013-11-09 19:29 - 2011-11-28 11:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\WINDOWS\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\WINDOWS\system32\AdpeakProxyOff.ini
2013-10-31 10:48 - 2013-10-31 10:48 - 00000000 __SHD C:\found.000

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\User\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\User\Local Settings\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\User\Local Settings\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Documents and Settings\User\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-6u38-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\User\Local Settings\Temp\setup.exe
C:\Documents and Settings\User\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\5283uninstall.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe16.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe1A.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe2.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe36.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe45.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe60.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe7.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe8.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\exe9.tmp.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\Sqlite3.dll
C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[AstwickMartin]

Thank you MrCharlie. Everything with regard to the SS seems to be resolved and there does seem to be a slight improvement. I have an ongoing problem with a lag in the typing and I've wondered if I plugged in a USB connected keyboard if I would still experience this lag or if it is hardware. Do you have any thoughts on this? But, I have identified one other problem that I need to ask about. The problem is the Level Quality Watcher. What do I need to do to resolve this one?

[MrCharlie]

Level Quality Watcher should be gone.

Is it showing up again??

Can you post the fixlog.txt and the log from Malwarebytes.

MrC

[AstwickMartin]

It's gone now. I will keep monitoring to check for its re=reappearance. Thank you very much.

[MrCharlie]

OK...MrC

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.