------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-06-2013 01
Ran by Owner (administrator) on 17-06-2013 07:16:14
Running from C:\Users\Owner\Downloads
Windows Vista (TM) Ultimate Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(National Instruments Corporation) C:\Windows\system32\nisvcloc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(WebCake LLC) C:\Program Files\WebCake\WebCakeDesktop.Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AVG Secure Search) C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Microsoft Money\System\mnyexpr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(WebCake LLC) C:\Users\Owner\AppData\Roaming\WebCake\WebCakeDesktop.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(National Instruments Corporation) C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\HidFind.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [151552 2006-09-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-02-26] (CyberLink Corp.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [295512 2013-03-29] (RealNetworks, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-06-10] (AVG Secure Search)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation)
HKCU\...\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" [200704 2003-06-18] (Microsoft Corp.)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [WebCake Desktop] "C:\Users\Owner\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-07] (WebCake LLC)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Owner\AppData\Local\Temp\swceyqr\spfnqoo\wow.dll ATTENTION! ====> ZeroAccess
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={A3848765-2D63-4F79-BE2B-4F40BE4F2999}&mid=7fe58b6cc28f47d0b0d9d15c83dbf598-5e4a85687f9bf032fcdead5aee0dd3ce0ab580d9&lang=en&ds=AVG&pr=fr&d=2012-10-01 17:45:43&v=12.2.5.34&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://208.85.206.67/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://208.86.38.180/kxhcm10.ocx
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://204.14.142.236/JpegInst.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DEB50B04-2723-4E8B-8125-F336CEDA40F1} http://173.8.163.20/videoinsight4/utili ... lient4.CAB
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://206.128.122.196/MpegInst.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: msdaipp - No CLSID Value -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24216] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=1193 ... 15C53F1C6B
CHR RestoreOnStartup: "hxxp://www.bing.com/"
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Delta Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (WebCake) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
========================== Services (Whitelisted) =================
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [390424 2007-07-20] (Dell Inc.)
R2 niLXIDiscovery; C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [131704 2009-03-05] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [193648 2009-12-01] (National Instruments Corporation)
R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-06-10] (AVG Secure Search)
R2 WebCake Desktop Updater; C:\Users\Owner\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-07] (WebCake LLC)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-10] (AVG Technologies)
R2 CommSB96; C:\Windows\System32\Drivers\CommSB96.sys [24776 2005-10-07] (Motorola)
R2 CommSBEP; C:\Windows\System32\Drivers\CommSBEP.sys [44236 2005-10-07] (Motorola)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2011-09-21] (CPUID)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-05-31] (FTDI Ltd.)
S3 fudally; C:\Windows\System32\drivers\fudally.sys [12928 2012-10-24] (Motorola, Inc.)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [11344 2009-06-14] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [11904 2010-01-10] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [597592 2010-01-10] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [11896 2010-01-10] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [15448 2009-07-07] (National Instruments Corporation)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-17 07:15 - 2013-06-17 07:15 - 00000000 ____D C:\FRST
2013-06-17 07:14 - 2013-06-17 07:14 - 01365333 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-16 09:50 - 2013-06-16 09:50 - 00000000 ____D C:\_OTL
2013-06-16 09:42 - 2013-06-16 09:42 - 00000113 ____A C:\Users\Owner\Desktop\White Trader.url
2013-06-16 09:31 - 2013-06-16 10:08 - 00005011 ____A C:\Users\Owner\Desktop\OTL_custom scan_fix.txt
2013-06-16 09:19 - 2013-06-16 09:22 - 00000000 ____D C:\Malware-Virus_stuff
2013-06-16 00:43 - 2013-06-16 00:44 - 02218636 ____A C:\Users\Owner\Downloads\tdsskiller.zip
2013-06-16 00:18 - 2013-06-17 00:58 - 00000005 ____A C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-06-15 07:26 - 2013-06-15 07:55 - 00024124 ____A C:\Users\Owner\Downloads\SystemLook.txt
2013-06-15 07:25 - 2013-06-15 07:25 - 00075264 ____A C:\Users\Owner\Downloads\SystemLook.exe
2013-06-15 07:21 - 2013-06-15 07:24 - 00064204 ____A C:\Users\Owner\Downloads\Extras.Txt
2013-06-15 07:20 - 2013-06-15 07:24 - 00100454 ____A C:\Users\Owner\Downloads\OTL.Txt
2013-06-14 17:42 - 2013-06-14 17:42 - 00648201 ____A C:\Users\Owner\Downloads\adwcleaner.exe
2013-06-14 17:39 - 2013-06-14 17:39 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DELL-D620-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
2013-06-14 17:37 - 2013-06-14 17:37 - 00000000 ____D C:\RegBackup
2013-06-14 17:33 - 2013-06-14 17:33 - 00000000 ____D C:\Program Files\Tweaking.com
2013-06-14 17:30 - 2013-06-14 17:30 - 03858143 ____A C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2013-06-12 20:28 - 2013-06-12 20:28 - 00791393 ____A (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2013-06-12 20:28 - 2013-06-12 20:28 - 00000714 ____A C:\Users\Owner\Desktop\ERUNT.lnk
2013-06-12 20:28 - 2013-06-12 20:28 - 00000000 ____D C:\Program Files\ERUNT
2013-06-12 19:53 - 2013-06-12 19:53 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-06-12 19:52 - 2013-06-12 19:52 - 00688992 ____A (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-12 03:03 - 2013-05-16 16:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 03:03 - 2013-05-16 15:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 03:03 - 2013-05-16 15:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 03:03 - 2013-05-16 15:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 03:03 - 2013-05-16 15:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 03:03 - 2013-05-16 15:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 03:03 - 2013-05-16 15:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 03:03 - 2013-05-16 15:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 03:03 - 2013-05-16 15:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 03:03 - 2013-05-16 15:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 03:03 - 2013-05-16 15:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 03:03 - 2013-05-16 15:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 03:03 - 2013-05-16 15:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 03:03 - 2013-05-16 15:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 03:03 - 2013-05-16 15:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 03:03 - 2013-05-16 15:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 21:57 - 2013-05-07 21:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:57 - 2013-05-01 21:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:57 - 2013-05-01 21:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-11 21:57 - 2013-04-23 21:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:57 - 2013-04-23 21:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:57 - 2013-04-23 21:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:57 - 2013-04-23 21:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:57 - 2013-04-23 18:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:56 - 2013-05-02 15:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-11 21:56 - 2013-05-02 15:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 21:56 - 2013-04-17 05:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-10 22:42 - 2013-06-11 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-10 21:51 - 2013-06-17 06:58 - 00000286 ____A C:\Windows\Tasks\DSite.job
2013-06-10 21:51 - 2013-06-10 21:52 - 00001137 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK
2013-06-10 21:51 - 2013-06-10 21:51 - 00000000 ____D C:\Windows\System32\Drivers\NSS
2013-06-10 21:51 - 2013-06-10 21:51 - 00000000 ____D C:\Program Files\Norton Security Scan
2013-06-10 21:34 - 2013-06-10 21:34 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
2013-06-10 21:31 - 2013-06-10 21:31 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-10 21:31 - 2013-06-10 21:31 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-10 20:46 - 2013-06-10 20:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-10 20:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-10 20:45 - 2013-06-10 20:45 - 00000282 ____A C:\Windows\Tasks\EPUpdater.job
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WebCake
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BabSolution
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Program Files\WebCake
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Program Files\Delta
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Delta
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Babylon
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\ProgramData\Babylon
2013-06-10 20:39 - 2013-06-10 20:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Zip Opener Packages
2013-06-10 20:39 - 2013-06-10 20:39 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-10 20:38 - 2013-06-10 21:51 - 00000000 ____D C:\ProgramData\Norton
2013-06-10 20:38 - 2013-06-10 20:38 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-06-10 20:38 - 2013-06-10 20:38 - 00000000 ____D C:\ProgramData\Symantec
2013-06-10 20:38 - 2013-06-10 20:38 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-10 20:38 - 2013-06-10 20:38 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-06-10 20:37 - 2013-06-10 20:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DSite
2013-06-09 15:32 - 2013-06-09 15:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-09 14:14 - 2013-06-09 14:14 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2013-06-06 10:20 - 2013-06-06 10:20 - 00001501 ____A C:\Users\Owner\Desktop\carla2_cdm750_450.cpg
2013-06-06 10:20 - 2013-06-06 10:20 - 00000000 ____A C:\Users\Owner\Desktop\carla2_cdm750_450.cpglog
2013-06-05 18:30 - 2013-06-05 18:30 - 00000000 ____D C:\Users\Owner\Documents\Kenwood
2013-06-05 18:28 - 2013-06-05 18:28 - 00000000 ____D C:\Program Files\Kenwood
2013-06-05 18:27 - 2013-06-05 18:27 - 03565874 ____A C:\Users\Owner\Downloads\M2A321.zip
2013-06-04 08:43 - 2013-06-04 08:45 - 00000000 ____D C:\Users\Owner\Desktop\sort more pix
2013-05-28 12:26 - 2013-05-28 12:26 - 00000000 ____D C:\ProgramData\Licenses
2013-05-28 11:33 - 2008-01-02 16:33 - 00172032 ____A (Intel Corporation) C:\Windows\System32\igfxres.dll
2013-05-28 11:22 - 2013-05-28 11:47 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
==================== One Month Modified Files and Folders ========
2013-06-17 07:15 - 2013-06-17 07:15 - 00000000 ____D C:\FRST
2013-06-17 07:14 - 2013-06-17 07:14 - 01365333 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-17 07:01 - 2012-08-13 20:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-17 06:58 - 2013-06-10 21:51 - 00000286 ____A C:\Windows\Tasks\DSite.job
2013-06-17 06:57 - 2006-11-02 05:51 - 01185440 ____A C:\Windows\WindowsUpdate.log
2013-06-17 06:56 - 2012-08-07 23:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 01:01 - 2012-08-13 20:12 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-17 00:58 - 2013-06-16 00:18 - 00000005 ____A C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-06-17 00:28 - 2006-11-02 05:46 - 00003648 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 00:28 - 2006-11-02 05:46 - 00003648 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 20:36 - 2012-12-23 13:38 - 00000000 ____D C:\Program Files\MyDVR
2013-06-16 20:22 - 2013-04-27 13:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-06-16 12:35 - 2006-11-02 03:33 - 00759910 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 12:30 - 2013-04-27 13:29 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-06-16 12:28 - 2006-11-02 06:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 12:27 - 2006-11-02 06:00 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 10:08 - 2013-06-16 09:31 - 00005011 ____A C:\Users\Owner\Desktop\OTL_custom scan_fix.txt
2013-06-16 09:50 - 2013-06-16 09:50 - 00000000 ____D C:\_OTL
2013-06-16 09:42 - 2013-06-16 09:42 - 00000113 ____A C:\Users\Owner\Desktop\White Trader.url
2013-06-16 09:30 - 2012-11-13 07:58 - 00000000 ____D C:\Program Files\Java
2013-06-16 09:30 - 2012-11-13 07:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-16 09:28 - 2012-07-12 21:07 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-16 09:22 - 2013-06-16 09:19 - 00000000 ____D C:\Malware-Virus_stuff
2013-06-16 01:01 - 2012-09-07 09:37 - 00000600 ____A C:\Users\Owner\AppData\Local\PUTTY.RND
2013-06-16 00:44 - 2013-06-16 00:43 - 02218636 ____A C:\Users\Owner\Downloads\tdsskiller.zip
2013-06-15 07:55 - 2013-06-15 07:26 - 00024124 ____A C:\Users\Owner\Downloads\SystemLook.txt
2013-06-15 07:25 - 2013-06-15 07:25 - 00075264 ____A C:\Users\Owner\Downloads\SystemLook.exe
2013-06-15 07:24 - 2013-06-15 07:21 - 00064204 ____A C:\Users\Owner\Downloads\Extras.Txt
2013-06-15 07:24 - 2013-06-15 07:20 - 00100454 ____A C:\Users\Owner\Downloads\OTL.Txt
2013-06-14 17:42 - 2013-06-14 17:42 - 00648201 ____A C:\Users\Owner\Downloads\adwcleaner.exe
2013-06-14 17:39 - 2013-06-14 17:39 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DELL-D620-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
2013-06-14 17:37 - 2013-06-14 17:37 - 00000000 ____D C:\RegBackup
2013-06-14 17:33 - 2013-06-14 17:33 - 00000000 ____D C:\Program Files\Tweaking.com
2013-06-14 17:30 - 2013-06-14 17:30 - 03858143 ____A C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2013-06-13 22:29 - 2012-08-21 09:43 - 06066176 ____A C:\Users\Owner\Documents\2003.mny
2013-06-13 22:29 - 2012-08-20 21:27 - 06068040 ___RA C:\Users\Owner\Documents\2012 Backup.mbf
2013-06-13 13:08 - 2013-03-31 15:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileZilla
2013-06-12 20:28 - 2013-06-12 20:28 - 00791393 ____A (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2013-06-12 20:28 - 2013-06-12 20:28 - 00000714 ____A C:\Users\Owner\Desktop\ERUNT.lnk
2013-06-12 20:28 - 2013-06-12 20:28 - 00000000 ____D C:\Program Files\ERUNT
2013-06-12 20:25 - 2012-08-20 22:10 - 00049152 ____A C:\Users\Owner\Documents\Account info.xls
2013-06-12 19:53 - 2013-06-12 19:53 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-06-12 19:52 - 2013-06-12 19:52 - 00688992 ____A (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-12 03:39 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2013-06-12 03:05 - 2012-08-30 07:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 03:01 - 2006-11-02 03:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:21 - 2012-08-07 23:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:21 - 2012-08-07 23:50 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 21:39 - 2013-06-10 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-11 08:20 - 2012-07-12 22:10 - 00025794 ____A C:\Windows\PFRO.log
2013-06-10 21:52 - 2013-06-10 21:51 - 00001137 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK
2013-06-10 21:51 - 2013-06-10 21:51 - 00000000 ____D C:\Windows\System32\Drivers\NSS
2013-06-10 21:51 - 2013-06-10 21:51 - 00000000 ____D C:\Program Files\Norton Security Scan
2013-06-10 21:51 - 2013-06-10 20:38 - 00000000 ____D C:\ProgramData\Norton
2013-06-10 21:34 - 2013-06-10 21:34 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
2013-06-10 21:31 - 2013-06-10 21:31 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-10 21:31 - 2013-06-10 21:31 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-10 20:46 - 2013-06-10 20:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-10 20:45 - 2013-06-10 20:45 - 00000282 ____A C:\Windows\Tasks\EPUpdater.job
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WebCake
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BabSolution
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Program Files\WebCake
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-10 20:45 - 2013-06-10 20:45 - 00000000 ____D C:\Program Files\Delta
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Delta
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Babylon
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\ProgramData\Babylon
2013-06-10 20:39 - 2013-06-10 20:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Zip Opener Packages
2013-06-10 20:39 - 2013-06-10 20:39 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-10 20:38 - 2013-06-10 20:38 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-06-10 20:38 - 2013-06-10 20:38 - 00000000 ____D C:\ProgramData\Symantec
2013-06-10 20:38 - 2013-06-10 20:38 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-10 20:38 - 2013-06-10 20:38 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-06-10 20:37 - 2013-06-10 20:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DSite
2013-06-10 19:32 - 2012-08-20 22:56 - 00000000 ____D C:\Users\Owner\Documents\CARLA
2013-06-09 15:33 - 2013-06-09 15:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-09 14:14 - 2013-06-09 14:14 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2013-06-06 10:20 - 2013-06-06 10:20 - 00001501 ____A C:\Users\Owner\Desktop\carla2_cdm750_450.cpg
2013-06-06 10:20 - 2013-06-06 10:20 - 00000000 ____A C:\Users\Owner\Desktop\carla2_cdm750_450.cpglog
2013-06-06 10:01 - 2012-08-21 09:28 - 00008642 ____A C:\Windows\setupact.log
2013-06-05 18:30 - 2013-06-05 18:30 - 00000000 ____D C:\Users\Owner\Documents\Kenwood
2013-06-05 18:28 - 2013-06-05 18:28 - 00000000 ____D C:\Program Files\Kenwood
2013-06-05 18:28 - 2012-07-12 09:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-05 18:27 - 2013-06-05 18:27 - 03565874 ____A C:\Users\Owner\Downloads\M2A321.zip
2013-06-04 08:45 - 2013-06-04 08:43 - 00000000 ____D C:\Users\Owner\Desktop\sort more pix
2013-05-28 19:59 - 2006-11-02 05:46 - 00372832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-28 13:01 - 2012-10-02 22:51 - 00005892 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2013-05-28 12:26 - 2013-05-28 12:26 - 00000000 ____D C:\ProgramData\Licenses
2013-05-28 12:26 - 2012-07-12 15:36 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-05-28 11:47 - 2013-05-28 11:22 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
Files to move or delete:
====================
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Users\Owner\Application Data\skype.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-17 00:36
==================== End Of Log ============================