Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i think i have malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

i think i have malware

Unread postby therumdude » March 13th, 2014, 9:56 pm

hi,

i downloaded a file now my system is slow and every time i start my system my home page on IE has been set to about:blank.

any help will be gratefully received.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2
Run by jonny at 1:38:31 on 2014-03-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4084.834 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\lxdecoms.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
C:\Users\jonny\AppData\Local\Akamai\netsession_win.exe
C:\Users\jonny\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Users\jonny\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
mStart Page = about:blank
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FreeFLVConverter: {DC7CE5D0-3608-4FD0-8853-D5822E02135D} - C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter.dll
BHO: mysearchdial Helper Object: {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll
TB: mysearchdial Toolbar: {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll
uRun: [Akamai NetSession Interface] "C:\Users\jonny\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Trojan Killer] "C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe" 0
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [lxdemon.exe] "C:\Program Files (x86) (x86)\Lexmark 4800 Series\lxdemon.exe"
mRun: [lxdeamon] "C:\Program Files (x86) (x86)\Lexmark 4800 Series\lxdeamon.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [FAStartup] <no file>
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\Users\jonny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
StartupFolder: C:\Users\jonny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\jonny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jonny\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\jonny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NASSCH~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - LocalServer32 - <no file>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6D03EF9B-5BC0-4B04-875A-FB061A7DEFFA} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B1085821-51DA-42C0-9FE3-77BDBE38E382} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1085821-51DA-42C0-9FE3-77BDBE38E382}\1436365637370233 : DHCPNameServer = 192.168.10.100
TCP: Interfaces\{B1085821-51DA-42C0-9FE3-77BDBE38E382}\6796277696E6D65646961663731323735343 : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: FreeFLVConverter: {DC7CE5D0-3608-4FD0-8853-D5822E02135D} - C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
x64-Run: [lxdemon.exe] "C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe"
x64-Run: [lxdeamon] "C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2012-12-6 705552]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-20 55856]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-8-27 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-4-4 2409800]
R2 FreeFLVConverterUpdt;FreeFLVConverterUpdt;C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [2014-2-25 252928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-20 13336]
R2 lxde_device;lxde_device;C:\Windows\System32\lxdecoms.exe -service --> C:\Windows\System32\lxdecoms.exe -service [?]
R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 [?]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-8-27 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-8-27 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-8-27 55808]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-20 673088]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-1-23 67904]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2012-12-6 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2012-12-6 587024]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-20 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-20 172704]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-27 321064]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2012-1-4 16640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdeserv.exe [2007-5-29 33712]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 bdsandbox;bdsandbox;C:\Windows\System32\drivers\bdsandbox.sys [2011-11-17 79952]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-11-15 11776]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2011-12-21 75384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-2 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-5 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-27 202752]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-13 03:01:16 -------- d-----w- C:\5d3d483894a5a06d45a4781d6054
2014-03-12 23:09:32 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 23:09:32 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 23:05:00 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 23:05:00 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 22:23:30 -------- d-----w- C:\Users\jonny\Marvel.Agents.Of.SHIELD.S01E15.Yes.Men.720p.WEB-DL.DD5.1.H.264-ECI [PublicHD]
2014-03-12 22:23:27 -------- d-----w- C:\Users\jonny\The.Originals.S01E16.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-11 20:32:22 27136 ----a-w- C:\Windows\System32\bddel.exe
2014-03-11 20:29:00 -------- d-----w- C:\Program Files\iTunes
2014-03-11 20:29:00 -------- d-----w- C:\Program Files\iPod
2014-03-11 20:29:00 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-11 20:28:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-11 20:27:44 -------- d-----w- C:\Users\jonny\AppData\Roaming\UpdaterEX
2014-03-11 20:27:41 -------- d-----w- C:\Program Files (x86)\Investintech.com Inc
2014-03-11 20:27:33 -------- d-----w- C:\Users\jonny\AppData\Roaming\mysearchdial
2014-03-11 20:27:33 -------- d-----w- C:\Program Files (x86)\Mysearchdial
2014-03-11 20:27:29 -------- d-----w- C:\Program Files (x86)\File Type Helper
2014-03-11 20:27:26 -------- d-----w- C:\Program Files (x86)\Free FLV Converter
2014-03-11 20:27:25 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-03-11 20:27:23 -------- d-----w- C:\Users\jonny\AppData\Roaming\systweak
2014-03-11 20:00:53 -------- d-----w- C:\Users\jonny\Avengers.Confidential.Black.Widow.And.Punisher.2014.HDRip.h264.AAC-RARBG
2014-03-11 19:59:06 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-11 19:59:06 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-11 19:59:06 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-11 19:59:06 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-11 19:59:06 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-10 20:43:35 -------- d-----w- C:\Users\jonny\BackroomCastingCouch.14.03.10.Carlynn.XXX.720p.MP4-KTR[rarbg]
2014-03-10 20:29:48 -------- d-----w- C:\Users\jonny\The.Mentalist.S06E13.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-09 22:40:30 -------- d-----w- C:\Users\jonny\Black.Sails.S01E07.720p.HDTV.x264-KILLERS[rarbg]
2014-03-08 08:48:10 -------- d-----w- C:\Users\jonny\Casting Couch X - Belle Knox HD 1080p
2014-03-01 20:14:58 -------- d-----r- C:\Users\jonny\Dropbox
2014-03-01 20:12:56 -------- d-----w- C:\Users\jonny\AppData\Roaming\DropboxMaster
2014-03-01 20:11:59 -------- d-----w- C:\Users\jonny\AppData\Roaming\Dropbox
2014-02-25 23:24:21 -------- d-----w- C:\Windows\Migration
2014-02-21 10:59:43 -------- d-----w- C:\Users\jonny\The Commitments_1991_dvdrip_xvid-Ekolb
2014-02-15 10:50:52 -------- d-----w- C:\Users\jonny\AppData\Local\{629BA2E8-6577-49B6-BADD-41E9B98D2509}
2014-02-14 19:55:17 -------- d-----w- C:\Users\jonny\Someone.Marry.Barry.2014 HDRip XViD juggs
2014-02-13 01:05:24 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 01:05:24 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 22:41:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 22:41:14 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 22:41:14 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 22:41:14 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 20:42:35 -------- d-----w- C:\Users\jonny\Oldboy.2013.BDRiP.AC3-5.1.XviD-AXED
.
==================== Find3M ====================
.
2014-03-12 22:34:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 22:34:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-17 16:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 16:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 1:40:19.82 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/10/2010 18:17:26
System Uptime: 13/03/2014 22:27:50 (3 hours ago)
.
Motherboard: Dell Inc. | | 0Y517R
Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | U2E1 | 1317/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 253.251 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
Y: is FIXED (NTFS) - 18 GiB total, 11.005 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP985: 13/03/2014 03:00:15 - Windows Update
RP986: 13/03/2014 22:02:04 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop Elements 9
Adobe Reader XI (11.0.06)
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Angry Birds Star Wars
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Bitdefender Total Security 2012
Boilsoft Video Splitter 6.33
Bonjour
BUFFALO LinkStation(LS-CHL) Setup Guide
BUFFALO NAS Navigator2
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG4200 series MP Drivers
Canon MG4200 series On-screen Manual
Canon MG4200 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DirectXInstallService
DivX Setup
Dropbox
Elements 9 Organizer
EMC 10 Content
EMCGadgets64
Extended Update
FastAccess
Free FLV Converter
Google Chrome
Google Update Helper
iCloud
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor
iTunes
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
Junk Mail filter update
Lexmark 4800 Series
LoJack Factory Installer
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MKVToolNix 5.9.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Mysearchdial
MyTomTom 3.2.0.1116
Nikon Message Center 2
PDFCreator
Picture Control Utility
qBittorrent 3.0.8
Quickset64
QuickTime 7
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skins
Skype Toolbars
Skype™ 6.3
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Trojan Killer
VC80CRTRedist - 8.0.50727.6195
VD64Inst
VideoLAN VLC media player 0.8.6f
ViewNX 2
VirtualCloneDrive
Visual Studio C++ 10.0 Runtime
WIDCOMM Bluetooth Software
Windows 7 Codec Pack 3.5.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPcap 4.1.1
WinRAR archiver
WM Recorder 14
Wondershare Data Recovery(Build 4.2.0.0)
Yahoo! Messenger
Yontoo Layers Runtime 1.10.01
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
13/03/2014 22:30:03, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
13/03/2014 22:29:32, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
13/03/2014 22:29:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter trufos
13/03/2014 22:29:17, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdeCATSCustConnectService service to connect.
13/03/2014 22:29:17, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
13/03/2014 22:29:17, Error: Service Control Manager [7000] - The lxdeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/03/2014 22:17:20, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2929733).
13/03/2014 22:17:20, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2918077).
13/03/2014 22:17:20, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2930275).
13/03/2014 00:02:03, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/03/2014 22:16:15, Error: volmgr [46] - Crash dump initialization failed!
11/03/2014 20:17:45, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/03/2014 20:54:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
09/03/2014 23:09:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
09/03/2014 15:48:48, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
08/03/2014 14:52:47, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm
Advertisement
Register to Remove

Re: i think i have malware

Unread postby Cypher » March 14th, 2014, 11:49 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Java 7 Update 45
Java(TM) 6 Update 20 (64-bit)
Mysearchdial
qBittorrent 3.0.8


Next.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • zoek-results.log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 3:00 am

hi Cypher, thanks for the help. I have split my reply due to size.


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by jonny on 15/03/2014 at 0:49:28.38.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jonny\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

15/03/2014 00:53:24 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AVS4YOU deleted successfully
C:\PROGRA~2\BearShare Applications deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Solveig Multimedia deleted successfully
C:\PROGRA~2\WhiteSmoke deleted successfully
C:\PROGRA~2\Yontoo Layers Runtime deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\CanonIJPLM deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\PDF Architect deleted successfully
C:\Users\jonny\AppData\Roaming\QuickScan deleted successfully
C:\Users\jonny\AppData\Roaming\TP deleted successfully
C:\Users\jonny\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\jonny\AppData\Local\Conduit deleted successfully
C:\Users\jonny\AppData\Local\DataSafeOnline deleted successfully
C:\Users\jonny\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EE3E67D9-1311-404A-B75F-6F2DAD7017C5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully
HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully
HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully
HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\File Type Helper deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\ClickPotatoLite deleted
C:\PROGRA~2\PriceGong deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\extensions deleted
C:\found.000 deleted
C:\Users\jonny\AppData\Roaming\UpdaterEX deleted
C:\Users\jonny\AppData\Roaming\fixpermissions.bat deleted
C:\Users\jonny\AppData\Roaming\Yahoo! deleted
C:\Users\jonny\AppData\Roaming\mysearchdial deleted
C:\Users\jonny\AppData\Roaming\systweak deleted
C:\Users\jonny\AppData\Roaming\pdfforge deleted
C:\PROGRA~3\SPLAF82.tmp deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\ClickPotatoLiteSA deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\Users\jonny\AppData\Local\APN deleted
C:\Users\jonny\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\jonny\AppData\LocalLow\Yahoo! deleted
C:\Users\jonny\AppData\LocalLow\PriceGong deleted
C:\Users\jonny\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\windows\SysNative\tasks\UpdaterEX deleted
C:\END deleted
C:\Windows\Syswow64\RegistryHelperLM.ocx deleted
C:\Windows\Syswow64\ConduitEngine.tmp deleted
C:\Windows\Syswow64\sho24AB.tmp deleted
C:\Windows\Syswow64\sho6336.tmp deleted
C:\Windows\Syswow64\sho9ED3.tmp deleted
C:\Windows\Syswow64\shoA228.tmp deleted
C:\Windows\Syswow64\shoB358.tmp deleted
C:\Windows\Syswow64\shoBEAC.tmp deleted
C:\Windows\Syswow64\shoF9FC.tmp deleted
C:\Users\jonny\Desktop\Boilsoft Video Joiner 6.57.1 + Splitter\Boilsoft Video Splitter 6.34.2\bs_video_splitter.exe deleted
"C:\Users\jonny\AppData\Roaming\Folder Actions Handlers" deleted
"C:\Users\jonny\AppData\Roaming\Font Book" deleted
"C:\Users\jonny\AppData\Roaming\Fonts" deleted
"C:\ProgramData\equeidsptcsnwhp" deleted
"C:\ProgramData\Frameworks" deleted
"C:\ProgramData\Fruit" deleted
"C:\ProgramData\Funk Animals" deleted
"C:\Windows\tasks\UpdaterEX.job" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-03-15 00:36:30 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-JONNY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
====== C:\Users\jonny\AppData\Local\Temp ====
2014-03-14 08:14:59 9EB54EABFB8B9FA02BFC48AF3A9FD020 41984 ----a-w- C:\Users\jonny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkos6gr.dll
2014-03-11 20:28:00 F4ADA96C69685D7804D391081D03DB42 279960 ----a-w- C:\Users\jonny\AppData\Local\Temp\is743126\mysearchdial.dll
2014-03-11 20:27:45 5405413FFF79B8D9C747AA900F60F082 599419 ----a-w- C:\Users\jonny\AppData\Local\Temp\is743126\Sqlite3.dll
2014-03-11 20:27:44 1819D2F1CEF27C3EA9043805C32A67B6 108032 ----a-w- C:\Users\jonny\AppData\Local\Temp\854.6088154904589_Update.exe
2014-03-11 20:23:53 602D4D0C0146444D90BAE9201A8D9F97 89111376 ----a-w- C:\Users\jonny\AppData\Local\Temp\is1275519350\510477_stp.EXE
2014-03-11 20:21:10 602D4D0C0146444D90BAE9201A8D9F97 89111376 ----a-w- C:\Users\jonny\AppData\Local\Temp\is1275519350\349797_stp.EXE
2014-03-11 20:21:10 4264315836E42781135185FB21E425DF 738368 ----a-w- C:\Users\jonny\AppData\Local\Temp\ICReinstall_itunes_setup.exe
====== Java Cache =====
2014-02-15 23:01:56 BD2479CCCE5B6859110A1791657C1476 37 ----a-w- C:\Users\jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7481129b-6.0.lap
====== C:\Windows\SysWOW64 =====
2014-03-12 23:12:16 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-03-12 23:12:16 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 23:12:16 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-03-12 23:12:16 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 23:12:16 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-03-12 23:12:16 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-03-12 23:12:15 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 23:12:15 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-03-12 23:12:15 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 23:12:14 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-03-12 23:12:14 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 23:12:14 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-03-12 23:12:14 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 23:12:13 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-03-12 23:12:13 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 23:12:13 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-03-12 23:12:13 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 23:12:12 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-03-12 23:09:33 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\SysWOW64\wer.dll
2014-03-12 23:09:32 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-03-12 23:05:00 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-03-12 23:12:16 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-03-12 23:12:16 10B2786774CC43D835FE8303D1970874 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-03-12 23:12:15 F6BA9A0266DA93AFB8EA9BA12BF81367 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-03-12 23:12:15 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-03-12 23:12:15 0A5996995F33967A46E3D5A3D9F1433D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-03-12 23:12:14 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-03-12 23:12:14 8BA97E7747A53F80873431178889911A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-03-12 23:12:13 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-03-12 23:12:13 B3DFA392735A5FBE2896BAB67950123A 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-03-12 23:12:13 8EA01E83528503D312224FC63D40BC2B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-03-12 23:12:12 D3CAA61DE060BC74B4EFC638679DFE7A 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-03-12 23:12:12 A0B690402E33DC9C78F22CB41F4FDC09 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-03-12 23:12:12 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-03-12 23:12:12 4F131DB206096854505AFEDD2153FD83 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-03-12 23:12:12 422106B7565350885D0930DFA5BA21A1 574976 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-03-12 23:12:11 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-03-12 23:12:11 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-03-12 23:12:11 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-03-12 23:12:11 8D46ACDFA065C423BED405702F075B54 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-03-12 23:12:11 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-03-12 23:12:11 262B8883ECFD0C7CB303B56F9D9F210E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-03-12 23:12:10 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-03-12 23:09:44 04F82965C09CBDF646B487E145060301 228864 ----a-w- C:\Windows\Sysnative\wwansvc.dll
2014-03-12 23:09:33 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-03-12 23:09:33 1075AB2C077B415760C0E948856B5126 484864 ----a-w- C:\Windows\Sysnative\wer.dll
2014-03-12 23:09:32 2C619F6023E3F7A3ABF3475ED2223359 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-03-12 23:05:00 AFCA5C1ECEAF948FC815178BC077680E 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll
2014-03-11 20:32:22 619E6C2D64D331B6C3D17A0A2589E2A3 27136 ----a-w- C:\Windows\Sysnative\bddel.exe
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2014-03-11 20:27:44 !HASH: COULD NOT OPEN FILE !!!!! 292 ----a-w- C:\Windows\Tasks\UpdaterEX.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-11 20:29:00 -------- d-----w- C:\Program Files\iTunes
2014-03-11 20:29:00 -------- d-----w- C:\Program Files\iPod
======= C:\PROGRA~2 =====
2014-03-15 00:34:39 -------- d-----w- C:\PROGRA~2\Tweaking.com
2014-03-14 08:26:37 -------- d-----w- C:\PROGRA~2\BillP Studios
2014-03-11 20:29:00 -------- d-----w- C:\PROGRA~2\iTunes
2014-03-11 20:27:41 -------- d-----w- C:\PROGRA~2\Investintech.com Inc
2014-03-11 20:27:26 -------- d-----w- C:\PROGRA~2\Free FLV Converter
2014-03-11 19:58:36 -------- d-----w- C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\jonny\AppData\Roaming ======
2014-03-15 00:40:01 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun
2014-03-14 08:26:47 -------- d-----w- C:\Users\jonny\AppData\Roaming\WinPatrol
2014-03-11 20:27:50 2034B9E03D1EFB32A49838750330B580 112 ----a-w- C:\Users\jonny\AppData\Roaming\WB.CFG
2014-03-01 20:12:56 -------- d-----w- C:\Users\jonny\AppData\Roaming\DropboxMaster
2014-03-01 20:12:36 -------- d-----w- C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-01 20:11:59 -------- d-----w- C:\Users\jonny\AppData\Roaming\Dropbox
====== C:\Users\jonny ======
2014-03-15 00:34:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-15 00:32:56 C5D82951545203CF3391F00290182003 3944112 ----a-w- C:\Users\jonny\Desktop\tweaking.com_registry_backup_setup.exe
2014-03-14 08:26:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-03-12 22:25:20 A6F1C5E6CDC13DFE95CFCBD1E6905A16 339230390 ----a-w- C:\Users\jonny\The.Valleys.S03E03.HDTV.x264-C4TV.mp4
2014-03-12 22:23:30 -------- d-----w- C:\Users\jonny\Marvel.Agents.Of.SHIELD.S01E15.Yes.Men.720p.WEB-DL.DD5.1.H.264-ECI [PublicHD]
2014-03-12 22:23:27 -------- d-----w- C:\Users\jonny\The.Originals.S01E16.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-11 20:29:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-03-11 20:28:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-11 20:27:17 602D4D0C0146444D90BAE9201A8D9F97 89111376 ----a-w- C:\Users\jonny\Downloads\itunes_setup [1].exe
2014-03-11 20:06:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-03-11 20:00:53 -------- d-----w- C:\Users\jonny\Avengers.Confidential.Black.Widow.And.Punisher.2014.HDRip.h264.AAC-RARBG
2014-03-11 19:58:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-03-10 20:43:35 -------- d-----w- C:\Users\jonny\BackroomCastingCouch.14.03.10.Carlynn.XXX.720p.MP4-KTR[rarbg]
2014-03-10 20:29:48 -------- d-----w- C:\Users\jonny\The.Mentalist.S06E13.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-09 22:40:30 -------- d-----w- C:\Users\jonny\Black.Sails.S01E07.720p.HDTV.x264-KILLERS[rarbg]
2014-03-08 08:48:10 -------- d-----w- C:\Users\jonny\Casting Couch X - Belle Knox HD 1080p
2014-03-08 08:47:21 FCB56E76F4CD82C5221421CDDFDF6CE2 664297475 ----a-w- C:\Users\jonny\ExploitedTeens - Belle Knox (POV) (2014).wmv
2014-03-08 08:05:10 9D52E537823ECC01721257A8D8DD4AE5 836440944 ----a-w- C:\Users\jonny\Hannibal.S02E02.720p.HDTV.X264-DIMENSION.mkv
2014-03-01 20:14:58 -------- d-----r- C:\Users\jonny\Dropbox
2014-02-21 10:59:43 -------- d-----w- C:\Users\jonny\The Commitments_1991_dvdrip_xvid-Ekolb
2014-02-14 19:55:17 -------- d-----w- C:\Users\jonny\Someone.Marry.Barry.2014 HDRip XViD juggs

====== C: exe-files ==
2014-03-15 00:34:51 2237B196DE74B2516360F2E0A4B302A0 1346048 ----a-w- C:\Program Files (x86)\Tweaking.com\Registry Backup\uninstall.exe
2014-03-15 00:32:56 C5D82951545203CF3391F00290182003 3944112 ----a-w- C:\Users\jonny\Desktop\tweaking.com_registry_backup_setup.exe
2014-03-14 08:34:12 2B6CD83837BEE99482539AC175DB8B65 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2127497714-811344910-2215721089-1001\$IFV33I6.exe
2014-03-14 08:26:38 97E18C6169C5601E6513BD5848A7D89F 496192 ------w- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
2014-03-14 08:26:38 4FF1A942426F736703925740620660A2 1064008 ------w- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
2014-03-14 08:24:34 A8ABBA99298A8CCAD5CB5EFA73373BD0 1064488 ----a-w- C:\$Recycle.Bin\S-1-5-21-2127497714-811344910-2215721089-1001\$RFV33I6.exe
2014-03-13 22:27:07 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\34205e05-547d-431c-8696-62eef00f18fd\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-13 22:27:07 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0c479fd0-cfb8-492b-8da1-7b45bf56457b\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-13 22:27:06 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0d638500-67cc-4530-875b-65bd57f6d12d\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-13 22:27:04 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\5d26b218-0f59-4b0d-a108-ce61f1633edb\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-13 22:27:03 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0a34daba-9399-4a05-b3a7-151b6e2e3cfe\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-13 22:27:00 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\1bce4b61-7abe-42f4-a5ec-574ad21e64bd\appupdaterrules_dell\AddCertificate.exe
2014-03-13 22:13:43 5CCD53D26269E9D31E4D97453363F608 28272804 ----a-w- C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4WZOQPQ\gtk-2.2.2.1-setup[1].exe
2014-03-12 23:12:16 84BCBFB752B96543307E6602E669A95A 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-12 23:12:15 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-03-12 23:12:15 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-03-12 23:12:13 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-03-12 23:12:13 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 23:12:13 6254A3E46A65395BFFEB393938661738 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-03-12 23:12:12 D3CAA61DE060BC74B4EFC638679DFE7A 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-12 23:12:12 A0B690402E33DC9C78F22CB41F4FDC09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-12 23:12:11 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 22:48:55 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\ec9f2706-6102-4d02-85c3-c7531f03c423\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:48:54 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f2fa7d4f-ed31-439c-bb7c-c138d526cedd\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:48:54 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8e519597-e212-43ee-93af-18fd43d1b1e3\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:48:51 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\bd72369b-6e46-474e-9a0a-b255e464b0cf\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:48:50 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\af523b5c-1aa6-4a8f-9c64-1c3dd8550575\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:48:45 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8203ee3a-e8e9-4a32-9088-632568789fcd\appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:45:24 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\889dfc63-b0af-4b46-9d69-5adfcc3edac8\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:45:23 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4c161bdf-fc42-4e6a-b3dc-703c11456af8\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:45:22 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f2dce190-9f18-4ad0-a69f-bd46291372b1\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:45:20 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\915a6fd5-a989-418e-90eb-ee92216823e5\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:45:19 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\6d7dc06d-057f-42e4-be7a-dfb65fcee6f4\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-12 22:45:16 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\04211882-dc7e-48e2-95b7-a1414e9eb030\appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:32:22 619E6C2D64D331B6C3D17A0A2589E2A3 27136 ----a-w- C:\Windows\System32\bddel.exe
2014-03-11 20:27:51 F5926134A66309D9D2B14416FF707891 2702160 ----a-w- C:\Program Files (x86)\Investintech.com Inc\Able2Extract 8.0\vcredist_x86.exe
2014-03-11 20:27:51 5693770FCB574D7440FEAC6F37E4082F 84376 ----a-w- C:\Program Files (x86)\Investintech.com Inc\Able2Extract 8.0\Able2ExtractNotify.exe
2014-03-11 20:27:49 E3F7CA8C6F7694886767DE08F43CD98D 18491800 ----a-w- C:\Program Files (x86)\Investintech.com Inc\Able2Extract 8.0\Able2Extract.exe
2014-03-11 20:27:44 1819D2F1CEF27C3EA9043805C32A67B6 108032 ----a-w- C:\Users\jonny\AppData\Local\Temp\854.6088154904589_Update.exe
2014-03-11 20:27:41 59925EE289403CF0B38A45AAF7A4F6E7 1546136 ----a-w- C:\Program Files (x86)\Investintech.com Inc\Able2Extract 8.0\unins000.exe
2014-03-11 20:27:29 8A44D5AEC7966FD00A7262B3B3CC6A54 424302 ----a-w- C:\Program Files (x86)\Free FLV Converter\uninstall.exe
2014-03-11 20:27:17 602D4D0C0146444D90BAE9201A8D9F97 89111376 ----a-w- C:\Users\jonny\Downloads\itunes_setup [1].exe
2014-03-11 20:23:53 602D4D0C0146444D90BAE9201A8D9F97 89111376 ----a-w- C:\Users\jonny\AppData\Local\Temp\is1275519350\510477_stp.EXE
2014-03-11 20:23:13 4264315836E42781135185FB21E425DF 738368 ----a-w- C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q36Y7AH2\itunes_setup.exe
2014-03-11 20:21:10 602D4D0C0146444D90BAE9201A8D9F97 89111376 ----a-w- C:\Users\jonny\AppData\Local\Temp\is1275519350\349797_stp.EXE
2014-03-11 20:21:10 4264315836E42781135185FB21E425DF 738368 ----a-w- C:\Users\jonny\AppData\Local\Temp\ICReinstall_itunes_setup.exe
2014-03-11 20:13:16 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8e3cc4e9-c543-4f1b-a827-522faea70ea5\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:13:16 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\68375ae1-9be6-4384-8322-13944980c1ac\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:13:16 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\307c4af7-6c5a-4af8-b4e5-a598be8f37e7\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:13:10 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4bdbe13a-9bf4-485d-9173-5736d00b6d10\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:13:09 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\3af27855-fd1b-4b48-89d6-54fc7d07a7e3\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:13:06 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\40bbf43c-42c5-4d1c-bd77-3e4a670c55b8\appupdaterrules_dell\AddCertificate.exe
2014-03-11 20:01:57 3DCAECEE69E58796026A406B71935746 77136 ----a-w- C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q36Y7AH2\SetupAdmin[2].exe
2014-03-11 20:01:57 3DCAECEE69E58796026A406B71935746 77136 ----a-w- C:\Users\jonny\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe
2014-03-11 20:01:57 3DCAECEE69E58796026A406B71935746 77136 ----a-w- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 2.1.3.25\SetupAdmin.exe
2014-03-11 19:56:16 21DCC322570742275459D7B619999177 80216 ----a-w- C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q36Y7AH2\QuickTimeInstallerAdmin[1].exe
2014-03-10 21:02:38 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0792c4ac-5007-4aa1-ba79-25eef28ceed5\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 21:02:37 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\eb58dd79-b750-4fc7-bf7c-8b90805f7fec\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 21:02:37 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8a1c3013-68d7-4996-8a3a-fbafadfc9444\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 21:02:36 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4027981a-d962-4a54-b565-9602c9dba4e7\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 21:02:36 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\1584ed9e-571d-4955-a356-1ffd011c8e33\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 21:02:35 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f94fccc0-1202-4d81-87d7-42813d097816\appupdaterrules_dell\AddCertificate.exe
2014-03-10 20:59:58 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\61c12fea-d8e7-4860-9b9b-1b6fd7e3202c\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 20:59:58 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\26fe46ed-ebcd-4c2a-8910-79ce027b0c6f\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 20:59:58 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\16fbdc9a-58c5-4871-8446-05146b2ea80e\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 20:59:56 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\32240125-b047-4d5c-b7b3-8f31cd424eb9\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-10 20:59:55 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\b3853a68-27c4-4931-9191-5448512ef8aa\appupdaterrules_dell\AddCertificate.exe
2014-03-10 20:59:55 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\27a51057-2c21-4636-afe4-c8b76bcfc52e\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:29:11 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\a603b1e4-2e9d-45cb-be9b-6baef8e5a767\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:29:11 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\290d9cf1-db0d-4de1-87c2-e13016e04ea5\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:29:11 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\25c0ed4b-68fc-4eaf-8fe4-d85f95f33d19\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:29:10 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\7753f8a1-a29e-4912-bf91-ca0cc70e1eae\appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:29:10 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f4a05e9f-c9b3-44a6-bd27-0fcb206cbf53\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:29:10 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4dbdd66f-5d1b-4c8f-ab0a-74788b8ef17c\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:27:02 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\b45252b4-f749-4b95-ac1f-6a7ce009835e\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:27:02 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\7f632418-f1be-467a-8a69-9703d3a108f8\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:27:02 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\445443d0-415e-492f-a0cb-8602840993ae\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:27:01 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\ac2a7800-2352-4054-9554-6482fba4b4de\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:27:01 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0db2da4c-2ddc-4cf3-b596-a58109813247\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-09 13:26:59 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\31f7e782-4117-4dcd-8e75-f03bd5cedf6d\appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:10:45 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\a47a3bd2-5f3b-4cd5-9b83-e0ed85f044cf\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:10:45 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\1b4c83ef-d9b6-4bef-8efd-80469562f55f\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:10:45 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\19aaee36-a0d5-4836-ac6d-efb048904aa9\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:10:43 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\83e6a18a-13ca-4608-a177-f3b5c449bffd\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:10:43 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\7862423a-8cd7-428a-a44a-6cc7cfd8eb2d\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:10:37 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\fe0d57be-7090-4d19-9902-7670d4dffcb4\appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:08:15 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\6d13a9ca-ddbe-4619-92d7-f65385431e7b\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:08:15 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\51ce6fed-be7b-4979-b5c1-ba849439401a\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:08:15 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\018b4739-a58d-4a32-a635-a56ed380cc73\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:08:13 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8d77b2f8-b8fb-4d49-9a7c-1c0a7f67f32c\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:08:13 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ------w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\172daf1e-fd2a-44c7-a63a-6b14cfe07424\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
2014-03-08 10:08:11 D22E4A5C59C778CD037313EB5BDD8CCD 16976 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\30992f2e-2bfb-4c11-b222-09d9421bcbb7\appupdaterrules_dell\AddCertificate.exe
=== C: other files ==
2014-03-14 08:46:59 1B5F71702A2D245719EF78322D47D295 4930 ----a-w- C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VVQOMPFY\bbnaut[1].zip
2014-03-13 22:27:07 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\34205e05-547d-431c-8696-62eef00f18fd\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-13 22:27:07 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0c479fd0-cfb8-492b-8da1-7b45bf56457b\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-13 22:27:06 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0d638500-67cc-4530-875b-65bd57f6d12d\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-13 22:27:04 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\571b724b-1c2d-483c-a2ae-d5c6c9b34476\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-13 22:27:04 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\5d26b218-0f59-4b0d-a108-ce61f1633edb\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-13 22:27:03 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0a34daba-9399-4a05-b3a7-151b6e2e3cfe\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-13 22:26:59 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\1bce4b61-7abe-42f4-a5ec-574ad21e64bd\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-12 23:09:33 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 22:48:55 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\ec9f2706-6102-4d02-85c3-c7531f03c423\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:48:54 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f2fa7d4f-ed31-439c-bb7c-c138d526cedd\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:48:54 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8e519597-e212-43ee-93af-18fd43d1b1e3\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:48:52 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\37c6157a-8f0e-4511-888e-4aecc4ee1e1d\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-12 22:48:51 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\bd72369b-6e46-474e-9a0a-b255e464b0cf\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:48:50 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\af523b5c-1aa6-4a8f-9c64-1c3dd8550575\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:48:44 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8203ee3a-e8e9-4a32-9088-632568789fcd\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-12 22:45:24 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\889dfc63-b0af-4b46-9d69-5adfcc3edac8\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:45:23 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4c161bdf-fc42-4e6a-b3dc-703c11456af8\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:45:22 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f2dce190-9f18-4ad0-a69f-bd46291372b1\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:45:21 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f02d65b8-3c7c-4628-b459-66154afbe839\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-12 22:45:20 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\915a6fd5-a989-418e-90eb-ee92216823e5\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:45:19 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\6d7dc06d-057f-42e4-be7a-dfb65fcee6f4\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-12 22:45:15 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\04211882-dc7e-48e2-95b7-a1414e9eb030\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-11 20:13:16 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8e3cc4e9-c543-4f1b-a827-522faea70ea5\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-11 20:13:16 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\68375ae1-9be6-4384-8322-13944980c1ac\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-11 20:13:16 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\307c4af7-6c5a-4af8-b4e5-a598be8f37e7\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-11 20:13:12 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\86b13896-e039-4012-a9ad-2ab01290d834\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-11 20:13:10 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4bdbe13a-9bf4-485d-9173-5736d00b6d10\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-11 20:13:09 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\3af27855-fd1b-4b48-89d6-54fc7d07a7e3\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-11 20:13:06 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\40bbf43c-42c5-4d1c-bd77-3e4a670c55b8\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-10 21:02:38 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0792c4ac-5007-4aa1-ba79-25eef28ceed5\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 21:02:37 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\2858329b-14f6-4a67-a58f-db306fd53dc5\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-10 21:02:37 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\eb58dd79-b750-4fc7-bf7c-8b90805f7fec\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 21:02:37 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8a1c3013-68d7-4996-8a3a-fbafadfc9444\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 21:02:36 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4027981a-d962-4a54-b565-9602c9dba4e7\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 21:02:36 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\1584ed9e-571d-4955-a356-1ffd011c8e33\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 21:02:35 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f94fccc0-1202-4d81-87d7-42813d097816\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-10 20:59:58 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\61c12fea-d8e7-4860-9b9b-1b6fd7e3202c\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 20:59:58 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\26fe46ed-ebcd-4c2a-8910-79ce027b0c6f\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 20:59:58 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\16fbdc9a-58c5-4871-8446-05146b2ea80e\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 20:59:57 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\d997263d-a44e-454a-8387-9bdf27a8f1a1\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-10 20:59:56 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\32240125-b047-4d5c-b7b3-8f31cd424eb9\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 20:59:55 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\27a51057-2c21-4636-afe4-c8b76bcfc52e\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-10 20:59:55 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\b3853a68-27c4-4931-9191-5448512ef8aa\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-09 13:29:11 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\a603b1e4-2e9d-45cb-be9b-6baef8e5a767\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:29:11 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\290d9cf1-db0d-4de1-87c2-e13016e04ea5\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:29:11 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\25c0ed4b-68fc-4eaf-8fe4-d85f95f33d19\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:29:10 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0a76f8df-95a2-4872-b5a7-a5a0f9302679\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-09 13:29:10 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\f4a05e9f-c9b3-44a6-bd27-0fcb206cbf53\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:29:10 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4dbdd66f-5d1b-4c8f-ab0a-74788b8ef17c\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:29:10 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\7753f8a1-a29e-4912-bf91-ca0cc70e1eae\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-09 13:27:02 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\b45252b4-f749-4b95-ac1f-6a7ce009835e\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:27:02 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\7f632418-f1be-467a-8a69-9703d3a108f8\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:27:02 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\445443d0-415e-492f-a0cb-8602840993ae\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:27:01 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\4cec67f4-b17d-443d-aa18-13867a2d264b\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-09 13:27:01 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\ac2a7800-2352-4054-9554-6482fba4b4de\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:27:01 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\0db2da4c-2ddc-4cf3-b596-a58109813247\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-09 13:26:59 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\31f7e782-4117-4dcd-8e75-f03bd5cedf6d\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-08 10:10:45 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\a47a3bd2-5f3b-4cd5-9b83-e0ed85f044cf\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:10:45 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\1b4c83ef-d9b6-4bef-8efd-80469562f55f\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:10:45 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\19aaee36-a0d5-4836-ac6d-efb048904aa9\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:10:43 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\3a9d8428-d9f7-466d-b9fe-9ce4558c965a\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-08 10:10:43 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\83e6a18a-13ca-4608-a177-f3b5c449bffd\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:10:43 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\7862423a-8cd7-428a-a44a-6cc7cfd8eb2d\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:10:36 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\fe0d57be-7090-4d19-9902-7670d4dffcb4\appupdaterrules_dell\appupdaterrules_dell.zip
2014-03-08 10:08:15 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\6d13a9ca-ddbe-4619-92d7-f65385431e7b\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:08:15 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\51ce6fed-be7b-4979-b5c1-ba849439401a\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:08:15 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\018b4739-a58d-4a32-a635-a56ed380cc73\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:08:14 A1FE3E89F1A3B31EF0820EF374592252 62445 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\5d28b6ca-5d2f-486f-b449-94390c3a442f\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
2014-03-08 10:08:13 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\8d77b2f8-b8fb-4d49-9a7c-1c0a7f67f32c\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:08:13 6C5C2B40C7A67432DE0C193772C5DE4F 60606 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\172daf1e-fd2a-44c7-a63a-6b14cfe07424\PCDoctor_6219.34_windows_appupdaterrules_dell\PCDoctor_6219.34_windows_appupdaterrules_dell.zip
2014-03-08 10:08:11 1D9B575A4DE26B262EA8C76109CCFB1D 59018 ----a-w- C:\Users\jonny\AppData\Roaming\PCDr\Update\Rules\30992f2e-2bfb-4c11-b222-09d9421bcbb7\appupdaterrules_dell\appupdaterrules_dell.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Trojan Killer"="C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe 0"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"

[HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Windows\CurrentVersion\runonce]
"DelTr1085252"="cmd.exe /c rd /s /q C:\Users\jonny\AppData\Roaming\mysearchdial"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"FATrayAlert"="C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelTr1085283"="cmd.exe /c rd /s /q C:\Users\jonny\AppData\Roaming\mysearchdial"
"Launcher"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Trojan Killer"="C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe 0"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelTr1085252"="cmd.exe /c rd /s /q C:\Users\jonny\AppData\Roaming\mysearchdial"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe"
"BDAgent"="C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
"lxdemon.exe"="C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe"
"lxdeamon"="C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\jonny\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"DivXUpdate"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcSoft Connection Service"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell DataSafe Online]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dell DataSafe Online"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell DataSafe Online\\DataSafeOnline.exe\" /m"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\jonny\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Messenger (Yahoo!)"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~2\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nikon Message Center 2"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualCloneDrive"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^jonny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
"path"="C:\\Users\\jonny\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BBC iPlayer Desktop.lnk"
"backup"="C:\\Windows\\pss\\BBC iPlayer Desktop.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\BBC iPlayer Desktop\\BBC iPlayer Desktop.exe "
"item"="BBC iPlayer Desktop"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ACDaemon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RoxMediaDB10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]


==== Startup Folders ======================

2010-10-20 08:55:24 2000 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2010-10-20 08:55:24 2000 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2011-10-02 18:17:24 1169 ----a-w- C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
2011-06-16 19:26:18 1151 ----a-w- C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core1cce1305b2f9fc.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA1cce130874bc61.job --a------ [Undetermined Task]
C:\Windows\tasks\UpdaterEX.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-jonny-PC-jonny" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Divx online update program" [C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe]
"C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core" [C:\Users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core1cce1305b2f9fc" [C:\Users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA" [C:\Users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA1cce130874bc61" [C:\Users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\LoJack for Laptops Install" ["%PROGRAMFILES(x86)%\Absolute Software\LoJack Install\FactoryInstaller.exe"]
"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\DHZRYRN1\Administrator - Start WLAN Tray Applet" [C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [31/08/2011 12:18]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mhfdcmehmjcclgopdodkjdicohagipid - C:\Users\jonny\AppData\Local\Temp\crxAD64.tmp[]
niapdbllcanepiiimjjndipklodoedlc - C:\Users\jonny\AppData\Local\Temp\YontooLayers.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[23/05/2011 18:24]

Angry Birds - jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Wallet - jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en"
{F7DA2C4F-8ABE-44CF-8664-FF0BF4DEB55A} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2127497714-811344910-2215721089-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F7DA2C4F-8ABE-44CF-8664-FF0BF4DEB55A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{84481A87-2316-4923-8FAB-3BA8CA29323D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\jonny\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=258 folders=88 92015967 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jonny\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\jonny\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\tasks\UpdaterEX.job" not found

==== EOF on 15/03/2014 at 6:37:42.39 ======================
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 3:04 am

hi Cypher, part 2 of the logs.


OTL logfile created on: 3/15/2014 6:42:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.03% Memory free
7.98 Gb Paging File | 5.52 Gb Available in Paging File | 69.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 255.49 Gb Free Space | 57.01% Space Free | Partition Type: NTFS

Computer Name: JONNY-PC | User Name: jonny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/15 06:41:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonny\Desktop\OTL.exe
PRC - [2014/02/25 14:23:50 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe
PRC - [2014/02/25 05:43:46 | 000,496,192 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/03/28 12:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2012/03/26 16:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2011/10/27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/21 17:00:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/21 16:58:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/04 11:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/03/04 01:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 01:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/15 12:58:34 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
PRC - [2010/02/15 12:58:32 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
PRC - [2009/06/24 21:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/18 03:46:30 | 000,643,948 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2014/02/13 19:14:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6075432058b0de45ff925a5a78272154\IAStorUtil.ni.dll
MOD - [2014/02/13 18:33:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 18:32:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 18:32:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 18:32:29 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 18:32:25 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 18:32:22 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 18:32:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 18:32:04 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/10/27 22:46:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/07/21 22:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 22:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/12/12 05:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 10:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 10:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/05/21 17:00:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/05/21 16:59:16 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/05/21 16:58:56 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/05/21 16:58:54 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/05/21 16:58:48 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/05/21 16:58:46 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/05/21 16:58:42 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/05/21 16:58:18 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/04/04 11:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/04/04 11:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/04/04 11:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2010/02/15 12:58:34 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
MOD - [2010/02/15 12:58:32 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
MOD - [2010/02/09 06:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\app4r.monitor.core.dll
MOD - [2010/02/09 06:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\app4r.monitor.common.dll
MOD - [2010/02/09 06:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll
MOD - [2009/06/10 21:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008/06/06 05:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/24 14:21:26 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdescw.dll
MOD - [2007/05/03 09:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdedatr.dll
MOD - [2007/03/26 01:39:36 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 4800 Series\lxdecats.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 04:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/06 23:04:59 | 001,957,912 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012/08/20 17:44:19 | 000,067,904 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012/04/24 19:59:21 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011/10/14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/22 02:01:12 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/20 20:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/02 17:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/18 02:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/17 01:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/05/29 07:05:54 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdecoms.exe -- (lxde_device)
SRV:64bit: - [2007/05/29 07:04:44 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
SRV - [2014/03/12 22:34:37 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/25 14:23:50 | 000,252,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe -- (FreeFLVConverterUpdt)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/01 19:39:39 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/28 12:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/05/21 16:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/04 01:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/20 20:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/26 16:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2007/05/29 07:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 07:04:44 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 04:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 23:04:49 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/12/06 23:04:42 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/12/06 23:04:07 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/20 17:44:10 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 14:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/11/17 16:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 19:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/08/16 13:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 16:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 22:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/13 08:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/04/22 09:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 10:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/22 02:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 01:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/20 20:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2010/01/19 11:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/01/19 11:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/01/19 11:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/01/19 11:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/11/20 06:25:42 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/11/02 17:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/20 18:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 01:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/17 01:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 01:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 11:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 00:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 10:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 04:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 04:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 04:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 18:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/09/25 00:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/01 17:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{1315BA15-E112-4E98-BA4C-2D7FF30BB19B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jonny\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jonny\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/01/28 12:46:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/31 12:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/01/28 12:46:21 | 000,000,000 | ---D | M]

[2011/07/28 10:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonny\AppData\Roaming\Mozilla\Extensions
[2011/07/28 10:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonny\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.mysearchdial.com/?f=1&a=dn ... 699002&ir=
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jonny\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jonny\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jonny\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\jonny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jonny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Wallet = C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/03/17 20:26:59 | 000,431,212 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14840 more lines...
O2:64bit: - BHO: (FreeFLVConverter) - {DC7CE5D0-3608-4FD0-8853-D5822E02135D} - C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll (Free FLV Converter)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FreeFLVConverter) - {DC7CE5D0-3608-4FD0-8853-D5822E02135D} - C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter.dll (Free FLV Converter)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [lxdeamon] C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe ()
O4:64bit: - HKLM..\Run: [lxdemon.exe] C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Trojan Killer] C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe (GridinSoft LLC.)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D03EF9B-5BC0-4B04-875A-FB061A7DEFFA}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1085821-51DA-42C0-9FE3-77BDBE38E382}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\Shell - "" = AutoRun
O33 - MountPoints2\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{6de27090-b57f-11e1-85c4-c44619f714a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6de27090-b57f-11e1-85c4-c44619f714a6}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/15 06:41:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonny\Desktop\OTL.exe
[2014/03/15 06:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/15 06:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2014/03/15 01:14:00 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/03/15 01:14:00 | 000,000,000 | ---D | C] -- C:\Users\jonny\AppData\Local\Temp
[2014/03/15 00:49:13 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/03/15 00:35:09 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/15 00:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/15 00:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/03/14 08:26:47 | 000,000,000 | ---D | C] -- C:\Users\jonny\AppData\Roaming\WinPatrol
[2014/03/14 08:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/03/14 08:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2014/03/14 01:37:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonny\Desktop\dds.scr
[2014/03/13 03:01:16 | 000,000,000 | ---D | C] -- C:\5d3d483894a5a06d45a4781d6054
[2014/03/12 22:23:30 | 000,000,000 | ---D | C] -- C:\Users\jonny\Marvel.Agents.Of.SHIELD.S01E15.Yes.Men.720p.WEB-DL.DD5.1.H.264-ECI [PublicHD]
[2014/03/12 22:23:27 | 000,000,000 | ---D | C] -- C:\Users\jonny\The.Originals.S01E16.720p.HDTV.X264-DIMENSION[rarbg]
[2014/03/11 20:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/11 20:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/11 20:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/11 20:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/11 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/11 20:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Investintech.com Inc
[2014/03/11 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2014/03/11 20:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/03/11 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\jonny\Avengers.Confidential.Black.Widow.And.Punisher.2014.HDRip.h264.AAC-RARBG
[2014/03/11 19:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/11 19:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/03/10 20:43:35 | 000,000,000 | ---D | C] -- C:\Users\jonny\BackroomCastingCouch.14.03.10.Carlynn.XXX.720p.MP4-KTR[rarbg]
[2014/03/10 20:29:48 | 000,000,000 | ---D | C] -- C:\Users\jonny\The.Mentalist.S06E13.720p.HDTV.X264-DIMENSION[rarbg]
[2014/03/09 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\jonny\Black.Sails.S01E07.720p.HDTV.x264-KILLERS[rarbg]
[2014/03/08 08:48:10 | 000,000,000 | ---D | C] -- C:\Users\jonny\Casting Couch X - Belle Knox HD 1080p
[2014/03/01 20:14:58 | 000,000,000 | R--D | C] -- C:\Users\jonny\Dropbox
[2014/03/01 20:12:56 | 000,000,000 | ---D | C] -- C:\Users\jonny\AppData\Roaming\DropboxMaster
[2014/03/01 20:12:36 | 000,000,000 | ---D | C] -- C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/03/01 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\jonny\AppData\Roaming\Dropbox
[2014/02/25 23:24:21 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/21 10:59:43 | 000,000,000 | ---D | C] -- C:\Users\jonny\The Commitments_1991_dvdrip_xvid-Ekolb
[2014/02/14 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonny\Someone.Marry.Barry.2014 HDRip XViD juggs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/15 06:43:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/15 06:43:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/15 06:41:39 | 000,783,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/15 06:41:39 | 000,667,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/15 06:41:39 | 000,126,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/15 06:41:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonny\Desktop\OTL.exe
[2014/03/15 06:37:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/15 06:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/15 06:35:47 | 3212,177,408 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/15 00:49:13 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/03/15 00:44:38 | 004,095,370 | ---- | M] () -- C:\Users\jonny\Desktop\zoek.zip
[2014/03/15 00:39:56 | 000,000,326 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2014/03/15 00:36:30 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-JONNY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/15 00:34:52 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/03/15 00:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/15 00:32:56 | 003,944,112 | ---- | M] () -- C:\Users\jonny\Desktop\tweaking.com_registry_backup_setup.exe
[2014/03/15 00:24:05 | 000,321,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/14 08:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA1cce130874bc61.job
[2014/03/14 08:17:22 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA.job
[2014/03/14 08:15:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/14 01:37:13 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonny\Desktop\dds.scr
[2014/03/13 23:22:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core1cce1305b2f9fc.job
[2014/03/12 22:37:22 | 339,230,390 | ---- | M] () -- C:\Users\jonny\The.Valleys.S03E03.HDTV.x264-C4TV.mp4
[2014/03/12 22:29:08 | 000,000,112 | ---- | M] () -- C:\Users\jonny\AppData\Roaming\WB.CFG
[2014/03/11 20:32:35 | 000,027,136 | ---- | M] () -- C:\Windows\SysNative\bddel.exe
[2014/03/11 20:17:09 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core.job
[2014/03/11 19:58:48 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/08 11:24:46 | 001,285,120 | ---- | M] () -- C:\Users\jonny\Desktop\zoek.exe
[2014/03/08 11:05:50 | 001,414,742 | ---- | M] () -- C:\Users\jonny\Desktop\zoek.scr
[2014/03/08 11:05:50 | 001,414,742 | ---- | M] () -- C:\Users\jonny\Desktop\zoek.com
[2014/03/08 10:13:40 | 836,440,944 | ---- | M] () -- C:\Users\jonny\Hannibal.S02E02.720p.HDTV.X264-DIMENSION.mkv
[2014/03/08 09:24:58 | 664,297,475 | ---- | M] () -- C:\Users\jonny\ExploitedTeens - Belle Knox (POV) (2014).wmv
[2014/03/01 20:14:58 | 000,001,043 | ---- | M] () -- C:\Users\jonny\Desktop\Dropbox.lnk
[2014/02/27 21:54:35 | 000,767,774 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/27 20:38:32 | 301,872,232 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/15 01:14:01 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/03/15 00:50:24 | 001,414,742 | ---- | C] () -- C:\Users\jonny\Desktop\zoek.scr
[2014/03/15 00:50:23 | 001,414,742 | ---- | C] () -- C:\Users\jonny\Desktop\zoek.com
[2014/03/15 00:46:21 | 001,285,120 | ---- | C] () -- C:\Users\jonny\Desktop\zoek.exe
[2014/03/15 00:44:38 | 004,095,370 | ---- | C] () -- C:\Users\jonny\Desktop\zoek.zip
[2014/03/15 00:36:30 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-JONNY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/15 00:34:52 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/03/15 00:32:56 | 003,944,112 | ---- | C] () -- C:\Users\jonny\Desktop\tweaking.com_registry_backup_setup.exe
[2014/03/12 22:25:20 | 339,230,390 | ---- | C] () -- C:\Users\jonny\The.Valleys.S03E03.HDTV.x264-C4TV.mp4
[2014/03/11 20:32:22 | 000,027,136 | ---- | C] () -- C:\Windows\SysNative\bddel.exe
[2014/03/11 20:27:50 | 000,000,112 | ---- | C] () -- C:\Users\jonny\AppData\Roaming\WB.CFG
[2014/03/11 19:58:48 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/08 08:47:21 | 664,297,475 | ---- | C] () -- C:\Users\jonny\ExploitedTeens - Belle Knox (POV) (2014).wmv
[2014/03/08 08:05:10 | 836,440,944 | ---- | C] () -- C:\Users\jonny\Hannibal.S02E02.720p.HDTV.X264-DIMENSION.mkv
[2014/03/01 20:14:58 | 000,001,043 | ---- | C] () -- C:\Users\jonny\Desktop\Dropbox.lnk
[2014/01/09 20:54:34 | 1987,806,758 | ---- | C] () -- C:\Users\jonny\Escape Plan 2013 HDTV AC3 XViD - OLDTiMERS.avi
[2013/10/29 13:45:48 | 730,524,862 | ---- | C] () -- C:\Users\jonny\[ www.UsaBit.com ] - Red.2.2013.DVDRip.XviD-BiDA.avi
[2013/07/29 22:33:47 | 617,644,603 | ---- | C] () -- C:\Users\jonny\16125_02_hd.mp4
[2013/04/27 18:11:26 | 000,007,618 | ---- | C] () -- C:\Users\jonny\AppData\Local\Resmon.ResmonCfg
[2013/01/10 22:30:00 | 734,205,952 | ---- | C] () -- C:\Users\jonny\Dirty Work (1998, DDD DVD-Rip, xvid).avi
[2012/12/30 19:35:14 | 1798,166,144 | ---- | C] () -- C:\Users\jonny\Skyfall.avi
[2012/11/10 00:32:37 | 1472,120,832 | ---- | C] () -- C:\Users\jonny\psig-ted.2012.dvdrip.xvid.ac3.avi
[2012/08/04 14:12:14 | 733,261,824 | ---- | C] () -- C:\Users\jonny\One_Night_In_Paris [Paris_Hilton_Retail_Pr0n] (xvid110-sickboy88).avi
[2012/06/21 18:14:16 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdepmui.dll
[2012/06/21 18:14:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdecomx.dll
[2012/06/21 18:14:16 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeinpa.dll
[2012/06/21 18:14:16 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdeinst.dll
[2012/06/21 18:14:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeiesc.dll
[2012/06/21 18:14:15 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeserv.dll
[2012/06/21 18:14:15 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeusb1.dll
[2012/06/21 18:14:15 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecomc.dll
[2012/06/21 18:14:15 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdehbn3.dll
[2012/06/21 18:14:15 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecoms.exe
[2012/06/21 18:14:15 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdelmpm.dll
[2012/06/21 18:14:15 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecfg.exe
[2012/06/21 18:14:15 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecomm.dll
[2012/06/21 18:14:15 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeih.exe
[2012/06/21 18:14:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeprox.dll
[2012/01/28 12:47:12 | 000,237,358 | ---- | C] () -- C:\ProgramData\1327754558.bdinstall.bin
[2011/05/24 18:18:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/05/24 18:18:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/05/24 18:18:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/07 20:40:00 | 000,017,408 | ---- | C] () -- C:\Users\jonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/04 12:58:17 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\APP_NAME_NON_STRING
[2013/06/14 10:37:30 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\AVG
[2013/06/14 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\avidemux
[2011/01/25 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/01/28 12:47:40 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Bitdefender
[2013/08/23 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\BitTorrent
[2013/06/14 16:48:04 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Boilsoft
[2013/11/18 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Canon
[2011/04/19 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/21 09:31:44 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\DraftSight
[2014/03/14 08:15:25 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Dropbox
[2014/03/01 20:14:58 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\DropboxMaster
[2010/11/05 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\FreeFileViewer
[2012/09/18 11:27:17 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Lexmark Productivity Studio
[2012/12/29 16:20:09 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\mkvtoolnix
[2013/10/17 15:26:04 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\MusicNet
[2011/06/16 19:22:42 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\NASNaviator2
[2011/05/24 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Nikon
[2012/11/18 08:54:20 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\OnLive App
[2011/02/26 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\PCDr
[2013/01/04 13:03:16 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\PDF Architect
[2014/03/13 02:57:48 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\qBittorrent
[2013/06/21 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Rovio
[2011/07/29 11:15:02 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\Shareaza
[2013/02/17 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\SoftGrid Client
[2011/04/12 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\WhiteSmoke
[2014/03/14 08:26:47 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\jonny\Downloads:Shareaza.GUID

< End of report >
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 3:04 am

hi Cypher, part 3 of the logs

OTL Extras logfile created on: 3/15/2014 6:42:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.03% Memory free
7.98 Gb Paging File | 5.52 Gb Available in Paging File | 69.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 255.49 Gb Free Space | 57.01% Space Free | Partition Type: NTFS

Computer Name: JONNY-PC | User Name: jonny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01793EFB-4B66-4E83-A4FD-4CE12E4A2CEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{0B4DD511-FF28-4CD8-9D3E-9A8912EC81BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{11ADF4D9-2830-42D6-9C8C-77DF623F1D7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F822D82-BC97-4D6F-85D0-7449D4226EA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{202B2D99-F9F3-43DB-A848-B8B58410A921}" = lport=138 | protocol=17 | dir=in | app=system |
"{27D24FB9-A10C-40EA-A4D6-88EAC9E72451}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{341584F6-26BF-4A42-8D24-3D4B54FAEF6D}" = rport=139 | protocol=6 | dir=out | app=system |
"{563A0D00-4E97-453A-B981-5CC86EF1C6E1}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{5E7FF056-4143-4725-A18A-70B2F77E18ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{7496383D-A677-47AE-97BC-35C56B328558}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{7A0D471D-52B9-49D3-8F91-9C8CFBE7478D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7EC9E955-6668-4E3C-8FB6-352717ECF50C}" = lport=445 | protocol=6 | dir=in | app=system |
"{9D3AC831-AF2E-4A0D-9B91-250D93A4E115}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A339FD4D-18E7-4A25-87F4-E720E96BBCB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4382CB1-A043-4C9A-A392-A1331A6F14E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AAD780C8-E631-482F-9441-2A0332B05E34}" = rport=138 | protocol=17 | dir=out | app=system |
"{B821B4BA-6E76-4AF7-B50A-7F0D540B50ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{CF0D258B-EFFC-4949-B368-F471AD1CAB7E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF917D68-28CF-4E0D-8287-2E315C4CEA03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E6155517-DBEB-4E93-B929-5B70190B8CC9}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DFE741-CF9E-4C2C-94D2-D0E808CF44DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0247D82B-2CF2-467B-812E-2DF3775AC4E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdecoms.exe |
"{025F1262-B944-4693-9282-F5784FBE5D51}" = protocol=17 | dir=in | app=c:\users\jonny\appdata\roaming\dropbox\bin\dropbox.exe |
"{09682226-5CEB-4C70-8905-1490905CA5FB}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasinst.exe |
"{0B658831-33ED-4E0C-B51D-33A47E5CF0DE}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasinst.exe |
"{0B776A9D-5DE2-4B20-9DFA-85731E9055D6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdecfg.exe |
"{12DF0007-7BC7-47DE-8C50-61F4AB9161BA}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 4800 series\frun.exe |
"{1739768D-634A-421C-9B8B-218F8755B83F}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\lxdeamon.exe |
"{1A630B20-1C46-43AD-9B97-8ACB34B7C7AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1ABBDFE3-B7C3-41D7-939B-C2BE6C28AD4F}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\frun.exe |
"{1CAC08BB-5E53-404E-B0C9-9DE0AEE76224}" = protocol=17 | dir=in | app=c:\windows\system32\lxdecfg.exe |
"{1DD2CFF4-9E02-431A-9042-E0324A7ABBDB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2709CF7A-F8F7-41BF-B1C8-75D7E1072F39}" = protocol=6 | dir=in | app=c:\users\jonny\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C820EBF-FBD2-42B7-98AD-3B43AF60AC92}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\lxdemon.exe |
"{2E350CF5-9980-4571-BB47-E54C6C33F1AF}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdecoms.exe |
"{2E86F915-6265-4442-B119-75438845C48B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{315FF40A-AD28-44B0-8DB3-85FE5E4A0C99}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdepswx.exe |
"{3D233D10-9598-4E69-ADA6-92A51617133F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3D9B737D-9DE6-4236-8701-ADACFF517134}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{45AF26F5-FC68-46BD-B13F-C65C762E55A5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4918E3E0-1C36-4899-A239-0DCA58B248A9}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{4E807FE3-DF3D-4E25-844A-59C60AAC1F6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5052E8A3-C956-4DD3-8110-75A45176A0F2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdecoms.exe |
"{5B4F0CC5-C02A-4C7A-98A6-0AF4069A6904}" = protocol=6 | dir=in | app=c:\windows\system32\lxdecoms.exe |
"{5D3C1D40-55D6-4187-A807-B11A481C4495}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\wireless\lxdewpss.exe |
"{61B833FA-43D6-42AE-9244-54A5CF43125A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 4800 series\wireless\lxdewpss.exe |
"{6A49ADA5-959E-42A4-B505-60F9269BF1C1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 4800 series\lxdemon.exe |
"{6C774BF0-7819-4E8B-8082-6C2C81215038}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\lxdemon.exe |
"{73ECD8A0-A922-41F1-A205-C29314E2DC75}" = protocol=6 | dir=in | app=c:\users\jonny\appdata\local\akamai\netsession_win.exe |
"{7998D9A4-CBB7-49CF-8BB1-4557D6F3AF81}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdepswx.exe |
"{84E91B89-8FF5-4342-8F88-F864C6F087BC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{859112B1-EC60-40A5-A56A-C0EB4E66CC6F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdejswx.exe |
"{86185CE9-B892-4DA9-AA23-70DD605AC1A5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 4800 series\wireless\lxdewpss.exe |
"{87B52B38-51BC-4C69-8342-C3572A8501B9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{88B7BD23-63F1-4D53-8254-EFDE458062A0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 4800 series\lxdeamon.exe |
"{8A7865DC-8AB5-411D-9C14-4D0508D2AE96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FE11BA2-23B0-4583-A8B3-C46ADA202BA8}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\frun.exe |
"{98B13827-D2A4-4101-A3EB-B4E10396F573}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9C19305B-8353-4336-8449-F6F7B31F6039}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 4800 series\lxdemon.exe |
"{9D73C33C-45BE-480D-B839-4628E24FF8A2}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\wireless\lxdewpss.exe |
"{A9B16797-DBD7-46B3-B661-5BC54D9D8E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 4800 series\frun.exe |
"{AA2297DA-DEA5-4ED0-B0B1-BD277936CD6B}" = protocol=17 | dir=in | app=c:\users\jonny\appdata\local\akamai\netsession_win.exe |
"{AEC7EE7F-25E2-4CB9-8331-99D4DFDFAD64}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B01EADD6-7EFF-4A24-90BD-4873039B6F08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0645EB5-255B-4E8F-B7CD-FE71AEDCBA8D}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{B385355C-633D-4CDC-9246-C856848C20D0}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{C4415DB2-57C1-456F-A2C6-8A55FB9CF4D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C58CF5F6-BA97-420B-8E76-718D56455044}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 4800 series\lxdeamon.exe |
"{C70FF233-8F0B-46B0-B4F9-EAD4408C61E6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C8CA4FFB-84A2-41A9-BB00-8D660345EFC9}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{CA56C9B4-53B7-4857-929F-34953E85ECD9}" = dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D5928044-F386-42DA-8580-7FAFAFB5ACBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEF6B35A-4CE3-4E7E-8397-F9EF9EF64E91}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{DFF1F0CB-741D-4FA3-BAB7-88ED87E84444}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{EB563D35-7CD3-4AA9-AC9A-46741AA10281}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdejswx.exe |
"{EB59AEF8-6C6D-4CB5-887D-1FB3A4757E99}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 4800 series\lxdeamon.exe |
"{EBD50220-6236-47B7-B424-586AAD75C78E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdetime.exe |
"{F4CD0C9D-953D-480D-97F9-613E1B4C57BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdetime.exe |
"{F9DC7049-431C-4A7F-AEF7-00F907EC3D62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE15182A-EB1E-4262-BFC2-ADBF65E51F36}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FE7867A8-D0A5-46FB-9CB5-35BCD9341B6C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FEE0C99F-C9D6-4928-8022-E5BBA4F214A4}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{FFC9EF2A-2A7A-4F0C-B607-4A6C6F09F62B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"TCP Query User{1DC0FACB-6B25-4FC5-AA40-2DCA75C9B433}C:\program files (x86)\lexmark 4800 series\lxdemon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 4800 series\lxdemon.exe |
"UDP Query User{0F735A6F-26FF-4F69-894A-E16708EA1057}C:\program files (x86)\lexmark 4800 series\lxdemon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 4800 series\lxdemon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series" = Canon MG4200 series MP Drivers
"{1336D61B-1D48-4E5C-9E39-35444B00EE3D}" = FastAccess
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{37D0157F-45C6-4DB2-9AE5-489DD98CE169}" = iTunes
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBD530B3-091A-5BD9-275E-CBDF1CCA2E54}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Bitdefender" = Bitdefender Total Security 2012
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Lexmark 4800 Series" = Lexmark 4800 Series
"PC-Doctor for Windows" = My Dell
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0869F6A1-86BA-65D2-C97F-B0EE333D0902}" = Catalyst Control Center Graphics Full New
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 6.33
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A344298-86D7-C605-5B26-C7952B4CF938}" = Skins
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF6F0AE-5471-44BF-9809-B6FAD9D04478}" = Angry Birds Star Wars
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{445FC29E-EE77-FC7B-905C-F53D7307D03B}" = Catalyst Control Center Graphics Full Existing
"{448E51F0-8E9A-9B4C-3EB6-B7401389A563}" = CCC Help Norwegian
"{49E40759-1C1A-4FFC-1BBE-2D50002FAC77}" = CCC Help Finnish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{526A90EA-B2BF-BEE2-8017-71536A1FBDD9}" = Catalyst Control Center InstallProxy
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60E4B7E6-C7A8-147C-6ACF-2E9E6CCDEFE1}" = CCC Help Korean
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{696A6D35-1A6D-D520-808B-26C240020F30}" = Catalyst Control Center Core Implementation
"{6B102088-057B-0342-B2B8-C3352D769955}" = CCC Help French
"{70F2EF06-E7FB-7656-9142-FF2BCA8B930C}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CCE802E-898B-6749-5FB2-25D3998AD2D6}" = CCC Help Danish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{890C4AF6-9B42-A76C-7572-C0B00B2EEFF6}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9096E5ED-9A18-FE68-A372-BFFCF223B0A6}" = Catalyst Control Center Localization All
"{9215ECF0-9172-5E81-60FE-B376F2178A2D}" = Catalyst Control Center Graphics Previews Common
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99C0DA37-F349-3665-E861-569887900324}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33054A0-415E-092B-9B5C-73254920B324}" = ccc-core-static
"{A677D827-B2EE-EE93-2B30-45B3AC4CD48C}" = Catalyst Control Center Graphics Previews Vista
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE4D31E0-2695-BF72-A7AD-387141CDCCE8}" = CCC Help Italian
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C4E64B86-C071-BFFF-A61D-DFB9E67D518C}" = CCC Help Portuguese
"{C507CE57-5AFF-6A0B-33AB-EC5B4AD2B5C6}" = CCC Help Russian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC9D6678-4966-0030-3A96-455A408ACC6D}" = CCC Help Spanish
"{CE8B57D7-66D9-E5F2-9899-247B825DA6C6}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBB8EC9-9482-8613-6ECA-2CCACE8E5C6D}" = Catalyst Control Center Graphics Light
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDC33053-68A3-DB5F-17E6-822674008423}" = CCC Help Chinese Traditional
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F69D9812-0759-DB5C-A849-140E74C93513}" = CCC Help Japanese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE45C734-EF41-D5CE-C3DB-B1E76213E811}" = CCC Help Dutch
"{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1" = Wondershare Data Recovery(Build 4.2.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Akamai" = Akamai NetSession Interface Service
"Canon MG4200 series On-screen Manual" = Canon MG4200 series On-screen Manual
"Canon MG4200 series User Registration" = Canon MG4200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Free FLV Converter" = Free FLV Converter
"GridinSoft Trojan Killer" = Trojan Killer
"Lexmark 4800 Series" = Lexmark 4800 Series
"MKVToolNix" = MKVToolNix 5.9.0
"MyTomTom" = MyTomTom 3.2.0.1116
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"UN060501" = BUFFALO NAS Navigator2
"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.5.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WM Recorder 14" = WM Recorder 14
"Yahoo! Messenger" = Yahoo! Messenger
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UpdaterEX" = Extended Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2014 1:28:47 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 1:44:00 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 1:59:12 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:14:26 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:29:39 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:36:26 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:36:26 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:36:26 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:36:26 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

Error - 3/15/2014 2:51:39 AM | Computer Name = jonny-PC | Source = FreeFLVConverter | ID = 2
Description =

[ Broadcom Wireless LAN Events ]
Error - 1/13/2014 3:25:29 PM | Computer Name = jonny-PC | Source = WLAN-Tray | ID = 0
Description = 19:25:29, Mon, Jan 13, 14 Error - Unable to gain access to user store


Error - 1/25/2014 7:13:24 AM | Computer Name = jonny-PC | Source = WLAN-Tray | ID = 0
Description = 11:13:24, Sat, Jan 25, 14 Error - Unable to gain access to user store


[ System Events ]
Error - 3/14/2014 9:04:35 PM | Computer Name = jonny-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/14/2014 9:04:35 PM | Computer Name = jonny-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/15/2014 2:36:26 AM | Computer Name = jonny-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdeCATSCustConnectService
service to connect.

Error - 3/15/2014 2:36:26 AM | Computer Name = jonny-PC | Source = Service Control Manager | ID = 7000
Description = The lxdeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/15/2014 2:36:28 AM | Computer Name = jonny-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 3/15/2014 2:36:40 AM | Computer Name = jonny-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter trufos

Error - 3/15/2014 2:36:42 AM | Computer Name = jonny-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 3/15/2014 2:36:42 AM | Computer Name = jonny-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 3/15/2014 2:37:51 AM | Computer Name = jonny-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 3/15/2014 2:37:51 AM | Computer Name = jonny-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby Cypher » March 15th, 2014, 6:45 am

Hi,
thanks for the help

You're welcome.
Continue with the instructions below, once done let me know if you're still having problems.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :otl
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    CHR - default_search_provider: Mysearchdial ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://start.mysearchdial.com/?f=1&a=dn ... 699002&ir=
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [FAStartup] File not found
    O33 - MountPoints2\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\Shell - "" = AutoRun
    O33 - MountPoints2\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\Shell\AutoRun\command - "" = E:\Autorun.exe
    O33 - MountPoints2\{6de27090-b57f-11e1-85c4-c44619f714a6}\Shell - "" = AutoRun
    O33 - MountPoints2\{6de27090-b57f-11e1-85c4-c44619f714a6}\Shell\AutoRun\command - "" = G:\autorun.exe
    [2013/08/23 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\BitTorrent
    [2014/03/13 02:57:48 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\qBittorrent
    [2011/04/12 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\jonny\AppData\Roaming\WhiteSmoke
    @Alternate Data Stream - 16 bytes -> C:\Users\jonny\Downloads:Shareaza.GUID
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • AdwCleaner log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 7:11 am

hi Cypher,

my IE home page is still being reset to about:blank. my system is running faster again now.


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f9a27a5-c0cc-11e0-a8ca-f04da25314b6}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de27090-b57f-11e1-85c4-c44619f714a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de27090-b57f-11e1-85c4-c44619f714a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de27090-b57f-11e1-85c4-c44619f714a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de27090-b57f-11e1-85c4-c44619f714a6}\ not found.
File G:\autorun.exe not found.
C:\Users\jonny\AppData\Roaming\BitTorrent\ie folder moved successfully.
C:\Users\jonny\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\jonny\AppData\Roaming\BitTorrent\Cache folder moved successfully.
C:\Users\jonny\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\jonny\AppData\Roaming\BitTorrent folder moved successfully.
C:\Users\jonny\AppData\Roaming\qBittorrent folder moved successfully.
C:\Users\jonny\AppData\Roaming\WhiteSmoke folder moved successfully.
Unable to delete ADS C:\Users\jonny\Downloads:Shareaza.GUID .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jonny\Desktop\cmd.bat deleted successfully.
C:\Users\jonny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jonny
->Temp folder emptied: 242943 bytes
->Temporary Internet Files folder emptied: 823533435 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 60216 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 1212928 bytes

Total Files Cleaned = 787.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03152014_105320

Files\Folders moved on Reboot...
C:\Users\jonny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V61O9IJC\xhamster-945x100[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V61O9IJC\xhamster-pictures[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S7DMW0H0\popup[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\14220[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\18453[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\18455[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\afr4C0RUTJO.htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\afrEAA5GYNR.htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\amz[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\event-report[1].txt moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\if[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QET65423\zrt_lookup[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GC5XIZFY\sh151[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIHFDRA2\18454[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIHFDRA2\18522[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIHFDRA2\ads-iframe-display[9].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIHFDRA2\Channel[2].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXVQFNNW\ads-iframe-display[7].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXVQFNNW\afrYVFA128F.htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXVQFNNW\amz[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXVQFNNW\ChannelList[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXVQFNNW\ChatApplet[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXVQFNNW\userlist[1].htm moved successfully.
File\Folder C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\adsAMMOLUW7.htm not found!
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\afrCUCLHX38.htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\Channel[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\event-report[3].txt moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\index[4].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\new-amateur-1[2].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHPMV306\viewtopic[1].htm moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\71SU7FU5\DroidSans[1].woff moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\jonny\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



# AdwCleaner v3.022 - Report created 15/03/2014 at 11:05:19
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jonny - JONNY-PC
# Running from : C:\Users\jonny\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PC Optimizer Pro
File Deleted : C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\clickpotatolitesa
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\ClickPotatoLite
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Google Chrome v

[ File : C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [7411 octets] - [15/03/2014 11:02:43]
AdwCleaner[S0].txt - [7133 octets] - [15/03/2014 11:05:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7193 octets] ##########
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby Cypher » March 15th, 2014, 7:20 am

Hi,
my IE home page is still being reset to about:blank.

Ok lets reset IE, sometimes the simple fix is the one that works.

Reset - Internet Explorer

  • Launch Internet Explorer.
  • Under the Tools menu, click on Internet Options.
  • In the pop-up Internet Options window, click on the Advanced tab and then click on the Reset button.
  • Tick the Delete Personal Settings option.
  • Then click on the Reset button to process the browser reset.
  • When complete, click the Close button.
  • Click on the OK button in the Internet Explorer restart reminder window.
  • Restart Internet Explorer.

Still having problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 7:40 am

hi cypher,

I keep getting pop ups for this site

hxxp://lp.allfree-apps.net/pdfcreator/? ... =419159085
Last edited by Cypher on March 15th, 2014, 7:44 am, edited 1 time in total.
Reason: Disabled link
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby Cypher » March 15th, 2014, 7:45 am

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 8:17 am

hi Cypher,

ComboFix 14-03-13.01 - jonny 15/03/2014 12:00:00.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4084.2262 [GMT 0:00]
Running from: c:\users\jonny\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1327754558.bdinstall.bin
c:\programdata\PCDr\6422\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5dc25d30-0116-4ea0-9e12-f329c60c603b.dll
c:\programdata\PCDr\6422\AddOnDownloaded\667e2f17-0031-40e7-a376-b390959abbb8.dll
c:\programdata\PCDr\6422\AddOnDownloaded\6ff7e11c-29c5-4891-bc9e-fae289e9c9fe.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll
c:\programdata\PCDr\6422\AddOnDownloaded\e6166583-b575-4093-a3ca-d9c4587d4bb7.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 )))))))))))))))))))))))))))))))
.
.
2014-03-15 12:08 . 2014-03-15 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-15 11:02 . 2014-03-15 11:05 -------- d-----w- C:\AdwCleaner
2014-03-15 10:53 . 2014-03-15 10:53 -------- d-----w- C:\_OTL
2014-03-15 06:36 . 2014-03-15 06:36 -------- d-----w- c:\programdata\CanonIJPLM
2014-03-15 01:14 . 2014-03-15 00:49 24064 ----a-w- c:\windows\zoek-delete.exe
2014-03-15 01:14 . 2014-03-15 12:11 -------- d-----w- c:\users\jonny\AppData\Local\Temp
2014-03-15 00:49 . 2014-03-15 01:04 -------- d-----w- C:\zoek_backup
2014-03-15 00:35 . 2014-03-15 00:35 -------- d-----w- C:\RegBackup
2014-03-15 00:34 . 2014-03-15 00:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-03-14 08:26 . 2014-03-14 08:26 -------- d-----w- c:\users\jonny\AppData\Roaming\WinPatrol
2014-03-13 03:01 . 2014-03-13 03:01 -------- d-----w- C:\5d3d483894a5a06d45a4781d6054
2014-03-12 23:09 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 23:09 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 23:09 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 23:09 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 23:09 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 23:09 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 23:05 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 23:05 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 22:23 . 2014-03-12 22:24 -------- d-----w- c:\users\jonny\Marvel.Agents.Of.SHIELD.S01E15.Yes.Men.720p.WEB-DL.DD5.1.H.264-ECI [PublicHD]
2014-03-12 22:23 . 2014-03-12 22:37 -------- d-----w- c:\users\jonny\The.Originals.S01E16.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-11 20:32 . 2014-03-11 20:32 27136 ----a-w- c:\windows\system32\bddel.exe
2014-03-11 20:29 . 2014-03-13 02:57 -------- d-----w- c:\program files (x86)\iTunes
2014-03-11 20:29 . 2014-03-13 02:57 -------- d-----w- c:\program files\iTunes
2014-03-11 20:29 . 2014-03-11 20:29 -------- d-----w- c:\program files\iPod
2014-03-11 20:28 . 2014-03-13 02:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-11 20:27 . 2014-03-11 20:27 -------- d-----w- c:\program files (x86)\Investintech.com Inc
2014-03-11 20:27 . 2014-03-13 02:57 -------- d-----w- c:\program files (x86)\Free FLV Converter
2014-03-11 20:00 . 2014-03-12 22:47 -------- d-----w- c:\users\jonny\Avengers.Confidential.Black.Widow.And.Punisher.2014.HDRip.h264.AAC-RARBG
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-11 19:59 . 2014-03-11 19:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-11 19:58 . 2014-03-13 02:57 -------- d-----w- c:\program files (x86)\QuickTime
2014-03-10 20:43 . 2014-03-13 02:57 -------- d-----w- c:\users\jonny\BackroomCastingCouch.14.03.10.Carlynn.XXX.720p.MP4-KTR[rarbg]
2014-03-10 20:29 . 2014-03-13 02:57 -------- d-----w- c:\users\jonny\The.Mentalist.S06E13.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-09 22:40 . 2014-03-13 02:57 -------- d-----w- c:\users\jonny\Black.Sails.S01E07.720p.HDTV.x264-KILLERS[rarbg]
2014-03-08 08:48 . 2014-03-08 08:48 -------- d-----w- c:\users\jonny\Casting Couch X - Belle Knox HD 1080p
2014-03-01 20:14 . 2014-03-14 08:15 -------- d-----r- c:\users\jonny\Dropbox
2014-03-01 20:11 . 2014-03-14 08:15 -------- d-----w- c:\users\jonny\AppData\Roaming\Dropbox
2014-02-25 23:24 . 2014-02-25 23:24 -------- d-----w- c:\windows\Migration
2014-02-21 10:59 . 2014-02-21 11:19 -------- d-----w- c:\users\jonny\The Commitments_1991_dvdrip_xvid-Ekolb
2014-02-14 19:55 . 2014-02-14 20:04 -------- d-----w- c:\users\jonny\Someone.Marry.Barry.2014 HDRip XViD juggs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 22:34 . 2012-04-01 08:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 22:34 . 2011-05-15 10:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:51 . 2010-11-05 17:38 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-12-24 23:09 . 2014-02-12 22:40 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 22:40 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-13 01:05 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-13 01:05 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DC7CE5D0-3608-4FD0-8853-D5822E02135D}]
2014-02-25 14:24 116344 ----a-w- c:\program files (x86)\Free FLV Converter\FreeFLVConverter.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trojan Killer"="c:\program files (x86)\GridinSoft Trojan Killer\trojankiller.exe" [2013-04-03 6840096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe /startup [2012-2-23 1927120]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2012-2-23 206128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 FreeFLVConverterUpdt;FreeFLVConverterUpdt;c:\program files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe;c:\program files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:34]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 21:23]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 21:23]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core1cce1305b2f9fc.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA1cce130874bc61.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC7CE5D0-3608-4FD0-8853-D5822E02135D}]
2014-02-25 14:24 137848 ----a-w- c:\program files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-06 1091200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.co.uk/
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WinPatrol - c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1 - c:\program files (x86)\Wondershare\Data Recovery\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
.
**************************************************************************
.
Completion time: 2014-03-15 12:15:44 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-15 12:15
.
Pre-Run: 273,967,538,176 bytes free
Post-Run: 273,268,248,576 bytes free
.
- - End Of File - - 30FBB71252ADE2889CCA7BB04A3C53E4
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby Cypher » March 15th, 2014, 10:55 am

Hi,
Good work so far.
How are things now, still having problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 11:26 am

hi Cypher,

ComboFix 14-03-13.01 - jonny 15/03/2014 15:12:40.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4084.2215 [GMT 0:00]
Running from: c:\users\jonny\Desktop\ComboFix.exe
Command switches used :: c:\users\jonny\Desktop\CFScript.txt.txt
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 )))))))))))))))))))))))))))))))
.
.
2014-03-15 00:49 . 2014-03-15 01:04 -------- d-----w- C:\zoek_backup
2014-03-15 00:35 . 2014-03-15 00:35 -------- d-----w- C:\RegBackup
2014-03-15 00:34 . 2014-03-15 00:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-03-14 08:26 . 2014-03-14 08:26 -------- d-----w- c:\users\jonny\AppData\Roaming\WinPatrol
2014-03-13 03:01 . 2014-03-13 03:01 -------- d-----w- C:\5d3d483894a5a06d45a4781d6054
2014-03-12 23:09 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 23:09 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 23:09 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 23:09 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 23:09 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 23:09 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 23:05 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 23:05 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 22:23 . 2014-03-12 22:24 -------- d-----w- c:\users\jonny\Marvel.Agents.Of.SHIELD.S01E15.Yes.Men.720p.WEB-DL.DD5.1.H.264-ECI [PublicHD]
2014-03-12 22:23 . 2014-03-12 22:37 -------- d-----w- c:\users\jonny\The.Originals.S01E16.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-11 20:32 . 2014-03-11 20:32 27136 ----a-w- c:\windows\system32\bddel.exe
2014-03-11 20:29 . 2014-03-13 02:57 -------- d-----w- c:\program files (x86)\iTunes
2014-03-11 20:29 . 2014-03-13 02:57 -------- d-----w- c:\program files\iTunes
2014-03-11 20:29 . 2014-03-11 20:29 -------- d-----w- c:\program files\iPod
2014-03-11 20:28 . 2014-03-13 02:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-11 20:27 . 2014-03-11 20:27 -------- d-----w- c:\program files (x86)\Investintech.com Inc
2014-03-11 20:27 . 2014-03-13 02:57 -------- d-----w- c:\program files (x86)\Free FLV Converter
2014-03-11 20:00 . 2014-03-12 22:47 -------- d-----w- c:\users\jonny\Avengers.Confidential.Black.Widow.And.Punisher.2014.HDRip.h264.AAC-RARBG
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-11 19:59 . 2014-03-11 19:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-11 19:59 . 2014-03-11 19:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-11 19:58 . 2014-03-13 02:57 -------- d-----w- c:\program files (x86)\QuickTime
2014-03-10 20:43 . 2014-03-13 02:57 -------- d-----w- c:\users\jonny\BackroomCastingCouch.14.03.10.Carlynn.XXX.720p.MP4-KTR[rarbg]
2014-03-10 20:29 . 2014-03-13 02:57 -------- d-----w- c:\users\jonny\The.Mentalist.S06E13.720p.HDTV.X264-DIMENSION[rarbg]
2014-03-09 22:40 . 2014-03-13 02:57 -------- d-----w- c:\users\jonny\Black.Sails.S01E07.720p.HDTV.x264-KILLERS[rarbg]
2014-03-08 08:48 . 2014-03-08 08:48 -------- d-----w- c:\users\jonny\Casting Couch X - Belle Knox HD 1080p
2014-03-01 20:14 . 2014-03-14 08:15 -------- d-----r- c:\users\jonny\Dropbox
2014-03-01 20:11 . 2014-03-14 08:15 -------- d-----w- c:\users\jonny\AppData\Roaming\Dropbox
2014-02-25 23:24 . 2014-02-25 23:24 -------- d-----w- c:\windows\Migration
2014-02-21 10:59 . 2014-02-21 11:19 -------- d-----w- c:\users\jonny\The Commitments_1991_dvdrip_xvid-Ekolb
2014-02-14 19:55 . 2014-02-14 20:04 -------- d-----w- c:\users\jonny\Someone.Marry.Barry.2014 HDRip XViD juggs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 22:34 . 2012-04-01 08:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 22:34 . 2011-05-15 10:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:51 . 2010-11-05 17:38 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-12-24 23:09 . 2014-02-12 22:40 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 22:40 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-13 01:05 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-13 01:05 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DC7CE5D0-3608-4FD0-8853-D5822E02135D}]
2014-02-25 14:24 116344 ----a-w- c:\program files (x86)\Free FLV Converter\FreeFLVConverter.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe /startup [2012-2-23 1927120]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2012-2-23 206128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FreeFLVConverterUpdt;FreeFLVConverterUpdt;c:\program files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe;c:\program files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:34]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 21:23]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 21:23]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001Core1cce1305b2f9fc.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2127497714-811344910-2215721089-1001UA1cce130874bc61.job
- c:\users\jonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC7CE5D0-3608-4FD0-8853-D5822E02135D}]
2014-02-25 14:24 137848 ----a-w- c:\program files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-04-24 19:59 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-06 1091200]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://google.co.uk/
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Trojan Killer - c:\program files (x86)\GridinSoft Trojan Killer\trojankiller.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1 - c:\program files (x86)\Wondershare\Data Recovery\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-15 15:21:59
ComboFix-quarantined-files.txt 2014-03-15 15:21
ComboFix2.txt 2014-03-15 12:15
.
Pre-Run: 269,089,058,816 bytes free
Post-Run: 268,976,852,992 bytes free
.
- - End Of File - - CF2458ECFAFB4A508AA2A3165852AC15
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm

Re: i think i have malware

Unread postby Cypher » March 15th, 2014, 11:30 am

Hi,
How are things now, still having problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: i think i have malware

Unread postby therumdude » March 15th, 2014, 11:46 am

all seems to be good now. thanks for your help.
therumdude
Active Member
 
Posts: 10
Joined: March 13th, 2014, 9:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware