Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can you please help me as I think my computer is infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can you please help me as I think my computer is infected

Unread postby David South » March 8th, 2013, 10:42 am

Hi

I had a call from someone who said they were from Microsoft and let them take control of my pc.

My friend has since alerted me of the danger of this and has tried to clean my pc, but has been unsuccessful as my task manager is still not working properly and I cant uninstall a programme called system protector.

I have run the dds and attach them below.

Thank you

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by David at 14:26:51 on 2013-03-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2992 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_171_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Giant Savings Extension: {11111111-1111-1111-1111-110211181110} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - LocalServer32 - <no file>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Magentic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Magentic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C377D2A2-6B28-4976-93F7-A4C0B3DC9A83} : DHCPNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yhqyc8hd.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - ExtSQL: 2013-02-16 16:47; testpilot@labs.mozilla.com; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yhqyc8hd.default\extensions\testpilot@labs.mozilla.com.xpi
FF - ExtSQL: 2013-02-25 11:58; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-2-28 65408]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-2-28 177672]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-18 55024]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-10-18 19600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-17 1025880]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-17 377992]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-17 33472]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-17 80888]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-28 45248]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-1-25 166408]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-12-16 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-12-16 128512]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-3-30 1295416]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-3-30 681016]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-5-7 243232]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\System32\drivers\jl2005c.sys [2011-9-18 79664]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-08 13:09:25 -------- dc----w- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2013-03-08 13:09:19 -------- dc----w- C:\ProgramData\SUPERAntiSpyware.com
2013-03-08 13:09:19 -------- dc----w- C:\Program Files\SUPERAntiSpyware
2013-03-05 20:20:50 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96F218F8-6F22-40EC-AB24-C8A84580E7BF}\mpengine.dll
2013-03-02 19:28:47 -------- dc----w- C:\ProgramData\Symantec
2013-03-02 19:28:25 -------- dc----w- C:\Windows\System32\drivers\NSSx64\0307050.005
2013-03-02 19:28:25 -------- dc----w- C:\Windows\System32\drivers\NSSx64
2013-03-02 19:28:25 -------- dc----w- C:\Program Files (x86)\Norton Security Scan
2013-03-02 19:28:19 -------- dc----w- C:\Program Files (x86)\NortonInstaller
2013-03-02 17:27:38 -------- dc----w- C:\Windows\SysWow64\Adobe
2013-03-02 17:24:42 263064 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-02-28 21:52:56 177672 -c--a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-02-28 21:52:54 65408 -c--a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-02-27 01:47:43 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 01:18:15 -------- dc----w- C:\Users\David\AppData\Local\{75C1A19C-8CE0-4FB6-967A-57171DA75939}
2013-02-20 19:15:11 -------- dcsh--w- C:\$RECYCLE.BIN
2013-02-20 18:48:29 98816 -c--a-w- C:\Windows\sed.exe
2013-02-20 18:48:29 256000 -c--a-w- C:\Windows\PEV.exe
2013-02-20 18:48:29 208896 -c--a-w- C:\Windows\MBR.exe
2013-02-20 18:15:00 12872 -c--a-w- C:\Windows\System32\bootdelete.exe
2013-02-20 18:08:34 -------- dc----w- C:\ProgramData\HitmanPro
2013-02-20 16:46:28 388096 -c--a-r- C:\Users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-20 16:46:28 -------- dc----w- C:\Program Files (x86)\Trend Micro
2013-02-18 20:59:31 -------- dc----w- C:\Program Files (x86)\Inbox Toolbar
2013-02-17 11:21:38 -------- dc----w- C:\Program Files (x86)\MyPC Backup
2013-02-16 16:47:10 -------- dc----w- C:\Users\David\AppData\Local\Mozilla
2013-02-16 16:47:01 -------- dc----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-16 16:06:26 -------- dc----w- C:\Program Files (x86)\Yahoo!
2013-02-16 16:06:21 -------- dc----w- C:\Program Files (x86)\IObit
2013-02-16 15:53:46 -------- dc----w- C:\Users\David\AppData\Local\LogMeIn Rescue Applet
2013-02-16 15:06:58 -------- dc----w- C:\Users\David\AppData\Local\{955CA103-8257-4387-87F5-1B48DD211832}
2013-02-16 07:24:42 72624 ----a-w- C:\Program Files\Internet Explorer\pdmproxy100.dll
2013-02-16 07:24:42 70568 ----a-w- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
2013-02-16 07:24:42 514952 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2013-02-16 07:24:42 392080 ----a-w- C:\Program Files (x86)\Internet Explorer\pdm.dll
2013-02-16 07:24:42 368024 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2013-02-16 07:24:42 285080 ----a-w- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
2013-02-13 00:34:51 -------- dc----w- C:\Users\David\AppData\Local\Giant Savings Extension
2013-02-13 00:34:40 -------- dc----w- C:\Windows\SysWow64\searchplugins
2013-02-13 00:34:40 -------- dc----w- C:\Windows\SysWow64\Extensions
2013-02-13 00:34:32 -------- dc----w- C:\Program Files (x86)\Giant Savings Extension
2013-02-13 00:33:51 -------- dc----w- C:\Users\David\AppData\Roaming\Babylon
2013-02-13 00:33:51 -------- dc----w- C:\ProgramData\Babylon
2013-02-13 00:13:53 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 00:13:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 00:13:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 00:13:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 00:13:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 00:13:51 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 00:13:44 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 00:13:43 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:13:43 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 00:13:41 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 00:13:39 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 00:13:39 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-07 23:40:01 -------- dc----w- C:\ProgramData\Systweak
.
==================== Find3M ====================
.
2013-02-28 08:36:33 71064 -c--a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-02-28 08:36:33 1025880 -c--a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-02-28 08:36:32 80888 -c--a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-02-28 08:36:07 41664 -c--a-w- C:\Windows\avastSS.scr
2013-02-28 00:29:30 71024 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 00:29:30 691568 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-27 01:48:59 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-02-27 01:47:43 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-13 00:16:04 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-29 18:17:34 20336 -c--a-w- C:\Windows\System32\roboot64.exe
2013-01-17 01:28:58 273840 -c----w- C:\Windows\System32\MpSigStub.exe
2013-01-08 21:53:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-08 21:53:32 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-12-20 20:05:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-20 20:05:25 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-20 20:05:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-20 20:05:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 16:49:28 24176 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 01:29:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 01:29:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 01:26:32 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 01:26:32 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 14:27:09.55 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06/01/2011 13:59:42
System Uptime: 08/03/2013 13:55:12 (1 hours ago)
.
Motherboard: Packard Bell | | Veriton M275
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 182.322 GiB free.
D: is FIXED (NTFS) - 225 GiB total, 160.796 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP916: 01/03/2013 21:50:09 - Windows Backup
RP917: 02/03/2013 20:34:22 - Windows Backup
RP918: 03/03/2013 13:03:28 - Windows Backup
RP919: 03/03/2013 23:44:15 - Windows Backup
RP920: 04/03/2013 01:38:54 - Windows Backup
RP921: 05/03/2013 20:20:06 - Windows Update
RP922: 06/03/2013 01:23:24 - Windows Backup
RP923: 07/03/2013 04:37:14 - Windows Backup
RP924: 07/03/2013 23:43:02 - Windows Backup
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Advanced File Optimizer
Advanced System Protector
Advertising Center
ArcSoft PhotoStudio 5.5
Ask Toolbar
avast! Free Antivirus
Ballistik
Bejeweled 2 Deluxe
Bing Desktop
Blasterball 3
Bob the Builder Can-Do-Zoo
Boom Voyage
Build-a-lot 2
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner
Chicken Invaders 3 - Revenge of the Yolk
Coupon Printer
D3DX10
eBay Worldwide
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON SX218 Series Manual
EPSON SX218 Series Printer Uninstall
Escape Rosecliff Island
ESET Online Scanner v3
Faerie Solitaire
FATE - The Traitor Soul
File Type Assistant
FileHippo.com Update Checker
Free File Viewer 2011
Giant Savings Extension
Google Chrome
Google Earth
Google Earth Plug-in
Google Update Helper
HiJackThis
HiYo
HiYo
Hotkey Utility
Identity Card
ImagXpress
Inbox Toolbar
Insaniquarium Deluxe
InstallIQ Updater
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
Jewel Quest
Jewel Quest Solitaire 3
Junk Mail filter update
Magentic
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nero 9 Essentials
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Update
NeroExpress
neroxml
Norton Security Scan
Packard Bell Game Console
Packard Bell Games
Packard Bell InfoCentre
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Software Suite SE
Packard Bell Updater
Penguins!
Picasa 3
Polar Bowler
Polar Golfer
Polar Pool
Realtek High Definition Audio Driver
Secunia PSI (3.0.0.0006)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype Click to Call
Skype™ 6.2
SkyPlayer for Windows Media Center
SUPERAntiSpyware
swMSM
Treasures of the Deep
Uninstall Dual Mode Camera
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Utility Chest Toolbar
Virtual Families
Virtual Villagers - A New Home
Visual Studio 2008 x64 Redistributables
Welcome Center
WildTangent Games App (Packard Bell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
Yahoo! Toolbar
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
08/03/2013 13:54:32, Error: volmgr [46] - Crash dump initialization failed!
07/03/2013 03:46:37, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02/03/2013 21:32:09, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
02/03/2013 21:32:09, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
02/03/2013 16:17:49, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user David-PC\David (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
.
==== End Of File ===========================
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am
Advertisement
Register to Remove

Re: Can you please help me as I think my computer is infecte

Unread postby pgmigg » March 8th, 2013, 10:26 pm

Hello David,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can you please help me as I think my computer is infecte

Unread postby pgmigg » March 9th, 2013, 12:39 am

Hello David,
I cant uninstall a programme called system protector.
The full name is Advanced System Protector which is a fake antivirus program. We will remove it separately...

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Ask Toolbar
    Coupon Printer
    HiJackThis
    Inbox Toolbar
    SUPERAntiSpyware
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
Remove Program(s) by Revo Uninstaller
Uninstall programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here, if needed.

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

  1. Right-click on RevoUninProSetup.exe, and select "Run As Administrator..." to install. If UAC prompts, allow it.
  2. Double click Revo Uninstaller from the Start Menu programs list, to run it.
  3. From the list of programs click on (one at a time if more than one program is listed):
    Advanced System Protector
  4. Chose "Uninstall". When prompted click Yes.
  5. Make sure the Moderate option is checked... then click Next.
  6. The program will run, when prompted... click Yes... then Next.
  7. Once the program has searched for leftovers click Next.
  8. Check ONLY the bolded items on the list then... click Next... then Yes.
  9. When done click Finish.
The problem program entriy should now be gone.

Step 4.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 5.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 6.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the JRT.txt log file
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Contents of the SystemLook.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 9th, 2013, 4:52 pm

Thank you for your help.

Step 1. I had no problems creating a system restore point.

Step 2. I could not see the ask toolbar to uninstall it but uninstalled all of the others.

Step 3. I downloaded the program ok but when I chose uninstall I got an error message which said that an uninstall file was missing. I ran it again just to make sure, and selected all the bold items but it didn't appear to work as the program entry is still there.

Step 4. Here is the log;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by David on 09/03/2013 at 12:30:20.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{cf67755f-9265-449c-87cf-b945519e073b}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\ctoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\ctoolbar
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_local_machine\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions
Successfully deleted: [Registry Key] hkey_current_user\software\systweak
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\cshared.tb4client
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\cshared.tb4script
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\cshared.tb4server
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\cshared.tb4server2
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2724386
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2966447
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cf67755f-9265-449c-87cf-b945519e073b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\rebateinformer"
Successfully deleted: [Folder] "C:\Users\David\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\David\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\David\appdata\local\systweak"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\couponalert_2p"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\couponalert_2pei"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\utilitychest_49"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\utilitychest_49"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\49ffxtbr@utilitychest_49.com
Successfully deleted the following from C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\yhqyc8hd.default\prefs.js

user_pref("browser.search.selectedEngine", "Delta Search");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/03/2013 at 12:42:41.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step 5. This ran ok here are the 2 logs;

OTL logfile created on: 09/03/2013 20:28:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.17% Memory free
7.93 Gb Paging File | 6.57 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.45 Gb Total Space | 182.15 Gb Free Space | 81.15% Space Free | Partition Type: NTFS
Drive D: | 225.21 Gb Total Space | 160.80 Gb Free Space | 71.40% Space Free | Partition Type: NTFS
Drive E: | 263.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/09 12:44:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/02/28 08:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 08:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/25 10:34:04 | 002,127,896 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 10:26:16 | 001,295,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/03/30 10:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/03/30 10:26:12 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/28 08:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/28 00:29:30 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/16 00:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/07 13:04:30 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 10:26:16 | 001,295,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/03/30 10:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/18 02:50:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 21:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/28 08:36:34 | 000,177,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/02/28 08:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/02/28 08:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/02/28 08:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/02/28 08:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/02/28 08:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/02/28 08:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/02/28 08:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/11/14 00:20:27 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/14 00:20:27 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 09:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/04/11 08:00:39 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/12/16 14:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/15 19:34:34 | 000,079,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jl2005c.sys -- (JLTECH0227)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/11/15 16:00:00 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\SearchScopes,DefaultScope = {BEA48A1C-448D-4F29-977E-9CA0472A9A59}
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\SearchScopes\{BEA48A1C-448D-4F29-977E-9CA0472A9A59}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB413GB413
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/28 21:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/02 17:24:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/16 16:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/02/20 16:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yhqyc8hd.default\extensions
[2013/02/16 16:47:17 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yhqyc8hd.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/03/02 17:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/18 21:03:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/28 21:52:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/16 00:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 00:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 00:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.msn.com/?pc=UP21&ocid=UP21DHP&dt=021813
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: IncrediMail MediaBar 2 = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj\2.3.19.11_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\

O1 HOSTS File: ([2013/02/20 18:56:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Giant Savings Extension) - {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3375751451-411710517-2975870729-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C377D2A2-6B28-4976-93F7-A4C0B3DC9A83}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/18 17:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/09 12:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/03/09 12:29:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/09 12:29:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/09 12:29:01 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\David\Desktop\JRT.exe
[2013/03/09 12:20:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\VS Revo Group
[2013/03/09 12:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/03/09 12:19:57 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/03/09 12:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/03/09 12:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/03/09 12:19:13 | 009,918,712 | ---- | C] (VS Revo Group ) -- C:\Users\David\Desktop\RevoUninProSetup.exe
[2013/03/08 15:04:37 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Malware logs
[2013/03/08 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/08 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/02 19:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/03/02 19:28:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/03/02 19:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/03/02 19:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/03/02 19:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307050.005
[2013/03/02 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/03/02 17:27:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/03/02 17:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/27 01:49:00 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/02/27 01:49:00 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/02/27 01:49:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/27 01:49:00 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/02/27 01:49:00 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/27 01:49:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/02/27 01:49:00 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/27 01:49:00 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/02/27 01:49:00 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/02/27 01:49:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/02/27 01:49:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/02/27 01:49:00 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/02/27 01:49:00 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/27 01:49:00 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/02/27 01:49:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/02/27 01:49:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/02/27 01:49:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/27 01:49:00 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/02/27 01:49:00 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/27 01:49:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/02/27 01:49:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/02/27 01:49:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/02/27 01:49:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/02/27 01:49:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/02/27 01:49:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/02/27 01:48:59 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/27 01:48:59 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/27 01:48:59 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/27 01:48:59 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/02/27 01:48:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/27 01:48:59 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/02/27 01:48:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/27 01:48:59 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/27 01:48:59 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/27 01:48:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/02/27 01:48:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/02/27 01:48:59 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/02/27 01:48:59 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/27 01:48:59 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/02/27 01:48:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/02/27 01:48:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/27 01:48:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/02/27 01:48:59 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/02/27 01:48:59 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/02/27 01:48:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/27 01:48:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/02/27 01:48:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/02/27 01:48:59 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/02/27 01:48:59 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/27 01:48:59 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/02/27 01:48:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/02/27 01:48:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/02/27 01:48:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/02/27 01:48:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/02/27 01:48:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/02/27 01:48:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/02/27 01:48:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/27 01:48:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/27 01:48:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/02/27 01:48:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/02/27 01:48:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/02/27 01:48:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/27 01:48:59 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/02/27 01:48:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/02/27 01:48:59 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/02/27 01:48:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/02/27 01:47:43 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 01:47:43 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 01:47:43 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 01:47:43 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 01:47:43 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 01:47:43 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 01:47:43 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 01:47:43 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 01:47:43 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 01:47:43 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 01:47:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 01:47:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 01:47:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 01:47:43 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 01:47:43 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 01:47:43 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 01:47:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 01:47:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 01:47:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 01:18:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{75C1A19C-8CE0-4FB6-967A-57171DA75939}
[2013/02/20 19:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/02/20 19:15:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/20 18:54:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/20 18:48:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/20 18:48:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/20 18:48:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/20 18:46:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/20 18:46:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/20 18:15:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/20 18:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/20 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/02/18 22:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magentic by IncrediMail
[2013/02/17 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/02/17 09:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/02/16 16:47:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Mozilla
[2013/02/16 16:47:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Mozilla
[2013/02/16 16:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/02/16 16:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/16 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Yahoo!
[2013/02/16 16:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/02/16 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/02/16 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\LogMeIn Rescue Applet
[2013/02/16 15:06:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{955CA103-8257-4387-87F5-1B48DD211832}
[2013/02/16 07:26:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/02/16 07:24:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/02/16 07:24:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/02/13 00:34:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Giant Savings Extension
[2013/02/13 00:34:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/02/13 00:34:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/02/13 00:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings Extension
[2013/02/13 00:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/13 00:13:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 00:13:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 00:13:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 00:13:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 00:13:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 00:13:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 00:13:44 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 00:13:43 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 00:13:43 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 00:13:39 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[16 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/09 20:30:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 20:30:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 20:29:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/09 20:23:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/09 20:22:59 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/03/09 20:22:41 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/09 12:45:01 | 000,139,264 | ---- | M] () -- C:\Users\David\Desktop\SystemLook.exe
[2013/03/09 12:44:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/03/09 12:29:01 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\David\Desktop\JRT.exe
[2013/03/09 12:19:58 | 000,001,113 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/09 12:19:58 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/03/09 12:19:16 | 009,918,712 | ---- | M] (VS Revo Group ) -- C:\Users\David\Desktop\RevoUninProSetup.exe
[2013/03/09 12:06:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/09 00:17:22 | 000,002,251 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/09 00:17:22 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/08 18:55:45 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/08 18:55:45 | 000,628,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/08 18:55:45 | 000,110,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/08 15:03:48 | 000,000,138 | ---- | M] () -- C:\Users\David\Desktop\Gmail Inbox.url
[2013/03/02 21:31:19 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for David.job
[2013/03/01 00:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/28 08:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/02/28 08:36:34 | 000,068,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/28 08:36:33 | 001,025,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/28 08:36:33 | 000,377,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/28 08:36:33 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/28 08:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/02/28 08:36:32 | 000,080,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/28 08:36:31 | 000,033,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/28 08:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/28 08:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/28 00:29:30 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 00:29:30 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/27 01:49:00 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/02/27 01:49:00 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/02/27 01:49:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/27 01:49:00 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/02/27 01:49:00 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/27 01:49:00 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/02/27 01:49:00 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/27 01:49:00 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/02/27 01:49:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/02/27 01:49:00 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/02/27 01:49:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/02/27 01:49:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/02/27 01:49:00 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/27 01:49:00 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/02/27 01:49:00 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/02/27 01:49:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/02/27 01:49:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/27 01:49:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/02/27 01:49:00 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/27 01:49:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/02/27 01:49:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/02/27 01:49:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/02/27 01:49:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/02/27 01:49:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/02/27 01:49:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/02/27 01:48:59 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/27 01:48:59 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/27 01:48:59 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/27 01:48:59 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/02/27 01:48:59 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/27 01:48:59 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/02/27 01:48:59 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/27 01:48:59 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/27 01:48:59 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/27 01:48:59 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/02/27 01:48:59 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/02/27 01:48:59 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/02/27 01:48:59 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/27 01:48:59 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/02/27 01:48:59 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/02/27 01:48:59 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/27 01:48:59 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/02/27 01:48:59 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/02/27 01:48:59 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/02/27 01:48:59 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/27 01:48:59 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/02/27 01:48:59 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/02/27 01:48:59 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/02/27 01:48:59 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/27 01:48:59 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/02/27 01:48:59 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/02/27 01:48:59 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/02/27 01:48:59 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/02/27 01:48:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/02/27 01:48:59 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/02/27 01:48:59 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/02/27 01:48:59 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/27 01:48:59 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/27 01:48:59 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/02/27 01:48:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/02/27 01:48:59 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/02/27 01:48:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/27 01:48:59 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/02/27 01:48:59 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/02/27 01:48:59 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/02/27 01:48:59 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/02/27 01:47:43 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 01:47:43 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 01:47:43 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 01:47:43 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 01:47:43 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 01:47:43 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 01:47:43 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 01:47:43 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 01:47:43 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 01:47:43 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 01:47:43 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 01:47:43 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 01:47:43 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 01:47:43 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 01:47:43 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 01:47:43 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 01:47:43 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 01:47:43 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 01:47:43 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/25 17:24:00 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/22 22:10:35 | 000,049,840 | ---- | M] () -- C:\bootsqm.dat
[2013/02/20 18:56:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/20 18:15:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/20 18:05:53 | 000,001,105 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/20 18:05:53 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 01:06:56 | 000,000,850 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/02/16 07:24:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/02/16 07:24:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/02/16 07:24:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/16 07:24:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/13 00:24:26 | 000,272,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 00:22:28 | 005,553,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 00:22:28 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 00:22:28 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 00:16:04 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 00:16:04 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 00:16:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 00:16:04 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 00:16:04 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 00:16:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 00:15:51 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/07 23:40:15 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[16 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/09 12:45:01 | 000,139,264 | ---- | C] () -- C:\Users\David\Desktop\SystemLook.exe
[2013/03/09 12:19:58 | 000,001,113 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/09 12:19:58 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/03/08 22:57:43 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/08 15:03:26 | 000,000,138 | ---- | C] () -- C:\Users\David\Desktop\Gmail Inbox.url
[2013/03/02 19:28:47 | 000,000,448 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for David.job
[2013/03/02 19:28:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307050.005\isolate.ini
[2013/02/28 21:52:56 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/02/28 21:52:54 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/02/22 22:10:35 | 000,049,840 | ---- | C] () -- C:\bootsqm.dat
[2013/02/20 18:48:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/20 18:48:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/20 18:48:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/20 18:48:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/20 18:48:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/20 18:05:53 | 000,001,105 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/16 16:47:03 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/16 07:24:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/16 07:24:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/04 10:59:01 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/01/07 15:36:55 | 000,027,922 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/11 08:03:43 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/11 08:03:43 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/18 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG LiveKive
[2011/01/06 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2011/11/29 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Epson
[2013/02/07 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FreeFileViewer
[2011/05/14 11:45:48 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Gaijin Ent
[2013/01/02 22:27:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HiYo
[2011/01/19 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\magentictb
[2011/01/06 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OEM
[2011/01/06 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Packard Bell
[2011/10/08 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PC Unleashed Online
[2011/11/16 11:58:34 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PCPowerSpeed
[2013/03/09 12:51:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SoftGrid Client
[2011/01/06 15:16:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TP
[2011/01/06 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\WildTangent
[2011/05/02 11:09:28 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/04/12 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


I will post the extras file and step 6 in the next message
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 9th, 2013, 4:54 pm

OTL Extras logfile created on: 09/03/2013 20:28:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.17% Memory free
7.93 Gb Paging File | 6.57 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.45 Gb Total Space | 182.15 Gb Free Space | 81.15% Space Free | Partition Type: NTFS
Drive D: | 225.21 Gb Total Space | 160.80 Gb Free Space | 71.40% Space Free | Partition Type: NTFS
Drive E: | 263.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C2E6D37-2EF8-4E2F-9442-291145F6F71D}" = rport=138 | protocol=17 | dir=out | app=system |
"{2006C9A2-1D50-4831-BF16-B7594D0AEC0A}" = lport=139 | protocol=6 | dir=in | app=system |
"{2CF341F4-7BBB-4040-A8CB-2F101C0CF5EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{310ED48B-478B-4B40-9911-09C59DCF9324}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47B0E630-B49D-46C6-B7F2-F7A3A59520DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5045BB7D-6244-4A90-B2D2-DC9C475049D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{5475B98C-A49C-48C9-B579-45E30B55EAC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{72C890D2-978C-4F5F-A3DD-34F26F81CE33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87A54FB9-774E-4E3F-9B46-6C5153823F96}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B02D38D-7F47-42F5-9ECC-3DBAF023E419}" = lport=445 | protocol=6 | dir=in | app=system |
"{9756B778-41EC-42BF-B3AB-AAAD2E1A5FFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1CA6852-F09D-4588-98C7-3DFF219C9C16}" = lport=138 | protocol=17 | dir=in | app=system |
"{EC3FC1AC-66EE-47DB-8BFE-BE327DF15541}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F283AEA1-DDE7-4FA9-9781-9B36011C0E7E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12EEFC65-4031-4B34-9799-8D6EBDC0A747}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1CF12B65-B2B2-4C6B-990A-DB8252422454}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9F0024BC-3FAC-4204-80C2-B4937927C44E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A6879C60-8F32-4349-BE6B-A512DE4DD203}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{1A5E8DF3-92AA-4A23-98AF-A04FC569E913}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{9DA67A32-313E-4803-8463-4A8D8F533DA5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{DED90FC8-60EF-4454-B69C-80B65E96052D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{EA9B1C5E-0BB7-4DB3-B90C-493E614D6526}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E1E235-AB45-4695-A156-073118949ED4}" = HiYo
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{4231bb40-681b-4311-89ba-7f87f67c8895}" = Nero 9 Essentials
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced File Optimizer_is1" = Advanced File Optimizer
"avast" = avast! Free Antivirus
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"FreeFileViewer_is1" = Free File Viewer 2011
"Giant Savings Extension" = Giant Savings Extension
"HiYo" = HiYo
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.0006)
"Trusted Software Assistant_is1" = File Type Assistant
"UtilityChest_49bar Uninstall" = Utility Chest Toolbar
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
"WTA-bd0f1c4f-f870-49f8-b7a1-a57503ad0755" = Boom Voyage
"WTA-f7780f82-9b6d-4daa-8cc7-2d377edfbd8e" = Treasures of the Deep
"WTA-fd292765-f0b2-4fd7-9a51-db80eb5995d6" = Ballistik
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2013 16:33:35 | Computer Name = David-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

[ Media Center Events ]
Error - 09/03/2013 16:26:07 | Computer Name = David-PC | Source = MCUpdate | ID = 0
Description = 20:26:07 - Error connecting to the internet. 20:26:07 - Unable
to contact server..

Error - 09/03/2013 16:26:17 | Computer Name = David-PC | Source = MCUpdate | ID = 0
Description = 20:26:12 - Error connecting to the internet. 20:26:12 - Unable
to contact server..

[ System Events ]
Error - 09/03/2013 16:22:35 | Computer Name = David-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 09/03/2013 16:22:35 | Computer Name = David-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 09/03/2013 16:22:44 | Computer Name = David-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >


Step 6. Here is the log;

SystemLook 30.07.11 by jpshortstuff
Log created at 20:39 on 09/03/2013 by David
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Community*"
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\ElementsOrganizer\8.0\Win\Using\images\Community.png --a--c- 3542 bytes [21:35 04/08/2009] [21:35 04/08/2009] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\PhotoshopElements\8.0\Win\Using\images\Community.png --a--c- 3542 bytes [21:56 12/08/2009] [21:56 12/08/2009] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Nero\Nero 9\Nero Express\OnlineServices\NOSWebCommunity.dll --a--c- 3269928 bytes [19:16 02/12/2009] [19:16 02/12/2009] 2CC61654B9E3B96BE86B7436E05F21C7
C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\OnlineServices\NOSWebCommunity.dll --a--c- 3142952 bytes [21:09 15/01/2010] [21:09 15/01/2010] B7E958604F7C3E359F4C96B906A9C11A
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\es-es\img\community_forums_button.gif --a--c- 2277 bytes [02:37 11/11/2008] [19:07 06/01/2011] 516B650942B5162B47288D2EDFB3E775
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\es-es\img\community_forums_button_o.gif --a--c- 2307 bytes [02:37 11/11/2008] [19:07 06/01/2011] F1FA2008161F4C7A917C096D388822AA
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\fr\Community.html --a--c- 13529 bytes [03:06 10/10/2009] [19:07 06/01/2011] 85E6472AFABDB0127B348A77BDA06D1C
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\fr\img\community_forums_button.gif --a--c- 2219 bytes [02:37 11/11/2008] [19:07 06/01/2011] 96E89489322508807B3A0BCDA31C20BD
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\fr\img\community_forums_button_o.gif --a--c- 2236 bytes [02:37 11/11/2008] [19:07 06/01/2011] 00D11B4608246D166917A8816F36946B
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\it\Community.html --a--c- 13466 bytes [03:06 10/10/2009] [19:07 06/01/2011] AB82135E2B723CB8EF9712DA2C86DE14
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\it\img\community_forums_button.gif --a--c- 2258 bytes [02:37 11/11/2008] [19:07 06/01/2011] 018A57B3EC76BF8DDE48695DAF665F8A
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\it\img\community_forums_button_o.gif --a--c- 2269 bytes [02:37 11/11/2008] [19:07 06/01/2011] FC63398BB95B399A1C317A25DF2A65EB
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\ko-kr\Community.html --a--c- 13579 bytes [03:06 10/10/2009] [19:07 06/01/2011] 50FA87A8D57EE36FCDD99BE804CA4C60
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\ko-kr\img\community_forums_button.gif --a--c- 2192 bytes [02:37 11/11/2008] [19:07 06/01/2011] A98C95809F38BCD1A350896A8AAB06F9
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\ko-kr\img\community_forums_button_o.gif --a--c- 2212 bytes [02:37 11/11/2008] [19:07 06/01/2011] F553FF26ECC0D6E16914EEA3975B46A2
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\pt\Community.html --a--c- 13519 bytes [21:53 30/09/2010] [21:53 30/09/2010] 6395815E650E918305883BFC77D4F595
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\pt\img\community_forums_button.gif --a--c- 2321 bytes [23:56 04/03/2010] [23:56 04/03/2010] D6B0DB2E77C30475925D425B0637EC51
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\pt\img\community_forums_button_o.gif --a--c- 2335 bytes [23:56 04/03/2010] [23:56 04/03/2010] 5B2D30A0254B35FC25B0CA9B493F484E
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\zh\Community.html --a--c- 13441 bytes [03:06 10/10/2009] [19:07 06/01/2011] 3B5C0700F8F549F4FC6F1458DB7D6990
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\zh\img\community_forums_button.gif --a--c- 2550 bytes [02:37 11/11/2008] [19:07 06/01/2011] 3453AC57AF645E792C1F184AAC8BE4B1
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\zh\img\community_forums_button_o.gif --a--c- 2568 bytes [02:37 11/11/2008] [19:07 06/01/2011] 8366CECF868116946B8E9278C9616536
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\zh-cn\Community.html --a--c- 13471 bytes [03:06 10/10/2009] [19:07 06/01/2011] 04B7D69211970B2DAE126B9C1A29B18C
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\zh-cn\img\community_forums_button.gif --a--c- 2534 bytes [02:37 11/11/2008] [19:07 06/01/2011] 32F2B2814FACA076B3AB60EF176F29B8
C:\ProgramData\WildTangent\Packard Bell Game Console\UI\htdocs2\zh-cn\img\community_forums_button_o.gif --a--c- 2575 bytes [02:37 11/11/2008] [19:07 06/01/2011] 67BD96B24A34DCD4508CC231D8472962
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\es-es\img\community_forums_button.gif --a--c- 2277 bytes [02:37 11/11/2008] [19:07 06/01/2011] 516B650942B5162B47288D2EDFB3E775
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\es-es\img\community_forums_button_o.gif --a--c- 2307 bytes [02:37 11/11/2008] [19:07 06/01/2011] F1FA2008161F4C7A917C096D388822AA
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\fr\Community.html --a--c- 13529 bytes [03:06 10/10/2009] [19:07 06/01/2011] 85E6472AFABDB0127B348A77BDA06D1C
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\fr\img\community_forums_button.gif --a--c- 2219 bytes [02:37 11/11/2008] [19:07 06/01/2011] 96E89489322508807B3A0BCDA31C20BD
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\fr\img\community_forums_button_o.gif --a--c- 2236 bytes [02:37 11/11/2008] [19:07 06/01/2011] 00D11B4608246D166917A8816F36946B
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\it\Community.html --a--c- 13466 bytes [03:06 10/10/2009] [19:07 06/01/2011] AB82135E2B723CB8EF9712DA2C86DE14
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\it\img\community_forums_button.gif --a--c- 2258 bytes [02:37 11/11/2008] [19:07 06/01/2011] 018A57B3EC76BF8DDE48695DAF665F8A
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\it\img\community_forums_button_o.gif --a--c- 2269 bytes [02:37 11/11/2008] [19:07 06/01/2011] FC63398BB95B399A1C317A25DF2A65EB
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\ko-kr\Community.html --a--c- 13579 bytes [03:06 10/10/2009] [19:07 06/01/2011] 50FA87A8D57EE36FCDD99BE804CA4C60
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\ko-kr\img\community_forums_button.gif --a--c- 2192 bytes [02:37 11/11/2008] [19:07 06/01/2011] A98C95809F38BCD1A350896A8AAB06F9
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\ko-kr\img\community_forums_button_o.gif --a--c- 2212 bytes [02:37 11/11/2008] [19:07 06/01/2011] F553FF26ECC0D6E16914EEA3975B46A2
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\pt\Community.html --a--c- 13519 bytes [21:53 30/09/2010] [21:53 30/09/2010] 6395815E650E918305883BFC77D4F595
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\pt\img\community_forums_button.gif --a--c- 2321 bytes [23:56 04/03/2010] [23:56 04/03/2010] D6B0DB2E77C30475925D425B0637EC51
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\pt\img\community_forums_button_o.gif --a--c- 2335 bytes [23:56 04/03/2010] [23:56 04/03/2010] 5B2D30A0254B35FC25B0CA9B493F484E
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\zh\Community.html --a--c- 13441 bytes [03:06 10/10/2009] [19:07 06/01/2011] 3B5C0700F8F549F4FC6F1458DB7D6990
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\zh\img\community_forums_button.gif --a--c- 2550 bytes [02:37 11/11/2008] [19:07 06/01/2011] 3453AC57AF645E792C1F184AAC8BE4B1
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\zh\img\community_forums_button_o.gif --a--c- 2568 bytes [02:37 11/11/2008] [19:07 06/01/2011] 8366CECF868116946B8E9278C9616536
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\zh-cn\Community.html --a--c- 13471 bytes [03:06 10/10/2009] [19:07 06/01/2011] 04B7D69211970B2DAE126B9C1A29B18C
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\zh-cn\img\community_forums_button.gif --a--c- 2534 bytes [02:37 11/11/2008] [19:07 06/01/2011] 32F2B2814FACA076B3AB60EF176F29B8
C:\Users\All Users\WildTangent\Packard Bell Game Console\UI\htdocs2\zh-cn\img\community_forums_button_o.gif --a--c- 2575 bytes [02:37 11/11/2008] [19:07 06/01/2011] 67BD96B24A34DCD4508CC231D8472962

Searching for "*Conduit*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\IObit Freeware.url --a--c- 131 bytes [16:06 16/02/2013] [16:06 16/02/2013] AC1B41E7AB7B62C4065FE25E77F9B2E0

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
C:\Firefox\toolbar@ask.com d----c- [21:58 07/11/2012]

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
C:\Program Files (x86)\IObit d----c- [16:06 16/02/2013]

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"="04/12/2012 14:34"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]
@="GenericAskToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]
@="IAskToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]
@="IAskToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]
@="GenericAskToolbar"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"="04/12/2012 14:34"

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"="04/12/2012 14:34"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
"AppPath"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
"AppPath"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
"HelpLink"="http://about.ask.com/en/docs/about/index.shtml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
"InstallLocation"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
"Publisher"="Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"="04/12/2012 14:34"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
"AppPath"="C:\Program Files (x86)\Ask.com\"

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe\1"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe\1"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe\1"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Google\GECommonSettings\LayersVisibility\http:__kh.google.com:80_\http:__mw1.google.com_mw-earth-vectordb_gallery_layers_gallery_root_en-GB.kmz]
"Google Earth Community"="true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Google\GECommonSettings\LayersVisibility\http:__kh.google.com:80_\http:__mw1.google.com_mw-earth-vectordb_gallery_layers_gallery_root_en-GB.kmz]
"Google Earth Community"="true"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS]

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\DataMngr_Toolbar]

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Yahoo\Companion]
"sc"="iobit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Yahoo\Companion]
"dc"="v7_iobit"
[HKEY_CURRENT_USER\Software\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"sc"="iobit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"dc"="v7_iobit"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\AppDataLow\Software\Yahoo\Companion]
"sc"="iobit"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\AppDataLow\Software\Yahoo\Companion]
"dc"="v7_iobit"
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\IObit]

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby pgmigg » March 10th, 2013, 12:47 am

Hello David,
Step 2. I could not see the ask toolbar to uninstall it but uninstalled all of the others.
It is OK - please don't worry. We will remove the rest too.
Step 3. I downloaded the program ok but when I chose uninstall I got an error message which said that an uninstall file was missing. I ran it again just to make sure, and selected all the bold items but it didn't appear to work as the program entry is still there.
Good try! :)
Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
    O2 - BHO: (Giant Savings Extension) - {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    
    :Files
    C:\Program Files\SUPERAntiSpyware
    C:\Program Files (x86)\Trend Micro
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magentic by IncrediMail
    C:\Program Files (x86)\IObit
    C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\IObit Freeware.url
    C:\Firefox\toolbar@ask.com
    C:\Program Files (x86)\Advanced System Protector
    C:\Windows\SysWow64\*.tmp
    C:\windows\*.tmp
    @C:\ProgramData\TEMP:0B4227B4
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" =-
    "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" =-
    "Giant Savings Extension" =-
    "UtilityChest_49bar Uninstall" =-
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
    "HelpLink"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
    "PreviewDetails"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
    "PreviewDetails"=-
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"=-
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
    "AppPath"=-
    [HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
    @=""
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    @=""
    [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
    [-HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\DataMngr_Toolbar]
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Yahoo\Companion]
    "sc"=-
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Yahoo\Companion]
    "dc"=-
    [-HKEY_CURRENT_USER\Software\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
    "sc"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
    "dc"=-
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\AppDataLow\Software\Yahoo\Companion]
    "sc"=-
    [HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\AppDataLow\Software\Yahoo\Companion]
    "dc"=-
    [-HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\IObit]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 10th, 2013, 12:57 pm

Hi

My pc does not appear to be changed as my task manager still has not buttons or tabs.

The OTL file is here;
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@UtilityChest_49.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181110}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181110}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
C:\Program Files\SUPERAntiSpyware folder moved successfully.
C:\Program Files (x86)\Trend Micro\HiJackThis folder moved successfully.
C:\Program Files (x86)\Trend Micro folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magentic by IncrediMail folder moved successfully.
C:\Program Files (x86)\IObit\Advanced WindowsCare V2\Backup\Registry folder moved successfully.
C:\Program Files (x86)\IObit\Advanced WindowsCare V2\Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced WindowsCare V2 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\IObit Freeware.url moved successfully.
C:\Firefox\toolbar@ask.com\searchplugins folder moved successfully.
C:\Firefox\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Firefox\toolbar@ask.com\defaults folder moved successfully.
C:\Firefox\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Firefox\toolbar@ask.com\chrome\content folder moved successfully.
C:\Firefox\toolbar@ask.com\chrome folder moved successfully.
C:\Firefox\toolbar@ask.com folder moved successfully.
File\Folder C:\Program Files (x86)\Advanced System Protector not found.
C:\Windows\SysWow64\sho12DD.tmp moved successfully.
C:\Windows\SysWow64\sho1B0E.tmp moved successfully.
C:\Windows\SysWow64\sho3D4D.tmp moved successfully.
C:\Windows\SysWow64\sho536F.tmp moved successfully.
C:\Windows\SysWow64\sho6C3A.tmp moved successfully.
C:\Windows\SysWow64\sho779F.tmp moved successfully.
C:\Windows\SysWow64\sho7A3E.tmp moved successfully.
C:\Windows\SysWow64\sho7A8B.tmp moved successfully.
C:\Windows\SysWow64\sho8324.tmp moved successfully.
C:\Windows\SysWow64\sho8E6B.tmp moved successfully.
C:\Windows\SysWow64\shoA66C.tmp moved successfully.
C:\Windows\SysWow64\shoB762.tmp moved successfully.
C:\Windows\SysWow64\shoD671.tmp moved successfully.
C:\Windows\SysWow64\shoE427.tmp moved successfully.
C:\Windows\SysWow64\shoE81D.tmp moved successfully.
C:\Windows\SysWow64\shoFA84.tmp moved successfully.
File\Folder C:\windows\*.tmp not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\David\Desktop\cmd.bat deleted successfully.
C:\Users\David\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{86D4B82A-ABED-442A-BE86-96357B70F4FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Giant Savings Extension not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\UtilityChest_49bar Uninstall not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\\HelpLink deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\\InstallLocation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task\\PreviewDetails deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task\\PreviewDetails scheduled to be deleted on reboot.
Registry value HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\\AppPath not found.
HKEY_CURRENT_USER\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\DataMngr_Toolbar\ not found.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\Yahoo\Companion\\sc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\Yahoo\Companion\\dc deleted successfully.
Registry key HKEY_CURRENT_USER\Software\IObit\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion\\sc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion\\dc deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\AppDataLow\Software\Yahoo\Companion\\sc not found.
Registry value HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\AppDataLow\Software\Yahoo\Companion\\dc not found.
Registry key HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\IObit\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 22273562 bytes
->Temporary Internet Files folder emptied: 23852903 bytes
->FireFox cache emptied: 5969197 bytes
->Google Chrome cache emptied: 15969403 bytes
->Flash cache emptied: 58454 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 556585 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 94355 bytes
RecycleBin emptied: 175833040 bytes

Total Files Cleaned = 233.00 mb


[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: David

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03102013_152032

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5LE2D4UJ\viewtopic[1].htm moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task\\PreviewDetails scheduled to be deleted on reboot.


and the eset scan found a threat, but obviously didn't remove it because I didn't have the remove box ticked as you instructed.

The eset log is here; - isn't very big although the scan took 50 minutes

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby pgmigg » March 10th, 2013, 7:24 pm

Hello David,
and the eset scan found a threat, but obviously didn't remove it because I didn't have the remove box ticked as you instructed.

The eset log is here; - isn't very big although the scan took 50 minutes

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
It is not a log which I would like to see especially in the case when a threat was found. Please try to find it again in the one of two directories:
  1. C:\Program Files\ESET\ESET Online Scan\log.txt
  2. C:\Program Files (x86)\ESET\ESET Online Scan\log.txt
and post the content of it here.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 11th, 2013, 3:04 am

I can't find any other log file in the programs files folders. The log I posted was found in the x86 program files as there was not an eset entry in the other (non x86) program files folder.

I am currently running the scan again - exactly as you said before, but as a notepad log didn't pop up automatically, I'll still select finish and then search for the log manually as it is recent it shouldn't be too hard to find.

I'll then post it (hopefully)

Thank you for your help so far.
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 11th, 2013, 3:57 am

After the scan I clicked on details and saved it to a text file - here it is

C:\Qoobox\Quarantine\C\Program Files (x86)\Giant Savings Extension\GiANt savings extension.dll.vir a variant of Win32/Toolbar.CrossRider.A application


There was no notepad window or anything.

Is this the information you needed.

also I had an error message saying bing toolbar or desktop had stopped working and my task manager is still without buttons or tabs, so I guess im still infected ?
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby pgmigg » March 11th, 2013, 2:27 pm

Hello David,
and my task manager is still without buttons or tabs, so I guess im still infected ?
I don't think so. I guess you have got the headers hidden somehow. Please try to double click in the white border which you can see around the data window. You will get your headers and menu back.
I am currently running the scan again - exactly as you said before, but as a notepad log didn't pop up automatically, I'll still select finish and then search for the log manually as it is recent it shouldn't be too hard to find.
Sorry if I confused you somehow - please find below updated instruction to run ESET Online Scanner one more time:

ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Status of Task Manager after the fix.
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 12th, 2013, 5:11 pm

Hi

The eset scan log is here;

C:\Qoobox\Quarantine\C\Program Files (x86)\Giant Savings Extension\GiANt savings extension.dll.vir a variant of Win32/Toolbar.CrossRider.A application


My task manager is back - thank you, I'm not sure how I did it in the first place.

My pc seems to be working ok, but I thought it was ok before the task manager went wonky, and that the task manager was a symptom of an infection.

How should I remove the threat that the eset scanner has identified, and was my system badly infected.

Thank you for your help.
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby pgmigg » March 13th, 2013, 12:54 am

Hello David,

Good job! :D
My task manager is back - thank you, I'm not sure how I did it in the first place.
I am glad to hear it!
How should I remove the threat that the eset scanner has identified, and was my system badly infected.
Your PC was not badly infected. The threat was found by ESET was removed already by ComboFix you run 02/20/2013 which created C:\Qoobox\Quarantine directory and placed infected file there in specal format. Please don't worry about this file.

We are still not finished yet - let continue our treatment...

Step 1.
Malwarebytes' Anti-Malware (MBAM) Full Scan
Your logs indicates that you already have MBAM on your computer.
  1. Please start MBAM .
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file will open.
    • OTL.txt <-- Will be opened, maximized
    • Please post the contents of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent MBAM Log file.
  3. Contents of the most recent OTL.txt file after fresh OTL scan
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 13th, 2013, 8:16 am

Here is the malware bytes scan - I will run the OTL scan now and post it soon

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
David :: DAVID-PC [administrator]

13/03/2013 07:21:42
mbam-log-2013-03-13 (07-21-42).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341631
Time elapsed: 34 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am

Re: Can you please help me as I think my computer is infecte

Unread postby David South » March 13th, 2013, 8:26 am

Here is the OTL file

OTL logfile created on: 13/03/2013 12:18:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.95% Memory free
7.93 Gb Paging File | 6.32 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.45 Gb Total Space | 183.45 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive D: | 225.21 Gb Total Space | 160.80 Gb Free Space | 71.40% Space Free | Partition Type: NTFS
Drive E: | 263.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/09 12:44:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/02/28 08:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 08:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 10:26:16 | 001,295,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/03/30 10:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/03/30 10:26:12 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/28 08:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/12 20:29:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/02/16 00:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/07 13:04:30 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 10:26:16 | 001,295,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/03/30 10:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/18 02:50:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 21:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/28 08:36:34 | 000,177,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/02/28 08:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/02/28 08:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/02/28 08:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/02/28 08:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/02/28 08:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/02/28 08:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/02/28 08:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/11/14 00:20:27 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/14 00:20:27 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 09:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/04/11 08:00:39 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/12/16 14:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/15 19:34:34 | 000,079,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jl2005c.sys -- (JLTECH0227)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/11/15 16:00:00 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\SearchScopes,DefaultScope = {BEA48A1C-448D-4F29-977E-9CA0472A9A59}
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\..\SearchScopes\{BEA48A1C-448D-4F29-977E-9CA0472A9A59}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB413GB413
IE - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/28 21:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/02 17:24:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/16 16:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/02/20 16:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yhqyc8hd.default\extensions
[2013/02/16 16:47:17 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yhqyc8hd.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/03/02 17:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/18 21:03:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/28 21:52:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/16 00:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 00:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 00:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.msn.com/?pc=UP21&ocid=UP21DHP&dt=021813
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.160\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: IncrediMail MediaBar 2 = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj\2.3.19.11_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\

O1 HOSTS File: ([2013/02/20 18:56:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3375751451-411710517-2975870729-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3375751451-411710517-2975870729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C377D2A2-6B28-4976-93F7-A4C0B3DC9A83}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/18 17:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 15:20:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/09 12:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/03/09 12:29:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/09 12:29:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/09 12:29:01 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\David\Desktop\JRT.exe
[2013/03/09 12:20:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\VS Revo Group
[2013/03/09 12:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/03/09 12:19:57 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/03/09 12:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/03/09 12:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/03/09 12:19:13 | 009,918,712 | ---- | C] (VS Revo Group ) -- C:\Users\David\Desktop\RevoUninProSetup.exe
[2013/03/08 15:04:37 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Malware logs
[2013/03/08 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/02 19:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/03/02 19:28:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/03/02 19:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/03/02 19:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/03/02 19:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307050.005
[2013/03/02 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/03/02 17:27:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/03/02 17:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/27 01:49:00 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/02/27 01:49:00 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/02/27 01:49:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/27 01:49:00 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/02/27 01:49:00 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/27 01:49:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/02/27 01:49:00 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/27 01:49:00 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/02/27 01:49:00 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/02/27 01:49:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/02/27 01:49:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/02/27 01:49:00 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/02/27 01:49:00 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/27 01:49:00 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/02/27 01:49:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/02/27 01:49:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/02/27 01:49:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/27 01:49:00 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/02/27 01:49:00 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/27 01:49:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/02/27 01:49:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/02/27 01:49:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/02/27 01:49:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/02/27 01:49:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/02/27 01:49:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/02/27 01:48:59 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/27 01:48:59 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/27 01:48:59 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/27 01:48:59 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/02/27 01:48:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/27 01:48:59 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/02/27 01:48:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/27 01:48:59 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/27 01:48:59 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/27 01:48:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/02/27 01:48:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/02/27 01:48:59 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/02/27 01:48:59 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/27 01:48:59 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/02/27 01:48:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/02/27 01:48:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/27 01:48:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/02/27 01:48:59 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/02/27 01:48:59 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/02/27 01:48:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/27 01:48:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/02/27 01:48:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/02/27 01:48:59 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/02/27 01:48:59 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/27 01:48:59 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/02/27 01:48:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/02/27 01:48:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/02/27 01:48:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/02/27 01:48:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/02/27 01:48:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/02/27 01:48:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/02/27 01:48:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/27 01:48:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/27 01:48:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/02/27 01:48:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/02/27 01:48:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/02/27 01:48:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/27 01:48:59 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/02/27 01:48:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/02/27 01:48:59 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/02/27 01:48:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/02/27 01:47:43 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 01:47:43 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 01:47:43 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 01:47:43 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 01:47:43 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 01:47:43 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 01:47:43 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 01:47:43 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 01:47:43 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 01:47:43 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 01:47:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 01:47:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 01:47:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 01:47:43 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 01:47:43 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 01:47:43 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 01:47:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 01:47:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 01:47:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 01:18:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{75C1A19C-8CE0-4FB6-967A-57171DA75939}
[2013/02/20 19:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/02/20 19:15:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/20 18:54:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/20 18:48:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/20 18:48:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/20 18:48:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/20 18:46:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/20 18:46:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/20 18:15:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/20 18:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/17 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/02/17 09:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/02/16 16:47:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Mozilla
[2013/02/16 16:47:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Mozilla
[2013/02/16 16:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/02/16 16:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/16 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Yahoo!
[2013/02/16 16:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/02/16 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\LogMeIn Rescue Applet
[2013/02/16 15:06:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{955CA103-8257-4387-87F5-1B48DD211832}
[2013/02/16 07:26:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/02/16 07:24:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/02/16 07:24:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/02/13 00:34:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Giant Savings Extension
[2013/02/13 00:34:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/02/13 00:34:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/02/13 00:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings Extension
[2013/02/13 00:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/13 00:13:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 00:13:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 00:13:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 00:13:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 00:13:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 00:13:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 00:13:44 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 00:13:43 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 00:13:43 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 00:13:39 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files - Modified Within 30 Days ==========

[2013/03/13 12:06:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/13 11:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/13 11:16:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/03/13 07:26:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 07:26:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 07:19:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/13 07:18:49 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/12 20:29:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 20:29:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/10 16:50:13 | 000,001,591 | ---- | M] () -- C:\Users\David\Desktop\log - Shortcut.lnk
[2013/03/09 12:45:01 | 000,139,264 | ---- | M] () -- C:\Users\David\Desktop\SystemLook.exe
[2013/03/09 12:44:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/03/09 12:29:01 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\David\Desktop\JRT.exe
[2013/03/09 12:19:58 | 000,001,113 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/09 12:19:58 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/03/09 12:19:16 | 009,918,712 | ---- | M] (VS Revo Group ) -- C:\Users\David\Desktop\RevoUninProSetup.exe
[2013/03/09 00:17:22 | 000,002,251 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/09 00:17:22 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/08 18:55:45 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/08 18:55:45 | 000,628,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/08 18:55:45 | 000,110,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/08 15:03:48 | 000,000,138 | ---- | M] () -- C:\Users\David\Desktop\Gmail Inbox.url
[2013/03/02 21:31:19 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for David.job
[2013/03/01 00:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/28 08:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/02/28 08:36:34 | 000,068,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/28 08:36:33 | 001,025,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/28 08:36:33 | 000,377,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/28 08:36:33 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/28 08:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/02/28 08:36:32 | 000,080,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/28 08:36:31 | 000,033,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/28 08:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/28 08:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/27 01:49:00 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/02/27 01:49:00 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/02/27 01:49:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/27 01:49:00 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/02/27 01:49:00 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/27 01:49:00 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/02/27 01:49:00 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/27 01:49:00 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/02/27 01:49:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/02/27 01:49:00 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/02/27 01:49:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/02/27 01:49:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/02/27 01:49:00 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/27 01:49:00 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/02/27 01:49:00 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/02/27 01:49:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/02/27 01:49:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/27 01:49:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/02/27 01:49:00 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/27 01:49:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/02/27 01:49:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/02/27 01:49:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/02/27 01:49:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/02/27 01:49:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/02/27 01:49:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/02/27 01:48:59 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/27 01:48:59 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/27 01:48:59 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/27 01:48:59 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/02/27 01:48:59 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/27 01:48:59 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/02/27 01:48:59 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/27 01:48:59 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/27 01:48:59 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/27 01:48:59 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/02/27 01:48:59 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/02/27 01:48:59 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/02/27 01:48:59 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/27 01:48:59 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/02/27 01:48:59 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/02/27 01:48:59 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/27 01:48:59 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/02/27 01:48:59 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/02/27 01:48:59 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/02/27 01:48:59 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/27 01:48:59 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/02/27 01:48:59 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/02/27 01:48:59 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/02/27 01:48:59 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/27 01:48:59 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/02/27 01:48:59 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/02/27 01:48:59 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/02/27 01:48:59 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/02/27 01:48:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/02/27 01:48:59 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/02/27 01:48:59 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/02/27 01:48:59 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/27 01:48:59 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/27 01:48:59 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/02/27 01:48:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/02/27 01:48:59 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/02/27 01:48:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/27 01:48:59 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/02/27 01:48:59 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/02/27 01:48:59 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/02/27 01:48:59 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/02/27 01:47:43 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 01:47:43 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 01:47:43 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 01:47:43 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 01:47:43 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 01:47:43 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 01:47:43 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 01:47:43 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 01:47:43 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 01:47:43 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 01:47:43 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 01:47:43 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 01:47:43 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 01:47:43 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 01:47:43 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 01:47:43 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 01:47:43 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 01:47:43 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 01:47:43 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 01:47:43 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 01:47:43 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 01:47:43 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/25 17:24:00 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/20 18:56:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/20 18:15:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/20 18:05:53 | 000,001,105 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/20 18:05:53 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 01:06:56 | 000,000,850 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/02/16 07:24:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/02/16 07:24:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/02/16 07:24:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/16 07:24:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/13 00:24:26 | 000,272,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 00:22:28 | 005,553,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 00:22:28 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 00:22:28 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 00:16:04 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 00:16:04 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 00:16:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 00:16:04 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 00:16:04 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 00:16:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 00:15:51 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files Created - No Company Name ==========

[2013/03/10 16:50:13 | 000,001,591 | ---- | C] () -- C:\Users\David\Desktop\log - Shortcut.lnk
[2013/03/09 12:45:01 | 000,139,264 | ---- | C] () -- C:\Users\David\Desktop\SystemLook.exe
[2013/03/09 12:19:58 | 000,001,113 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/09 12:19:58 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/03/08 22:57:43 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/08 15:03:26 | 000,000,138 | ---- | C] () -- C:\Users\David\Desktop\Gmail Inbox.url
[2013/03/02 19:28:47 | 000,000,448 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for David.job
[2013/03/02 19:28:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307050.005\isolate.ini
[2013/02/28 21:52:56 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/02/28 21:52:54 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/02/20 18:48:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/20 18:48:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/20 18:48:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/20 18:48:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/20 18:48:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/20 18:05:53 | 000,001,105 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/16 16:47:03 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/16 07:24:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/16 07:24:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/04 10:59:01 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/01/07 15:36:55 | 000,027,922 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/11 08:03:43 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/11 08:03:43 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
David South
Active Member
 
Posts: 12
Joined: March 8th, 2013, 10:36 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware