Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I Infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Am I Infected?

Unread postby NickZ » February 28th, 2014, 1:39 am

Just want to be sure, pc seems to run fine.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Nick at 16:36:26 on 2014-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3561.1740 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Pale Moon\palemoon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{915B916C-B75D-47BA-BB2A-45890DF3DA4D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92FF0156-5863-4C62-A864-4464B70317E8} : DHCPNameServer = 10.4.81.103 10.4.182.20
TCP: Interfaces\{CFDB6B73-CB52-4F26-9894-012E77DFD56B} : DHCPNameServer = 192.168.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-13 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-13 42664]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-29 361984]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-1 105120]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-12 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-17 2413056]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-13 2151200]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-13 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-1 158880]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-17 46136]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-10-1 36000]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-31 114704]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-10-1 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-10-1 110240]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-10-1 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-10-1 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-10-1 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-10-1 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-10-1 519328]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-11-13 87040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-13 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-17 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-13 883928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-17 53376]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-12 140376]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-28 111616]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-1-16 9216]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_LTE.sys [2012-1-16 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-13 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-13 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-13 1255736]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2013-11-13 135168]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-13 418376]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-13 5087584]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-02-28 05:15:39 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-28 05:15:39 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-28 05:12:49 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-28 05:10:15 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-28 05:10:15 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-28 05:08:41 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-28 05:08:39 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1E4A14E-9697-4DA8-8778-C3BFE2500827}\gapaengine.dll
2014-02-28 05:04:29 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4CBD380-208F-4003-9E3A-FC6886E20A3A}\mpengine.dll
2014-02-28 05:00:42 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-13 08:49:23 -------- d-----w- C:\Program Files\Defraggler
2014-02-13 08:35:28 -------- d-----w- C:\Program Files (x86)\SpeedFan
2014-02-13 08:05:49 -------- d-----w- C:\Program Files\Speccy
2014-02-13 08:02:33 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2014-02-11 08:25:04 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-07 07:20:23 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-02-07 07:20:18 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-07 06:12:41 -------- d-----w- C:\ProgramData\Informer Technologies, Inc
2014-02-06 10:05:07 -------- d-----w- C:\Program Files (x86)\ESET
2014-02-06 09:08:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-02-06 09:07:29 -------- d-----w- C:\Program Files\iPod
2014-02-06 09:07:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-06 09:07:28 -------- d-----w- C:\Program Files\iTunes
2014-02-06 09:07:28 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-06 09:06:04 -------- d-----w- C:\Program Files\Bonjour
2014-02-06 09:06:04 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-02-05 04:58:09 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-05 04:58:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-02-04 08:27:31 -------- d-----w- C:\ProgramData\Auslogics
2014-02-04 08:27:08 -------- d-----w- C:\Program Files (x86)\Auslogics
2014-02-04 07:43:42 -------- d-----w- C:\Windows\pss
2014-02-04 06:34:44 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-04 06:34:44 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-02-04 06:34:44 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-02-04 06:34:44 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-02-04 06:34:44 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-02-04 06:34:44 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-02-04 06:34:44 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-02-04 06:34:42 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-02-04 06:34:42 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 05:27:05 -------- d-----w- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-02-04 05:26:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-02-04 05:26:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-02-03 07:06:57 -------- d-----w- C:\Users\Nick\AppData\Local\PreEmptive Solutions
2014-02-03 06:58:29 -------- d-----w- C:\Users\Nick\AppData\Roaming\Microsoft FxCop
2014-02-03 06:16:25 -------- d-----w- C:\Users\Nick\AppData\Local\Alex_demontis_VBproductio
2014-02-03 06:00:19 -------- d-----w- C:\ProgramData\Microsoft Visual Studio
2014-02-03 05:27:42 -------- d-----w- C:\Windows\System32\RsFx
2014-02-03 05:20:58 -------- d-----w- C:\Program Files\Microsoft SQL Server
2014-02-03 05:20:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-02-03 05:18:56 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-02-03 05:18:56 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-03 05:18:38 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-02-03 05:16:44 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2014-02-03 05:10:56 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2014-02-03 05:10:42 -------- d-----w- C:\Program Files\IIS
2014-02-03 04:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2014-02-03 04:52:17 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2014-02-03 04:52:16 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-02-03 04:34:55 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2014-02-03 04:21:14 -------- d-----w- C:\Program Files (x86)\Mono-3.2.3
.
==================== Find3M ====================
.
2014-02-07 06:39:53 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-07 06:39:53 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-11 02:35:21 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 02:35:21 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 16:38:00.87 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2013 8:13:27 PM
System Uptime: 28/02/2014 4:27:35 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3567
Processor: AMD A4-3305M APU with Radeon(tm) HD Graphics | Socket FS1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 390.68 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.114 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&2755415C&1&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&2755415C&1&2
Service: BthPan
.
==== System Restore Points ===================
.
RP46: 18/02/2014 2:31:19 PM - Windows Update
RP47: 26/02/2014 1:47:51 PM - Windows Update
RP48: 28/02/2014 3:39:09 PM - Windows Update
RP49: 28/02/2014 3:46:07 PM - Restore Operation
RP50: 28/02/2014 4:04:06 PM - Windows Update
RP51: 28/02/2014 4:13:54 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.0) MUI
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD System Monitor
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Suite (64)
Atheros Driver Installation Program
Auslogics DiskDefrag
Blio
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Convert To MP3 1.0
CyberLink YouCam
D3DX10
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1
Extended Update
Free WMA MP3 Converter
GIMP 2.8.4
Google Chrome
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
HiJackThis
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Internet Explorer (Enable DEP)
IObit Uninstaller
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobile Broadband Manager
MSVCRT
MSVCRT_amd64
opensource
Pale Moon 24.3.1 (x64 en-US)
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Speccy
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TeamViewer 8
Telstra Mobile Broadband Manager
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 beta 1 (64-bit)
ZTE LTE Device USB Driver
.
==== Event Viewer Messages From Past Week ========
.
28/02/2014 4:23:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Microsoft - Keyboard - Microsoft Hardware USB Keyboard.
28/02/2014 4:16:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Microsoft - Pointing Drawing - Microsoft Hardware USB Mouse.
28/02/2014 4:14:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.855.0).
28/02/2014 4:14:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Microsoft - Other hardware - Microsoft Mouse and Keyboard Detection Driver (USB).
28/02/2014 4:14:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: Nick-HP\Nick Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
28/02/2014 4:10:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.36.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
28/02/2014 4:10:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.36.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
28/02/2014 4:10:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
28/02/2014 4:08:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.36.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070643 Error description: Fatal error during installation.
28/02/2014 4:08:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
28/02/2014 4:01:15 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
28/02/2014 4:00:42 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
26/02/2014 2:06:59 PM, Error: Service Control Manager [7030] - The MgAssist Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am
Advertisement
Register to Remove

Re: Am I Infected?

Unread postby pgmigg » February 28th, 2014, 3:31 pm

Hello NickZ,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Am I Infected?

Unread postby pgmigg » March 1st, 2014, 12:11 am

Hello NickZ,
Am I Infected?
Good question! :D Let see...

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    HiJackThis
    IObit Uninstaller
    SUPERAntiSpyware
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Then,
Please tell me is this computer used for business purposes and/or connected to any educational or business network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file
  4. Answer for my question related to type of using of your computer
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Am I Infected?

Unread postby NickZ » March 1st, 2014, 2:19 am

OTL logfile created on: 1/03/2014 5:11:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.48 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 43.89% Memory free
6.95 Gb Paging File | 4.84 Gb Available in Paging File | 69.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.74 Gb Total Space | 390.69 Gb Free Space | 88.44% Space Free | Partition Type: NTFS
Drive D: | 19.86 Gb Total Space | 2.11 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: NICK-HP | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/01 17:08:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/01 12:17:00 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/09/29 10:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/12 08:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/07 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 21:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/13 20:43:02 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 16:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/29 01:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/28 06:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 16:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 20:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/07 17:39:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/01 23:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/04 14:54:28 | 000,326,544 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2011/10/01 12:17:00 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/10/01 11:58:54 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/07/12 08:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/29 12:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/06/07 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 20:45:47 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/11/13 20:45:47 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/11/13 20:45:05 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/13 20:43:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/11/13 20:43:02 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/10/02 13:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/24 01:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 01:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/16 14:03:10 | 000,087,040 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/16 14:03:02 | 000,135,168 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2012/01/16 14:03:02 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2012/01/16 14:03:02 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2012/01/16 14:03:02 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2012/01/16 14:03:02 | 000,018,456 | R--- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_LTE.sys -- (massfilter_lte)
DRV:64bit: - [2012/01/16 14:03:02 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/10/15 17:01:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/15 17:01:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 12:08:26 | 000,519,328 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/10/01 12:07:40 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/10/01 12:07:26 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/10/01 12:06:54 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/10/01 12:06:40 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/10/01 12:06:24 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/10/01 12:06:08 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/10/01 12:05:54 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/08/18 23:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/05/31 11:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/28 06:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/31 09:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/21 14:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 14:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 04:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/19 04:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 08:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 08:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 08:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 07:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 07:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/12 20:28:24 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/12 20:28:24 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.3.1\extensions\\Components: C:\PROGRAM FILES\PALE MOON\COMPONENTS [2014/02/04 18:10:04 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.3.1\extensions\\Plugins: C:\PROGRAM FILES\PALE MOON\PLUGINS

[2013/11/13 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://au.search.yahoo.com/search?fr=ch ... =198484&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms},
CHR - homepage: http://au.search.yahoo.com/?type=198484 ... got-yhp-ch
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.27_0\
CHR - Extension: Google Docs = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Wallet = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-1260303893-1912934433-692988691-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{915B916C-B75D-47BA-BB2A-45890DF3DA4D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92FF0156-5863-4C62-A864-4464B70317E8}: DhcpNameServer = 10.4.81.103 10.4.182.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFDB6B73-CB52-4F26-9894-012E77DFD56B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/01 17:09:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2014/02/28 16:36:06 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Nick\Desktop\dds.scr
[2014/02/28 16:15:39 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/28 16:14:32 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/28 16:14:32 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/28 16:14:31 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/28 16:14:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/28 16:14:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/28 16:14:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/28 16:14:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/28 16:14:28 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/28 16:14:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/28 16:14:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/28 16:14:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/28 16:14:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/28 16:14:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/28 16:14:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/28 16:14:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/28 16:14:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/28 16:14:26 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/28 16:14:26 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/28 16:14:26 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/28 16:14:26 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/28 16:14:24 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/28 16:14:23 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/28 16:14:18 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/28 16:12:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/28 16:12:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/28 16:12:37 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/28 16:12:36 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/28 16:12:36 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/28 16:12:36 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/28 16:12:36 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/28 16:12:36 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/28 16:12:36 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/28 16:12:35 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/28 16:12:35 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/28 16:12:35 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/28 16:12:35 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/28 16:12:35 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/28 16:12:35 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/28 16:12:35 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/28 16:12:34 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/28 16:12:34 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/28 16:12:18 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/28 16:12:17 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/28 16:10:15 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/28 16:10:15 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/26 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\New folder
[2014/02/13 19:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2014/02/13 19:35:30 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014/02/13 19:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014/02/13 19:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2014/02/13 19:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014/02/13 19:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/02/13 19:02:33 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/11 19:25:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/07 17:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Informer Technologies, Inc
[2014/02/06 21:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/06 20:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/06 20:08:20 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/02/06 20:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/06 20:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/06 20:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/02/06 20:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/02/06 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/02/06 20:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/02/06 20:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/02/06 20:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/02/06 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/02/06 19:53:34 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/02/05 16:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/05 16:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/05 16:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/02/05 15:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/05 15:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/05 15:51:30 | 000,000,000 | --SD | C] -- C:\Users\Nick\Documents\Passwords Database
[2014/02/04 19:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014/02/04 19:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/02/04 19:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/02/04 18:43:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/02/04 17:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/04 17:34:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/02/04 17:34:44 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/02/04 17:34:42 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/02/04 16:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/03 18:06:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\PreEmptive Solutions
[2014/02/03 17:58:29 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft FxCop
[2014/02/03 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Alex_demontis_VBproductio
[2014/02/03 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2014/02/03 16:27:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2014/02/03 16:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2014/02/03 16:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014/02/03 16:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014/02/03 16:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2014/02/03 16:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2014/02/03 16:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014/02/03 16:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/02/03 16:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2014/02/03 16:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014/02/03 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2014/02/03 16:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2014/02/03 16:09:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Visual Studio 2008
[2014/02/03 16:08:30 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Visual Studio 2010
[2014/02/03 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2014/02/03 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2014/02/03 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2014/02/03 15:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2014/02/03 15:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2014/02/03 15:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2014/02/03 15:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mono-3.2.3

========== Files - Modified Within 30 Days ==========

[2014/03/01 17:08:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2014/03/01 17:07:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 17:07:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 17:04:29 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/01 17:04:29 | 000,667,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/01 17:04:29 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/01 17:00:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/01 17:00:01 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/03/01 16:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/01 16:59:38 | 3734,405,120 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/28 16:36:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Nick\Desktop\dds.scr
[2014/02/28 16:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/28 16:19:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/28 16:19:04 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/02/28 16:19:04 | 000,000,119 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\WB.CFG
[2014/02/28 16:18:11 | 000,766,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/28 16:03:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/02/13 19:02:05 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNick.job
[2014/02/07 17:39:53 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/07 17:39:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/06 22:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 22:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 22:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 21:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 21:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 21:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 21:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 21:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 21:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 21:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 21:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 21:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 21:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 20:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 20:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 20:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 20:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 20:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 20:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 20:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 20:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 19:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 19:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 15:58:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/04 18:29:21 | 000,277,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2014/02/28 16:03:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/02/07 17:39:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/06 20:06:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/02/05 15:58:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/05 15:58:15 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/31 14:19:04 | 000,000,119 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\WB.CFG
[2013/12/17 16:29:37 | 000,007,602 | ---- | C] () -- C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
[2013/11/13 20:43:03 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/11/13 20:43:03 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/11/13 20:43:03 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/11/13 20:43:01 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/11/13 20:43:01 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 14:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/13 15:28:06 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVAST Software
[2013/12/08 14:01:04 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\CrystalIdea Software
[2013/11/13 15:43:39 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Gromicho AF Systems
[2013/11/13 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\IObit
[2013/11/13 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Moonchild Productions
[2014/02/04 17:40:41 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\newnext.me
[2013/11/13 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Sierra Wireless
[2013/11/12 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Synaptics
[2014/02/04 17:14:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TeamViewer
[2014/02/11 09:13:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Telstra
[2013/12/31 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\UpdaterEX
[2013/12/22 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby NickZ » March 1st, 2014, 2:23 am

OTL Extras logfile created on: 1/03/2014 5:11:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.48 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 43.89% Memory free
6.95 Gb Paging File | 4.84 Gb Available in Paging File | 69.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.74 Gb Total Space | 390.69 Gb Free Space | 88.44% Space Free | Partition Type: NTFS
Drive D: | 19.86 Gb Total Space | 2.11 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: NICK-HP | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17093A42-8941-4EEF-A5E0-AF226364CE74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B27CC85-9726-46DC-973B-55647FF2C20C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{381CDD18-9999-405B-A308-73AF20FB75FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{38464096-621A-4356-B469-0BFAC2216650}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41468F29-4017-4EFD-8CC2-5BB02F524C3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F943566-3976-4130-B2CF-C4537F629DE3}" = lport=445 | protocol=6 | dir=in | app=system |
"{511B3740-0DCF-4E26-A549-16A677CCFA97}" = lport=137 | protocol=17 | dir=in | app=system |
"{60A35561-30F0-459A-B5B6-97F67C20FFEF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{616FCB24-62F9-4798-A6A3-B6CDEEE35FE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6511F772-8B2D-47FC-ABFA-972AFE80B0A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{6BBCD65B-742B-4D2A-8ABE-B3267C438D43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FB72DD8-6297-4D53-8F3C-AED7232F776C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F62ED27-2353-4329-88A3-E29DD21A3CAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FE70030-B448-41F3-9BB1-5A3DF7DC3404}" = rport=445 | protocol=6 | dir=out | app=system |
"{8537A572-3724-43ED-9128-4294D64113AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85DC6A8D-BBC6-454B-9D39-BF05954AB476}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A48E917E-0798-4D30-968A-B452BAB3BDA0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE50DA9D-8B39-4097-B77D-20D6AF00C932}" = lport=139 | protocol=6 | dir=in | app=system |
"{BD6AA9FA-D96D-4E5C-8FA3-E54EFB3E90A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C8A94FDF-AA03-43C5-BA9F-0756DDF9D0E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E85D899F-1F74-4C19-A0B9-830FD51CD2E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{FED09BC6-1E6C-4509-A23B-82F5A2B4F8D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF5D6481-3590-450D-AFB6-CBA0BC4BE13E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1264BCA9-1B90-4C73-AFE4-3D0B75BCF8F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33CD45A6-871C-4DED-856C-294951E3A5C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{35D5A783-282F-4FFB-8D39-0D14D3244169}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3610BB41-7842-4C56-9A01-B0577919EE7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{36503A03-9517-44AA-9D4C-E3D08BECD947}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A504C58-6AD8-4AB0-A01D-79563463ADD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{49B2E4F4-5E61-4C49-9FC6-979B45C587DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C04104A-3903-437D-9C86-B70BC2CDF7B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4F3C1D93-75A8-40EA-9AB9-4CB82E779C88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69F06AFA-B1B9-498C-B591-36D95AAF13A6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6EA3C57C-5E5C-450B-A349-2C897A7B7A3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C3597C1-92E2-47C5-93B6-3454EC482B79}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8263B27B-46C4-41DD-B808-935E785CED73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{83402A41-67EC-4E3A-98EA-BECF086F1E25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7581CD-FBB5-4A84-814F-955A5F5A177C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8C513DBB-CB7B-4E0B-81A2-39AB0AEFC108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{986EF246-8B0F-4A64-94C1-3973E4F72DAD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99A1FAE8-06E4-48CA-90EC-DBA53688DFE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BBA36FC-8031-4C97-B6A6-15870A1CEBB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A785A534-E49D-41A9-AB7F-C488C431531F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B81FAC2B-7100-4782-8226-678379EE0CCF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6AE6C03-7656-4ED0-9843-083943971DB8}" = protocol=6 | dir=out | app=system |
"{D89DC69A-8C78-4802-BDAF-DCAC40BFBBD3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9DF57AE-5A3B-4077-910D-FB55C429C270}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAB2C296-6632-42B7-A127-A4E1A9B529F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2FB187C-A793-4C79-8318-DCBD5F033391}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ECEE43B4-63A0-45DA-869D-DC0B16E7A7FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F4A108FC-394A-46C0-B750-EEA5416FB1EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB313E49-BA81-40BB-8D3C-F1ED304856D0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{FCEAC257-36F6-44A4-A4AE-CECCD1D8AD8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FF18C24D-2773-47B9-AA36-49D4ACA07FEC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}" = ZTE LTE Device USB Driver
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel
"{45726347-6D97-4613-9F89-A9635ACBD34D}" = AMD Media Foundation Decoders
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Pale Moon 24.3.1 (x64 en-US)" = Pale Moon 24.3.1 (x64 en-US)
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.01 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French
"{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch
"{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian
"{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish
"{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech
"{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional
"{934168C8-55AC-4593-A138-E64BA8367E6E}" = Adobe Flash Player 12 Plugin
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}" = HP Software Framework
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish
"{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian
"{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{FA403257-57E9-42E7-A1A1-2539CFAFFFA2}" = Mobile Broadband Manager
"{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Convert To MP3_is1" = Convert To MP3 1.0
"ESET Online Scanner" = ESET Online Scanner v3
"Free WMA MP3 Converter" = Free WMA MP3 Converter
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobile Broadband Manager" = Telstra Mobile Broadband Manager
"TeamViewer 8" = TeamViewer 8
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UpdaterEX" = Extended Update
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/02/2014 1:17:28 AM | Computer Name = Nick-HP | Source = WinMgmt | ID = 10
Description =

Error - 4/02/2014 1:18:39 AM | Computer Name = Nick-HP | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.9016 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: c74 Start Time:
01cf21687d03b40e Termination Time: 8 Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

Report
Id: c66722c1-8d5b-11e3-aaaa-ec9a7460d372

Error - 4/02/2014 1:24:31 AM | Computer Name = Nick-HP | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.9016 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 13e0 Start Time:
01cf21693a09c509 Termination Time: 17 Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

Report
Id: 9830e7c2-8d5c-11e3-aaaa-ec9a7460d372

Error - 4/02/2014 1:54:49 AM | Computer Name = Nick-HP | Source = Application Hang | ID = 1002
Description = The program setup.exe version 10.0.30319.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3fc Start
Time: 01cf216d2394213d Termination Time: 15 Application Path: C:\Users\Nick\AppData\Local\Temp\SIT36841.tmp\setup.exe

Report
Id: cdfedb13-8d60-11e3-aaaa-ec9a7460d372

Error - 4/02/2014 2:23:57 AM | Computer Name = Nick-HP | Source = WinMgmt | ID = 10
Description =

Error - 4/02/2014 2:42:23 AM | Computer Name = Nick-HP | Source = WinMgmt | ID = 10
Description =

Error - 4/02/2014 3:22:47 AM | Computer Name = Nick-HP | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.9016 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 100c Start Time:
01cf2179b6b524c2 Termination Time: 0 Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

Report
Id: 1daed322-8d6d-11e3-90d8-ec9a7460d372

Error - 4/02/2014 3:30:25 AM | Computer Name = Nick-HP | Source = WinMgmt | ID = 10
Description =

Error - 4/02/2014 3:36:37 AM | Computer Name = Nick-HP | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.9016 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b74 Start Time:
01cf217b81c48f0e Termination Time: 15 Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

Report
Id: 071a4acc-8d6f-11e3-8f24-ec9a7460d372

Error - 4/02/2014 3:41:46 AM | Computer Name = Nick-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 8/01/2014 3:12:45 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/01/2014 3:13:39 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/01/2014 3:14:24 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/01/2014 3:15:13 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/01/2014 3:47:19 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/02/2014 2:37:53 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/02/2014 1:04:27 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232828 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception has been thrown by the target of an invocation. StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: mscorlib InnerException.Message: Could not find a part of the
path 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Translations\en-US\localize_en-US.xml'.

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3561 Ram Utilization: 40 TargetSite: System.Object
CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle
ByRef, Boolean ByRef)

Error - 5/02/2014 1:04:40 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828HPSF.exe at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find a part of the path 'C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3561 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 5/02/2014 1:05:04 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/02/2014 1:05:06 AM | Computer Name = Nick-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232828HPSF.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception has been thrown by the target of an invocation. StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: mscorlib InnerException.Message: Could not find a part of the
path 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Translations\en-US\localize_en-US.xml'.

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3561 Ram Utilization: 40 TargetSite: System.Object
CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle
ByRef, Boolean ByRef)

[ HP Software Framework Events ]
Error - 15/10/2011 3:07:07 AM | Computer Name = DNFHJEBK4I83P | Source = CaslWmi | ID = 5
Description = 2011/10/15 00:07:07.038|00000B54|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 15/10/2011 3:07:07 AM | Computer Name = DNFHJEBK4I83P | Source = CaslWmi | ID = 5
Description = 2011/10/15 00:07:07.444|00000B54|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2013 5:15:08 AM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/12 20:15:08.248|00000854|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2013 5:15:11 AM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/12 20:15:11.088|000002A4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2013 5:41:05 AM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/12 20:41:05.813|00001194|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/11/2013 5:41:09 AM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/12 20:41:09.666|000002A8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 13/11/2013 3:32:49 AM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/13 18:32:49.034|00000BE4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/11/2013 7:16:25 PM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/24 10:16:25.630|00001574|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/11/2013 7:19:39 PM | Computer Name = Nick-HP | Source = CaslWmi | ID = 5
Description = 2013/11/24 10:19:39.154|00000D84|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 4/02/2014 2:37:46 AM | Computer Name = Nick-HP | Source = DCOM | ID = 10000
Description =

Error - 4/02/2014 2:40:58 AM | Computer Name = Nick-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:39:31 PM on ?4/?02/?2014 was unexpected.

Error - 4/02/2014 2:45:09 AM | Computer Name = Nick-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 4/02/2014 3:26:38 AM | Computer Name = Nick-HP | Source = DCOM | ID = 10010
Description =

Error - 4/02/2014 3:27:26 AM | Computer Name = Nick-HP | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 4/02/2014 3:27:37 AM | Computer Name = Nick-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2862330).

Error - 4/02/2014 3:29:31 AM | Computer Name = Nick-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:27:41 PM on ?4/?02/?2014 was unexpected.

Error - 4/02/2014 3:39:01 AM | Computer Name = Nick-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Winmgmt service.

Error - 6/02/2014 5:20:12 AM | Computer Name = Nick-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the LanmanServer service.

Error - 13/02/2014 4:09:37 AM | Computer Name = Nick-HP | Source = DCOM | ID = 10010
Description =


< End of report >

Hi pgmigg Thank you for taking the time to do this.

Please tell me is this computer used for business purposes and/or connected to any educational or business network?
I need to know it - so I can provide the proper instructions.


Private Home Use Only Private home network only

Do you see any changes in computer behavior?


Still the same
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby pgmigg » March 1st, 2014, 3:45 pm

Hello NickZ,
Still the same
Should I understand this statement as evidence that any problems with your computer is not observed?

BTW, it was a good job! :D Let start our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Processes
    LiveUpdate.exe
    
    :Services
    LiveUpdateSvc
    
    :OTL
    O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
    [2013/11/13 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\IObit
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *Coupons*
    *datamngr*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Rapport*
    *searchab*
    *Searchqu*
    *Searchnu*
    *SearchProtect*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *Websteroids*
    *WiseConvert*
    *whitesmoke*
    *FriendsChecker*
    *UnfriendApp*
    *ExFriendAlert*
    *RecordChecker*
    *SearchDonkey*
    *InfoSeeker*
    *SecureWeb*
    *TVGenie*
    *TubeDimmer*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *Coupons*
    *datamngr*
    *Rapport*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *searchab*
    *Searchqu*
    *Searchnu*
    *SearchProtect*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *Websteroids*
    *WiseConvert*
    *whitesmoke*
    *FriendsChecker*
    *UnfriendApp*
    *ExFriendAlert*
    *RecordChecker*
    *SearchDonkey*
    *InfoSeeker*
    *SecureWeb*
    *TVGenie*
    *TubeDimmer*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    Coupons
    datamngr
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Rapport
    searchab
    Searchqu
    Searchnu
    SearchProtect
    Slick
    smartbar
    Sweetpack
    Tarma
    Trusteer
    trolltech
    Vafmusic2
    vshare
    Websteroids
    WiseConvert
    whitesmoke
    FriendsChecker
    UnfriendApp
    ExFriendAlert
    RecordChecker
    SearchDonkey
    InfoSeeker
    SecureWeb
    TVGenie
    TubeDimmer
    Yontoo
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the JRT.txt log file
  4. Contents of the AdwCleaner[Sn].txt log file
  5. Contents of the SystemLook.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Am I Infected?

Unread postby NickZ » March 1st, 2014, 10:46 pm

Hello pgmigg thank you for the quick reply and taking the time to help me.

Still the same

Should I understand this statement as evidence that any problems with your computer is not observed?


That is correct. I do not use this machine much, Normally when I surf the net I use a desktop running puppy linux, This machine was used for important stuff( family photos personal documents you know personal stuff) and only connects to the net for updates and to visit trusted sites such as this, I say "Normally" until my wife dropped her laptop and took this 1 until she got a new 1, Now that I have it back I am here to get it cleaned up so I can use it knowing its clean. I am used to the speed of Puppy Linux so any Windows system seems slow, But, It seems to load Pale Moon faster.


Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1323336 bytes [15:32 06/01/2014] [15:32 06/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22E

Is Apple bundling Conduit search with Itunes?


Now the logs.........................................................................................


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
Process LiveUpdate.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
C:\Users\Nick\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\Temp folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Desktop\cmd.bat deleted successfully.
C:\Users\Nick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Nick
->Temp folder emptied: 104765363 bytes
->Temporary Internet Files folder emptied: 54685891 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 691 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143050743 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 20139 bytes

Total Files Cleaned = 289.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nick
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Nick

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03022014_123741

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Last edited by NickZ on March 1st, 2014, 10:55 pm, edited 3 times in total.
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby NickZ » March 1st, 2014, 10:47 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nick on Sun 02/03/2014 at 12:52:11.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/03/2014 at 12:59:15.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby NickZ » March 1st, 2014, 10:48 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 13:03 on 02/03/2014 by Nick
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk --a---- 26473 bytes [20:18 28/04/2009] [20:18 28/04/2009] FD56279AD850D3AA87454766302DACF1
C:\Users\Nick\Downloads\vb\New folder\babylonbrowser0116.rar --a---- 1346071 bytes [06:05 03/02/2014] [06:04 03/02/2014] 3A25AE2D5C71EA4AF6BB153ED95402EB
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser by nick.vbproj.FileListAbsolute.txt --a---- 1666 bytes [06:26 03/02/2014] [06:27 03/02/2014] 5ABA32BABBE9324EAD9FEAB33BA231DB
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser by nick.vbproj.GenerateResource.Cache --a---- 1323 bytes [06:26 03/02/2014] [06:26 03/02/2014] A8A2CC1A82F5D049D8BB1D6900DA30C8
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser.vbproj.FileListAbsolute.txt --a---- 1658 bytes [06:15 03/02/2014] [06:23 03/02/2014] 922297B95A5C9B33511F077930CD7AC1
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser.vbproj.GenerateResource.Cache --a---- 1323 bytes [06:15 03/02/2014] [06:15 03/02/2014] FAD79D4F6C6D9C12A066909707BC7AB9

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1323336 bytes [15:32 06/01/2014] [15:32 06/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22E

Searching for "*Coupons*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx.vir --a---- 22298 bytes [01:11 26/04/2013] [01:11 26/04/2013] FE899CD9A19B06CA78943E6CDED6189E

Searching for "*datamngr*"
C:\Users\Nick\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [01:51 02/03/2014] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\boot\BCD.iobit --a---- 32768 bytes [10:19 13/11/2013] [07:53 04/02/2014] 1E8F945B7AF435FED8597745B8777E5B
C:\Users\Nick\ntuser.dat.iobit --a---- 3604480 bytes [10:19 13/11/2013] [07:53 04/02/2014] 2B8B60769790BD99042D021A3CDAFAC3
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 2756608 bytes [10:19 13/11/2013] [07:54 04/02/2014] 2C0C31F3FB35F61BF6F59ED4EADA5513
C:\Users\Nick\Downloads\IObit Driver Booster PRO 1.0.0.733 Datecode 25.10.2013 Portable.rar --a---- 14149862 bytes [04:04 13/11/2013] [00:40 03/11/2013] F75EB2B52B38AFAF147B42DF404D06D6
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 249856 bytes [10:19 13/11/2013] [07:53 04/02/2014] 83A8A05B8FF051620BB6FF1360A541A5
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 258048 bytes [10:19 13/11/2013] [07:53 04/02/2014] DC7D0E29321F2C18C558CF33260D5E2C
C:\Windows\System32\config\COMPONENTS.iobit --a---- 43974656 bytes [10:19 13/11/2013] [10:19 13/11/2013] ACD6488DC50C0C986A81E75B83BFB365
C:\Windows\System32\config\DEFAULT.iobit --a---- 229376 bytes [10:19 13/11/2013] [10:19 13/11/2013] 895712B870397DFD28881D9F5F6B778F
C:\Windows\System32\config\SAM.iobit --a---- 61440 bytes [10:19 13/11/2013] [10:19 13/11/2013] ECE91660E6F086C4F879645E9D39A29E
C:\Windows\System32\config\SECURITY.iobit --a---- 24576 bytes [10:19 13/11/2013] [10:19 13/11/2013] A61DAE2BDAA107D2F5440950D4A10745
C:\Windows\System32\config\SOFTWARE.iobit --a---- 61194240 bytes [10:19 13/11/2013] [10:19 13/11/2013] BD4ED977EF8728BB604E38B7A565A99C

Searching for "*Iminent*"
No files found.

Searching for "*Rapport*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Searchqu*"
C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Include\searchquery.idl --a---- 11265 bytes [09:27 30/09/2009] [09:27 30/09/2009] FEA8DBF2752CD71867D4E5C8FC477139

Searching for "*Searchnu*"
No files found.

Searching for "*SearchProtect*"
No files found.

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
C:\Users\Nick\Documents\New folder\19 - Sweet hitch hiker (1972).mp3 --a---- 1433984 bytes [02:59 26/02/2014] [01:57 12/11/2011] 032C941219365D1BB18D223B754E27B5
C:\Users\Nick\Music\converted\04. Sweet Wine.mp3 --a---- 4849648 bytes [05:57 08/01/2014] [09:16 22/12/2011] 538909D058FB04A0A266ADFB62C90A98
C:\Users\Nick\Music\converted\09.Home Sweet Home.mp3 --a---- 3796355 bytes [07:56 31/12/2013] [07:57 31/12/2013] 5131F2AB44C31EC4A2B4C668B2BB47E1
C:\Users\Nick\Music\converted\19 - Sweet hitch hiker (1972).mp3 --a---- 1433984 bytes [05:58 08/01/2014] [01:57 12/11/2011] 032C941219365D1BB18D223B754E27B5
C:\Users\Nick\Music\converted\Creedence Clearwater Revival Ultimate Collection Disc 1 20 Sweet Hitch-Hiker.mp3 --a---- 2755218 bytes [07:25 31/12/2013] [07:25 31/12/2013] 89EAE821AA3503A1E07CBF0B2280396D
C:\Users\Nick\Music\converted\Heart - Sweet Darlin'.mp3 --a---- 4033338 bytes [07:48 31/12/2013] [07:48 31/12/2013] 5E7C67B4F7E07D05A7AE21C3A3BFBFBD

Searching for "*Tarma*"
No files found.

Searching for "*Trusteer*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*Websteroids*"
No files found.

Searching for "*WiseConvert*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*FriendsChecker*"
No files found.

Searching for "*UnfriendApp*"
No files found.

Searching for "*ExFriendAlert*"
No files found.

Searching for "*RecordChecker*"
No files found.

Searching for "*SearchDonkey*"
No files found.

Searching for "*InfoSeeker*"
No files found.

Searching for "*SecureWeb*"
No files found.

Searching for "*TVGenie*"
No files found.

Searching for "*TubeDimmer*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\Users\Nick\Documents\Visual Studio 2010\Backup Files\babylon browser d------ [06:15 03/02/2014]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Coupons*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Rapport*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
C:\Program Files (x86)\IObit d------ [09:39 13/11/2013]
C:\Program Files (x86)\IObit\IObit Uninstaller d------ [10:14 13/11/2013]
C:\ProgramData\IObit d------ [10:14 13/11/2013]
C:\Users\Nick\AppData\LocalLow\IObit d------ [10:14 13/11/2013]
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@APPDATA@\IObit d------ [09:40 13/11/2013]
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit d------ [09:40 13/11/2013]
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@APPDATA@\IObit d------ [09:40 13/11/2013]
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit d------ [09:39 13/11/2013]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [10:25 13/11/2013]
C:\_OTL\MovedFiles\03022014_123741\C_Users\Nick\AppData\Roaming\IObit d------ [09:39 13/11/2013]
C:\_OTL\MovedFiles\03022014_123741\C_Users\Nick\AppData\Roaming\IObit\IObit Uninstaller d------ [10:14 13/11/2013]

Searching for "*Iminent*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*SearchProtect*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Sweet*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*Trusteer*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*Websteroids*"
No folders found.

Searching for "*WiseConvert*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*FriendsChecker*"
No folders found.

Searching for "*UnfriendApp*"
No folders found.

Searching for "*ExFriendAlert*"
No folders found.

Searching for "*RecordChecker*"
No folders found.

Searching for "*SearchDonkey*"
No folders found.

Searching for "*InfoSeeker*"
No folders found.

Searching for "*SecureWeb*"
No folders found.

Searching for "*TVGenie*"
No folders found.

Searching for "*TubeDimmer*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clearask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clearask.com]

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"C0BC68EF3BCF85344B0B0B4AE1333BDD"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "Coupons"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecouponsite.com]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecouponsite.com]

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\ASCTray.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"="Uninstall Programs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
@="IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
@=""C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" control_statistics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2847077~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 7\KB2847077.cab_Temp\74164D36-3556-4EE6-A7DC-4CF539031EED\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2898785~31bf3856ad364e35~amd64~~11.2.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 7\KB2898785.cab_Temp\146F7C56-7910-47B4-82BA-862E8B08CC0A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2847077_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 7\KB2847077.cab_Temp\74164D36-3556-4EE6-A7DC-4CF539031EED\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2847077~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 7\KB2847077.cab_Temp\74164D36-3556-4EE6-A7DC-4CF539031EED\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2898785_RTM~31bf3856ad364e35~amd64~~11.2.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 7\KB2898785.cab_Temp\146F7C56-7910-47B4-82BA-862E8B08CC0A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2898785~31bf3856ad364e35~amd64~~11.2.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 7\KB2898785.cab_Temp\146F7C56-7910-47B4-82BA-862E8B08CC0A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 7]
"installpath"="C:\Program Files (x86)\IObit\Surfing Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ASC]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\LiveUpdate]
"AppPath"="C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RealTimeProtector]
"InstallLocation"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
"LogPath"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare 7\BootTimeLog\"
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\IntelliType Pro\AppSpecific\ASCTray.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe"
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"="Uninstall Programs"

Searching for "Iminent"
No data found.

Searching for "Rapport"
No data found.

Searching for "searchab"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchable-sex.com]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchable-sex.com]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "SearchProtect"
No data found.

Searching for "Slick"
No data found.

Searching for "smartbar"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
No data found.

Searching for "Trusteer"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "Websteroids"
No data found.

Searching for "WiseConvert"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "FriendsChecker"
No data found.

Searching for "UnfriendApp"
No data found.

Searching for "ExFriendAlert"
No data found.

Searching for "RecordChecker"
No data found.

Searching for "SearchDonkey"
No data found.

Searching for "InfoSeeker"
No data found.

Searching for "SecureWeb"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\securewebnews.com]
[HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\securewebnews.com]

Searching for "TVGenie"
No data found.

Searching for "TubeDimmer"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby pgmigg » March 2nd, 2014, 1:33 am

Hello NickZ,

This machine was used for important stuff( family photos personal documents you know personal stuff) and only connects to the net for updates and to visit trusted sites such as this, I say "Normally" until my wife dropped her laptop and took this 1 until she got a new 1, Now that I have it back I am here to get it cleaned up so I can use it knowing its clean.
Actually, an absence of symptoms does not mean that everything is clear. Even one careless click may cause unpredictable consequences and results you could see already! ;) Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it, please click the Select all next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk
    C:\Users\Nick\Downloads\vb\New folder\babylonbrowser0116.rar
    C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser by nick.vbproj.FileListAbsolute.txt
    C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser by nick.vbproj.GenerateResource.Cache
    C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser.vbproj.FileListAbsolute.txt
    C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser.vbproj.GenerateResource.Cache
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx.vir
    C:\boot\BCD.iobit
    C:\Users\Nick\ntuser.dat.iobit
    C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit
    C:\Users\Nick\Downloads\IObit Driver Booster PRO 1.0.0.733 Datecode 25.10.2013 Portable.rar
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit
    C:\Windows\System32\config\COMPONENTS.iobit
    C:\Windows\System32\config\DEFAULT.iobit
    C:\Windows\System32\config\SAM.iobit
    C:\Windows\System32\config\SECURITY.iobit
    C:\Windows\System32\config\SOFTWARE.iobit
    C:\Users\Nick\Documents\Visual Studio 2010\Backup Files\babylon browser
    C:\Program Files (x86)\IObit
    C:\Program Files (x86)\IObit\IObit Uninstaller
    C:\ProgramData\IObit
    C:\Users\Nick\AppData\LocalLow\IObit
    C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@APPDATA@\IObit
    C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit
    C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@APPDATA@\IObit
    C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecouponsite.com]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecouponsite.com]
    [HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\ASCTray.exe]
    "Path"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2847077~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2898785~31bf3856ad364e35~amd64~~11.2.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2847077_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2847077~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2898785_RTM~31bf3856ad364e35~amd64~~11.2.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2898785~31bf3856ad364e35~amd64~~11.2.1.0]
    "InstallLocation"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 7]
    "installpath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ASC]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\LiveUpdate]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RealTimeProtector]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
    "LogPath"=-
    [HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\IntelliType Pro\AppSpecific\ASCTray.exe]
    "Path"=-
    [HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"=-
    [HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchable-sex.com]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchable-sex.com]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\securewebnews.com]
    [-HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\securewebnews.com]
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Am I Infected?

Unread postby NickZ » March 2nd, 2014, 5:49 am

Hi pgmigg.

Here are the logs, thanks.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk moved successfully.
C:\Users\Nick\Downloads\vb\New folder\babylonbrowser0116.rar moved successfully.
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser by nick.vbproj.FileListAbsolute.txt moved successfully.
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser by nick.vbproj.GenerateResource.Cache moved successfully.
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser.vbproj.FileListAbsolute.txt moved successfully.
C:\Users\Nick\Downloads\vb\New folder\obj\Debug\babylon browser.vbproj.GenerateResource.Cache moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx.vir moved successfully.
C:\boot\BCD.iobit moved successfully.
C:\Users\Nick\ntuser.dat.iobit moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit moved successfully.
C:\Users\Nick\Downloads\IObit Driver Booster PRO 1.0.0.733 Datecode 25.10.2013 Portable.rar moved successfully.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit moved successfully.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit moved successfully.
File\Folder C:\Windows\System32\config\COMPONENTS.iobit not found.
File\Folder C:\Windows\System32\config\DEFAULT.iobit not found.
File\Folder C:\Windows\System32\config\SAM.iobit not found.
File\Folder C:\Windows\System32\config\SECURITY.iobit not found.
File\Folder C:\Windows\System32\config\SOFTWARE.iobit not found.
C:\Users\Nick\Documents\Visual Studio 2010\Backup Files\babylon browser folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Update folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Update\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
File\Folder C:\Program Files (x86)\IObit\IObit Uninstaller not found.
C:\ProgramData\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Users\Nick\AppData\LocalLow\IObit\SafeBrowse folder moved successfully.
C:\Users\Nick\AppData\LocalLow\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Nick\AppData\LocalLow\IObit folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@APPDATA@\IObit\Driver Booster\License folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@APPDATA@\IObit\Driver Booster folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@APPDATA@\IObit folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit\Driver Booster\Update folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit\Driver Booster\LocalData folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit\Driver Booster\Database\Update folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit\Driver Booster\Database folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit\Driver Booster folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\meta\@PROGRAMFILESX86@\IObit folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@APPDATA@\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@APPDATA@\IObit\Driver Booster\License folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@APPDATA@\IObit\Driver Booster folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@APPDATA@\IObit folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Update\LocalData folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Update\Database\Update folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Update\Database folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Update folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\LocalData folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\DrvInstall folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Download folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Database\Update folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster\Database folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit\Driver Booster folder moved successfully.
C:\Users\Nick\Documents\Shortcuts\Driver Booster\roaming\modified\@PROGRAMFILESX86@\IObit folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecouponsite.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecouponsite.com\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\ASCTray.exe\\Path deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2847077~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2898785~31bf3856ad364e35~amd64~~11.2.1.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2847077_SP1~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2847077~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2898785_RTM~31bf3856ad364e35~amd64~~11.2.1.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2898785~31bf3856ad364e35~amd64~~11.2.1.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 7 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ASC not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\LiveUpdate not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RealTimeProtector not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot not found.
Registry value HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\IntelliType Pro\AppSpecific\ASCTray.exe\\Path not found.
Registry value HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe not found.
Registry value HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchable-sex.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchable-sex.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\securewebnews.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1260303893-1912934433-692988691-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\securewebnews.com\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Nick
->Temp folder emptied: 2260316 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6814 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03022014_180154

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby NickZ » March 2nd, 2014, 5:49 am

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth175.dll.old.vir Win32/Toolbar.Widgi.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.O potentially unwanted application



Hmmmmm pc seems faster
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby pgmigg » March 2nd, 2014, 10:28 pm

Hello NickZ,

Hmmmmm pc seems faster
Very nice!!! :D

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
AdwCleaner - Uninstall
You should still have AdwCleaner on your Desktop.
  • Right click on adwcleaner.exe and select "Run as administrator..." to run it.
  • Click on Uninstall.
  • Confirm with Yes.
Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.

Step 4.
Remove all used tools and their log files not removed by OTL if they remain on your desktop.
  • DDS
  • JRT
  • SystemLook

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Am I Infected?

Unread postby NickZ » March 2nd, 2014, 11:41 pm

Hi pgmigg and thank you so much. I understand the clean up and am about to do so.

But first I must go to some adult sites and click questionable links.....LOL....just kidding.

While I was in town today I stopped by the local Office Works and got Kaspersky Internet Security 2014 for 2 years for 49 dollars. as soon as i do what you said I will install Kaspersky Internet Security 2014 update it defrag my drive and then create a clone image of my pc.

Thank you again.

Nick

See Here.
http://www.officeworks.com.au/retail/products/Technology/Software/Internet-Security/KAIS20141U;jsessionid=%28J2EE7737300%29ID1113547952DB00190600959116772501End;saplb_*=%28J2EE7737300%297737352

Ps

Yes I know remove Microsoft essentials first and Kasper will take care of Windows Firewall
NickZ
Regular Member
 
Posts: 22
Joined: February 3rd, 2014, 3:59 am

Re: Am I Infected?

Unread postby pgmigg » March 3rd, 2014, 12:02 am

Hello NickZ,

Hi pgmigg and thank you so much.
You are very welcome! :D

While I was in town today I stopped by the local Office Works and got Kaspersky Internet Security 2014 for 2 years for 49 dollars.
It is good for you, but please remember that you already have antivirus Microsoft Security Essentials and one computer must have one and only one AV installed. Much - does not mean good!

Running - more than one - antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.

So, you need to uninstall Microsoft Security Essentials before starting to install Kaspersky Internet Security 2014.

But first I must go to some adult sites and click questionable links.....LOL....just kidding.
By the way, I read somewhere that porn sites, especially if they are paid are safe in terms of viruses or other infections than the vast majority of other sites - hosts porn sites simply unprofitable to lose customers... :lol:

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware