# PC sometimes doesnt start up and easily crashes when sending files to usb etc



## dawudbryant (Sep 12, 2013)

Hi, My pc has been playing up for a while now. It sometimes wont start up and takes for me to reboot it or take some other action to get it to start. Im going to download the programs you mentioned then i will post the logs, please help me with this. Thanks alot

D


----------



## dawudbryant (Sep 12, 2013)

Heres the hijackthis scan log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:21:46, on 22/09/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\Intel\IntelAppStore\bin\AppUp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CodecC - {FE7CCF3D-B190-4038-9A3E-C0B50979D48E} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O3 - Toolbar: OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk"
O4 - HKLM\..\Run: [Intel AppUp(SM) center_Nagware] "C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [OurBabymaker Search Scope Monitor] "C:\PROGRA~1\OURBAB~2\bar\1.bin\27srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~2\Datamngr\DATAMN~2.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-560286956-321209922-1175365262-1000\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler (User '?')
O4 - HKUS\S-1-5-21-560286956-321209922-1175365262-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-560286956-321209922-1175365262-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - S-1-5-21-560286956-321209922-1175365262-1000 Startup: Dropbox.lnk = C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - S-1-5-21-560286956-321209922-1175365262-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: Dropbox.lnk = C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~2\Datamngr\mgrldr.dll 
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OurBabymakerService (OurBabyMaker_27Service) - COMPANYVERS_NAME - C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe
O23 - Service: QuestScan Service - Unknown owner - C:\ProgramData\QuestScan\questscan177.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - c:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - c:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 14467 bytes


----------



## dawudbryant (Sep 12, 2013)

DDS scan log 1

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Agatha Christie Bundle - 3 in 1
Amanda Rose - The Game of Time
Amazon MP3 Downloader 1.0.17
Antimalware Doctor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astroslugs
AVG 2013
AVG Security Toolbar
Azkend
Big Fish Games: Game Manager
Bonjour
Born Into Darkness
Bricks of Camelot
Broken Sword
Broken Sword - The Angel of Death
Byki
Byki Express
Campfire Legends Double Pack
CCleaner
CodecC
Compatibility Pack for the 2007 Office system
Criminal Minds
D3DX10
Deep Blue Sea 2 - The Amulet of Light
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Laser Printer 1110 Software Uninstall
DivX Setup
Dream Chronicles(R) Trilogy 1 Bundle
Dropbox
Empress of the Deep - The Darkest Secret
Empress of the Deep 2 - Song of the Blue Whale
Escape from Thunder Island
Exorcist
Farm Frenzy 3 - Madagascar
Feeding Frenzy 2 Shipwreck Showdown
Feeding Frenzy Deluxe 5.7.18.1
Fiction Fixers - The Curse of Oz
FREEzeFrog
Gold Fever
Golden Trails - The New Western Rush
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Grim Tales: The Bride
Hotel Mahjong Deluxe
iLivid
Inspector Magnusson - Murder on the Titanic
Intel AppUp(SM) center
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Jane Angel - Templar Mystery
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
LandGrabbers
Letters from Nowhere
Letters from Nowhere 2
Letters from Nowhere Double Pack
Logic3 12-button with vibration (Ver. 3.0)
LUXOR 5th Passage
Max and Claire - Vocabulary
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mind's Eye - Secrets of the Forgotten
MobileMe Control Panel
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Nat Geo Games Lost Chronicles - Salem
NewPepper for Open University v0.1.3
Nightmare on the Pacific
Norton Security Scan
Nuance PDF Reader
NVIDIA Drivers
Our Worst Fears - Stained Skin
OurBabymaker
Paige Harper and the Tome of Mystery
Penny Dreadfuls(TM) Sweeney Todd
Penny Dreadfuls Sweeney Todd
Phantasmat
PowerDVD DX
Princess Isabella - A Witch's Curse
QuestScan 1.0 build 177 powered by FIRST SEARCH BAR
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
RealUpgrade 1.1
Robinson Crusoe and the Cursed Pirates
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Royal Trouble
Search-Results Toolbar
Searchqu Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
SKIP-BO Castaway Caper(TM)
Skype Click to Call
Skype 5.10
SopCast 3.3.2
Spy Sweeper Core
The Hadith Software Version 1.0
The Scruffs
The Seawise Chronicles - Untamed Legacy
The Tiny Bang Story
Torch
Trend Micro Internet Security
Unexpected Journey
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vampire Saga - Welcome to Hell Lock
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
Victorian Mysteries - Woman in White
Viewer Setup
VLC media player 1.0.1
Webroot AntiVirus with Spy Sweeper
Wedding Salon
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 beta 4 (32-bit)
Wisegal
Women's Murder Club - Triple Crime Pack
World's Greatest Places Mahjong
.
==== End Of File ===========================


----------



## dawudbryant (Sep 12, 2013)

DDS scan log 2

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16446
Run by Dawud and Saarah at 6:26:05 on 2013-09-22
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
FW: Webroot AntiVirus with Spy Sweeper *Disabled* {0238B277-0F92-56C4-F418-841859762D46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe
C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\Intel\IntelAppStore\bin\AppUp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uURLSearchHooks: <No Name>: {edd4f682-e67a-4175-bb45-c4066da2f7d9} - c:\program files\ourbabymaker_27\bar\1.bin\27SrcAs.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - c:\program files\search results toolbar\datamngr\srtool~1\searchresultsDx.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Toolbar BHO: {588b75f1-89a0-4956-bd69-3f6e90394909} - c:\program files\ourbabymaker_27\bar\1.bin\27bar.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Search Assistant BHO: {825b4dd6-b751-4d90-802a-eae6754c1c7e} - c:\program files\ourbabymaker_27\bar\1.bin\27SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FE7CCF3D-B190-4038-9A3E-C0B50979D48E} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: OurBabymaker: {e0b0df9f-34a3-4db1-becc-621697348607} - c:\program files\ourbabymaker_27\bar\1.bin\27bar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - c:\program files\search results toolbar\datamngr\srtool~1\searchresultsDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\programdata\flexnet\connect\11\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\ismagent.lnk"
mRun: [Intel AppUp(SM) center_Nagware] "c:\program files\intel\intelappstore\bin\AppUp.lnk"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [OurBabymaker Search Scope Monitor] "c:\progra~1\ourbab~2\bar\1.bin\27srchmn.exe" /m=2 /w /h
mRun: [DATAMNGR] c:\progra~1\search~2\datamngr\DATAMN~2.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\users\dawuda~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dawud and saarah\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\dawuda~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{771CB805-E52A-47F7-B497-7EABB900DA82} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\wincert\win32c~1.dll c:\progra~1\search~2\datamngr\mgrldr.dll 
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dawud and saarah\appdata\roaming\mozilla\firefox\profiles\53dncfct.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0233376304414755&o=APN10645&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101714.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intelappstore\bin\npAppUp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\ourbabymaker_27\bar\1.bin\NP27Stub.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-09-09 22:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-06 08:48:45 -------- d-----w- c:\programdata\TorchCrashHandler
2013-09-05 14:04:02 209272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-09-04 22:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
==================== Find3M ====================
.
2013-09-20 12:25:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:25:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-28 10:06:54 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-19 22:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 22:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 22:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 22:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 6:27:33.14 ===============


----------



## dawudbryant (Sep 12, 2013)

GMER log

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-22 06:44:37
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465.76GB
Running: d4u74i0b.exe; Driver: C:\Users\DAWUDA~1\AppData\Local\Temp\ugdyrkoc.sys

---- System - GMER 2.1 ----

SSDT 85F97B70 ZwAllocateVirtualMemory
SSDT 886C5100 ZwCreateKey
SSDT 886C6440 ZwCreateMutant
SSDT 886C4340 ZwCreateProcess
SSDT 886C4600 ZwCreateProcessEx
SSDT 886C5F60 ZwCreateThread
SSDT 886C6100 ZwCreateThreadEx
SSDT 886C48C0 ZwCreateUserProcess
SSDT 886C5680 ZwDeleteKey
SSDT 886C5940 ZwDeleteValueKey
SSDT 886C62A0 ZwLoadDriver
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8E52F5D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8E52F700]
SSDT 886C4B80 ZwOpenProcess
SSDT 85F97BE8 ZwQueueApcThread
SSDT 85F97A80 ZwReadVirtualMemory
SSDT 85F97CD8 ZwSetContextThread
SSDT 8886D758 ZwSetDefaultHardErrorPort
SSDT 85F97F30 ZwSetInformationProcess
SSDT 85F97D50 ZwSetInformationThread
SSDT 886C65E0 ZwSetSystemInformation
SSDT 886C53C0 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8E52F300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8E52F3E0]
SSDT 886C4E40 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8E52F210]
SSDT 886C5DC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83046599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8306B092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8307288C 4 Bytes [70, 7B, F9, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 83072958 4 Bytes [00, 51, 6C, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 83072968 4 Bytes [40, 64, 6C, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C  8307297C 8 Bytes [40, 43, 6C, 88, 00, 46, 6C, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 8307299C 8 Bytes [60, 5F, 6C, 88, 00, 61, 6C, ...]
.text ... 
? C:\Users\DAWUDA~1\AppData\Local\Temp\mbr.sys The system cannot find the path specified. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateFile + 6 774646B6 4 Bytes [28, 70, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateFile + B 774646BB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateKey + 6 774646F6 4 Bytes [68, 71, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateKey + B 774646FB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateMutant + 6 77464736 4 Bytes [68, 72, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateMutant + B 7746473B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateSection + 6 774647D6 4 Bytes [A8, 72, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtCreateSection + B 774647DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtMapViewOfSection + B 77464D1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenFile + 6 77464DC6 4 Bytes [68, 70, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenFile + B 77464DCB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenKey + 6 77464DF6 4 Bytes [A8, 71, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenKey + B 77464DFB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenKeyEx + B 77464E0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenMutant + 6 77464E46 4 Bytes [28, 72, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenMutant + B 77464E4B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenProcess + 6 77464E76 4 Bytes [68, 73, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenProcess + B 77464E7B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenProcessToken + 6 77464E86 4 Bytes [A8, 73, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenProcessToken + B 77464E8B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenProcessTokenEx + 6 77464E96 4 Bytes [68, 74, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenProcessTokenEx + B 77464E9B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenSection + B 77464EBB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenThread + 6 77464EF6 4 Bytes [28, 73, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenThread + B 77464EFB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenThreadToken + 6 77464F06 4 Bytes [28, 74, 07, 00] {SUB [EDI+EAX+0x0], DH}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenThreadToken + B 77464F0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenThreadTokenEx + 6 77464F16 4 Bytes [A8, 74, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtOpenThreadTokenEx + B 77464F1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtQueryAttributesFile + 6 77465026 4 Bytes [A8, 70, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtQueryAttributesFile + B 7746502B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtQueryFullAttributesFile + B 774650DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtSetInformationFile + 6 77465726 4 Bytes [28, 71, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtSetInformationFile + B 7746572B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtSetInformationThread + B 7746578B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtUnmapViewOfSection + 6 77465AA6 4 Bytes [28, 75, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ntdll.dll!NtUnmapViewOfSection + B 77465AAB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] kernel32.dll!CreateProcessW 765B202D 5 Bytes JMP 00080030 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] kernel32.dll!CreateProcessA 765B2062 5 Bytes JMP 00080070 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SelectObject 760F61D0 5 Bytes JMP 002305F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetTextColor 760F6622 5 Bytes JMP 00230A30 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetBkMode 760F66CD 5 Bytes JMP 002308F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!DeleteObject 760F68B4 5 Bytes JMP 002301B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!DeleteDC 760F6A2C 5 Bytes JMP 00230170 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!ExtSelectClipRgn 760F6C72 5 Bytes JMP 002302F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SelectClipRgn 760F6D84 5 Bytes JMP 002305B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetDeviceCaps 760F6E03 5 Bytes JMP 002303B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetStretchBltMode 760F73CE 5 Bytes JMP 002306B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetCurrentObject 760F777C 5 Bytes JMP 00230370 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextMetricsW 760F798F 5 Bytes JMP 00230E30 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!IntersectClipRect 760F7CCA 5 Bytes JMP 002303F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextAlign 760F7D15 5 Bytes JMP 00230D70 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetTextAlign 760F7F92 5 Bytes JMP 002309F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!ExtTextOutW 760F8053 5 Bytes JMP 00230970 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetClipBox 760F81F2 5 Bytes JMP 00230330 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!MoveToEx 760F8A16 5 Bytes JMP 00230470 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!CreateDCA 760F9975 5 Bytes JMP 002300B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!RestoreDC 760F9A10 5 Bytes JMP 00230530 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SaveDC 760F9AD2 5 Bytes JMP 00230570 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!StretchDIBits 760FAC38 5 Bytes JMP 00230770 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextFaceW 760FB4CC 5 Bytes JMP 00230D30 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextExtentPoint32W 760FB535 5 Bytes JMP 00230670 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetFontData 760FB8E8 5 Bytes JMP 00230C70 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!CreateDCW 760FBD21 5 Bytes JMP 002300F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!CreateICW 760FC660 5 Bytes JMP 00230130 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!LineTo 760FCA20 5 Bytes JMP 00230430 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetWorldTransform 760FCB42 5 Bytes JMP 002306F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextMetricsA 760FCE46 5 Bytes JMP 00230DF0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!Rectangle 760FF5BE 5 Bytes JMP 002309B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetICMMode 760FF8D4 5 Bytes JMP 00230DB0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!ExtTextOutA 76100158 5 Bytes JMP 00230930 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextExtentPoint32A 761008BB 5 Bytes JMP 00230630 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!Escape 76100B0D 5 Bytes JMP 00230270 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!ExtEscape 76103472 5 Bytes JMP 002302B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetTextFaceA 76103E49 5 Bytes JMP 00230CF0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetPolyFillMode 76106CE1 5 Bytes JMP 00230B30 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SetMiterLimit 76106E54 5 Bytes JMP 00230B70 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!ResetDCW 7611031C 5 Bytes JMP 00230AB0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!EndPage 761107CD 5 Bytes JMP 00230230 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!GetGlyphOutlineW 7611C292 5 Bytes JMP 00230CB0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!CreateScalableFontResourceW 7611E8EF 5 Bytes JMP 00230BB0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!AddFontResourceW 7611ECEB 5 Bytes JMP 00230BF0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!RemoveFontResourceW 7611F1E1 5 Bytes JMP 00230C30 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!AbortDoc 76124D37 5 Bytes JMP 00230030 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!EndDoc 7612517E 5 Bytes JMP 002301F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!StartPage 76125269 5 Bytes JMP 00230730 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!StartDocW 76125BB6 5 Bytes JMP 002307F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!BeginPath 7612635D 5 Bytes JMP 00230830 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!SelectClipPath 761263B4 5 Bytes JMP 00230AF0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!CloseFigure 7612640F 5 Bytes JMP 00230070 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!EndPath 76126466 5 Bytes JMP 00230A70 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!StrokePath 76126699 5 Bytes JMP 002307B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!FillPath 76126726 5 Bytes JMP 00230870 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!PolylineTo 76126B94 5 Bytes JMP 002304F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!PolyBezierTo 76126C25 5 Bytes JMP 002304B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] GDI32.dll!PolyDraw 76126CD7 5 Bytes JMP 002308B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!ActivateKeyboardLayout 7676817D 5 Bytes JMP 002404F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!ScreenToClient 7676C1F2 7 Bytes JMP 00240670 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!RegisterClipboardFormatA 7676E6B1 5 Bytes JMP 002402F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!RegisterClipboardFormatW 7676EDFD 5 Bytes JMP 002402B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!SetCursor 767752EA 5 Bytes JMP 00240530 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!MonitorFromWindow 7677590A 7 Bytes JMP 00240630 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!PostMessageW 76776225 5 Bytes JMP 002405F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!IsWindowVisible 76776939 7 Bytes JMP 002406B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClientRect 767774B1 7 Bytes JMP 002405B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!MapWindowPoints 76777915 5 Bytes JMP 00240570 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetParent 76777AB3 7 Bytes JMP 002406F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!SetClipboardData 76784979 5 Bytes JMP 00240170 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!EmptyClipboard 76784A28 5 Bytes JMP 00240130 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClipboardData 76784B47 5 Bytes JMP 00240030 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!EnumClipboardFormats 76784D98 5 Bytes JMP 002401B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClipboardFormatNameW 76787EB2 5 Bytes JMP 00240230 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!SetClipboardViewer 76788F4D 5 Bytes JMP 002404B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClipboardFormatNameA 76788F61 5 Bytes JMP 00240270 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetOpenClipboardWindow 7678902F 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetOpenClipboardWindow 7678902F 5 Bytes JMP 002403F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!ChangeClipboardChain 76793425 5 Bytes JMP 00240430 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetTopWindow 76793A5D 7 Bytes JMP 00240730 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!CloseClipboard 76795BA7 5 Bytes JMP 002400B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!OpenClipboard 76795BB9 5 Bytes JMP 00240070 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!IsClipboardFormatAvailable 76795C3A 5 Bytes JMP 002400F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClipboardSequenceNumber 76795C4E 5 Bytes JMP 00240330 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClipboardOwner 76795C60 5 Bytes JMP 00240370 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!CountClipboardFormats 76795DC9 5 Bytes JMP 002401F0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!SetCursorPos 767AC1D8 5 Bytes JMP 00240770 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetClipboardViewer 767C4B57 5 Bytes JMP 00240470 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] USER32.dll!GetPriorityClipboardFormat 767C4C59 5 Bytes JMP 002403B0 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ole32.dll!OleSetClipboard 75D2F2FE 5 Bytes JMP 00250030 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ole32.dll!OleIsCurrentClipboard 75D32489 5 Bytes JMP 00250070 
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[688] ole32.dll!OleGetClipboard 75D5F825 5 Bytes JMP 002500B0 
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtClose 774645B0 5 Bytes JMP 66A86300 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtCreateFile 774646B0 5 Bytes JMP 66A86140 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtFlushBuffersFile 77464A40 5 Bytes JMP 66AA97B0 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtLockFile 77464C80 5 Bytes JMP 66AA98A0 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtOpenFile 77464DC0 5 Bytes JMP 66A860B0 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtQueryInformationFile 77465100 5 Bytes JMP 66A86380 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtReadFile 774653A0 5 Bytes JMP 66A861E0 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtSetInformationFile 77465720 5 Bytes JMP 66A86410 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtUnlockFile 77465A80 5 Bytes JMP 66AA9930 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!NtWriteFile 77465B50 5 Bytes JMP 66A86270 C:\Program Files\Search Results Toolbar\Datamngr\DataMngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!wcsncmp + 33B 7747F420 7 Bytes JMP 5EB5F140 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 765FC057 7 Bytes JMP 5F17FDD2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] kernel32.dll!CloseHandle + 38 7660058F 7 Bytes JMP 5F17FDF5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] kernel32.dll!GetExitCodeProcess + 2C 766030DD 7 Bytes JMP 5EB62942 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5744] GDI32.dll!GetViewportOrgEx + 21C 760F85EB 7 Bytes JMP 5F17FD53 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!GetWindowInfo 76776A82 5 Bytes JMP 5F09C6FD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!MenuItemFromPoint + F 76794B36 3 Bytes JMP 5F09CCF3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!MenuItemFromPoint + 13 76794B3A 3 Bytes CALL 01CF452A

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp tmtdi.sys
AttachedDevice \FileSystem\fastfat \Fat ssfs0bbc.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\[email protected]{4DB7FB86-2598-11DF-B596-806E6F6E6963} 10170789472

---- EOF - GMER 2.1 ----


----------



## dawudbryant (Sep 12, 2013)

ADW cleaner log

# AdwCleaner v3.004 - Report created 22/09/2013 at 06:50:08
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional (32 bits)
# Username : Dawud and Saarah - DAWUDANDSAARAH
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : DatamngrCoordinator
[#] Service Deleted : QuestScan Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\FREEzeFrogSA
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\QuestScan
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Alawar Entertainment
Folder Deleted : C:\ProgramData\CodecC
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecC
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FREEzeFrog
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\QuestScan
Folder Deleted : C:\Program Files\Search Results Toolbar
Folder Deleted : C:\Program Files\Searchqu Toolbar
Folder Deleted : C:\Program Files\Veoh_Web_Player
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Ilivid
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\Dawud and Saarah\AppData\LocalLow\CodecC
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\B1Toolbar
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\FREEzeFrog
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\Alawar Entertainment
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\53dncfct.default\Searchqutoolbar
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\53dncfct.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\53dncfct.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\53dncfct.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bccldkoinakjmmgebambiaggjobhikfg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\FREEzeFrogAx.Info
Key Deleted : HKLM\SOFTWARE\Classes\FREEzeFrogAx.Info.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sopcast_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sopcast_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [OurBabymaker Search Scope Monitor]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{377E5D4D-77E5-476A-8716-7E70A9272DA0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\FREEzeFrogSA
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FREEzeFrog
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\QuestScan
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FREEzeFrogSA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~2\Datamngr\mgrldr.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16446

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\53dncfct.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0233376304414755&o=APN10645&q=");

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [17684 octets] - [22/09/2013 06:45:53]
AdwCleaner[S0].txt - [17826 octets] - [22/09/2013 06:50:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17887 octets] ##########


----------



## dawudbryant (Sep 12, 2013)

when i tried to run option 1 of winhlp it didnt ask me if i wanted to open a file, it just opened a page with the following

' Visual Basic Script program to reset the DMA status of all ATA drives ' Copyright © 2006 Hans-Georg Michna ' Version 2007-04-04 ' Works in Windows XP, probably also in Windows 2000 and NT. ' Does no harm if Windows version is incompatible. If MsgBox("This program will now reset the DMA status of all ATA drives with Windows drivers." _ & vbNewline & "Windows will redetect the status after the next reboot, therefore this procedure" _  & vbNewline & "should be harmless.", _ vbOkCancel, "Program start message") _ = vbOk Then RegPath = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\" ValueName1Master = "MasterIdDataChecksum" ValueName1Slave = "SlaveIdDataChecksum" ValueName2Master = "UserMasterDeviceTimingModeAllowed" ValueName2Slave = "UserSlaveDeviceTimingModeAllowed" ValueName3 = "ResetErrorCountersOnSuccess" MessageText = "The following ATA channels have been reset:" MessageTextLen0 = Len(MessageText) ConsecutiveMisses = 0 Set WshShell = WScript.CreateObject("WScript.Shell") For i = 0 to 999 RegSubPath = Right("000" & i, 4) & "\" ' Master Err.Clear On Error Resume Next WshShell.RegRead RegPath & RegSubPath & ValueName1Master errMaster = Err.Number On Error Goto 0 If errMaster = 0 Then On Error Resume Next WshShell.RegDelete RegPath & RegSubPath & ValueName1Master WshShell.RegDelete RegPath & RegSubPath & ValueName2Master On Error Goto 0 MessageText = MessageText & vbNewLine & "Master" End If ' Slave Err.Clear On Error Resume Next WshShell.RegRead RegPath & RegSubPath & ValueName1Slave errSlave = Err.Number On Error Goto 0 If errSlave = 0 Then On Error Resume Next WshShell.RegDelete RegPath & RegSubPath & ValueName1Slave WshShell.RegDelete RegPath & RegSubPath & ValueName2Slave On Error Goto 0 If errMaster = 0 Then MessageText = MessageText & " and " Else MessageText = MessageText & vbNewLine End If MessageText = MessageText & "Slave" End If If errMaster = 0 Or errSlave = 0 Then On Error Resume Next WshShell.RegWrite RegPath & RegSubPath & ValueName3, 1, "REG_DWORD" On Error Goto 0 ChannelName = "unnamed channel " & Left(RegSubPath, 4) On Error Resume Next ChannelName = WshShell.RegRead(RegPath & RegSubPath & "DriverDesc") On Error Goto 0 MessageText = MessageText & " of " & ChannelName & ";" ConsecutiveMisses = 0 Else ConsecutiveMisses = ConsecutiveMisses + 1 If ConsecutiveMisses >= 32 Then Exit For ' Don't search unnecessarily long. End If Next ' i If Len(MessageText) <= MessageTextLen0 Then MessageText = "No resettable ATA channels with Windows drivers found. Nothing changed." Else MessageText = MessageText & vbNewline _ & "Please reboot now to reset and redetect the DMA status." End If MsgBox MessageText, vbOkOnly, "Program finished normally" End If ' MsgBox(...) = vbOk ' End of Visual Basic Script program


----------



## dawudbryant (Sep 12, 2013)

my computer crashes so easily, if i open another tab on internet explorer, if i try to send a file or video to a usb etc, i had ransom viruses on here before.


----------



## dawudbryant (Sep 12, 2013)

My pc runs faster after I ran the above programs but it still sometimes takes ages to start up and occassionally doesnt start up. Please help.


----------



## Mark1956 (May 7, 2011)

You have two Anti Virus programs on your system which is bound to cause problems. Uninstall Webroot and see if the problem continues.

Please also do another scan with ADWCleaner to make sure all the Adware has gone and post the new log.


----------



## dawudbryant (Sep 12, 2013)

Thank you, I'll do that


----------



## dawudbryant (Sep 12, 2013)

Here is the scan log from the adw cleaner

# AdwCleaner v3.005 - Report created 29/09/2013 at 16:38:12
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional (32 bits)
# Username : Dawud and Saarah - DAWUDANDSAARAH
# Running from : C:\Users\Dawud and Saarah\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Folder Deleted : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16446

-\\ Mozilla Firefox v23.0.1 (en-US)
[ File : C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803\prefs.js ]

-\\ Google Chrome v29.0.1547.76
[ File : C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [17684 octets] - [22/09/2013 06:45:53]
AdwCleaner[R1].txt - [1336 octets] - [29/09/2013 16:27:50]
AdwCleaner[S0].txt - [17968 octets] - [22/09/2013 06:50:08]
AdwCleaner[S1].txt - [1261 octets] - [29/09/2013 16:38:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1321 octets] ##########


----------



## Mark1956 (May 7, 2011)

ADWCleaner is still showing deletions so please run it again and post the new log.

Please also tell me how things are after removing Webroot.


----------



## dawudbryant (Sep 12, 2013)

it seems ok after webroot was removed. Everytime I run ADW cleaner it seems to do the same thing.


----------



## Mark1956 (May 7, 2011)

Ok, so it sounds like all your troubles were simply due to Webroot causing conflicts.

I'm assuming what you are saying about ADWCleaner means that it is constantly removing the same two entries from Google. That being the case the best approach is to reinstall Google, but you must follow the instructions below to make sure it is fully uninstalled before re-installing it.

First save all your bookmarks/favourites.
Open Chrome, click on the 3 bars in the top right hand corner, select *Bookmarks* and then *Bookmarks Manager.*
Click on *Organise* and then select *Export Bookmarks to HTML file* and choose the *Desktop* to save it.
When you have re-installed Chrome repeat the process and select *Import Bookmarks* to put them back.

Open Chrome, click on the three bars in the top right hand corner and select *Settings*.
In the list of Settings under *Sign in* click on *Disconnect your Google Account*.
In the text of the next window click on *Google Dashboard*, at the *Chrome sync* screen click on *Stop and Clear* at the bottom.
A box will open and ask for confirmation, click on *OK*.
You must *wait* for this to complete before doing the next step.
When confirmation appears close that page and then click on *Disconnect account*.
Shut Google Chrome, click on *Start* > *Control Panel* > *Programs and Features* (or *Add/Remove Programs* in XP) and uninstall *Google Chrome*. Select Everything for removal when asked.

Reboot the system and then reinstall Google Chrome from Here


----------



## dawudbryant (Sep 12, 2013)

Hi, the pc is still taking ages to start up and is still crashing and restarting at times. I still can't send things to my usb. When I do a GMER scan the pc restarts saying there is a problem. 

I haven't done that google thing cos there are still problems. What should I do next?

Thanks for your help. Very much appreciated

D


----------



## Mark1956 (May 7, 2011)

No need to run GMER, all it does is create a report, it won' fix anything.

What exactly is stopping you from re-installing Google?

Please run this scan and post the logs:

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## dawudbryant (Sep 12, 2013)

Hi, do you mean google chrome?

Heres the logs you just asked for, thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah (administrator) on DAWUDANDSAARAH on 24-10-2013 18:42:24
Running from C:\Users\Dawud and Saarah\Downloads
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [UfSeAgnt.exe] - c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1398024 2009-08-12] (Trend Micro Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk [1330 2011-10-09] ()
HKLM\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk [2207 2011-10-09] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [oldzvawkdi] - C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs [116320 2013-10-21] ()
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb\n. ATTENTION! ====> ZeroAccess/Alureon?
AppInit_DLLs: [ ] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oldzvawkdi..vbs ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: (No Name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm005YYgb&ptb=7FCE20C7-E1E6-4C10-888F-AC194550067E&psa=&ind=2012011210&ptnrS=YRxdm005YYgb&si=CN3S8-jiyq0CFVGKfAodNA8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKCU - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = 
SearchScopes: HKCU - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm005YYgb&ptb=7FCE20C7-E1E6-4C10-888F-AC194550067E&psa=&ind=2012011210&ptnrS=YRxdm005YYgb&si=CN3S8-jiyq0CFVGKfAodNA8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D2416C90-7C43-4832-AD2F-54BDCFC42716} URL = http://search.avg.com/?d=4e445065&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll (MindSpark)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @OurBabyMaker_27.com/Plugin - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [[email protected]_27.com] - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF Extension: OurBabymaker - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{A4E1CE0F-E864-4502-9E27-784BBE8F276D}] - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF Extension: XULRunner - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF HKCU\...\Firefox\Extensions: [{DDEC7074-F53C-11E1-8270-B8AC6F996F26}] - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Search Results) - http://www.google.com
CHR DefaultSuggestURL: (Search Results) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (YouTube) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Torch Share) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3158_0
CHR Extension: (Skype Click to Call) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Dawud and Saarah\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 OurBabyMaker_27Service; C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe [42504 2012-01-12] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SfCtlCom; c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [703008 2009-08-12] (Trend Micro Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [337160 2009-07-22] (Trend Micro Inc.)
S3 tmproxy; c:\Program Files\Trend Micro\Internet Security\TmProxy.exe [648456 2009-08-12] (Trend Micro Inc.)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S3 arusb_lh; C:\Windows\System32\DRIVERS\arusb_lh.sys [407040 2007-11-13] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-28] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [142352 2009-07-22] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36624 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [66320 2009-07-22] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [235024 2009-07-22] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [262416 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1405720 2011-07-12] (Trend Micro Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-24 18:42 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\Dawud and Saarah\Downloads\FRST.exe
2013-10-24 18:42 - 2013-10-24 18:42 - 00000000 ____D C:\FRST
2013-10-24 18:27 - 2013-10-24 18:28 - 00145904 _____ C:\Windows\Minidump\102413-31995-01.dmp
2013-10-23 05:36 - 2013-10-21 08:53 - 00000792 _____ C:\Users\Dawud and Saarah\Desktop\Saarah - Al-Maha Academy.lnk
2013-10-19 14:53 - 2013-10-21 08:58 - 00116320 ___SH C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs
2013-10-19 13:44 - 2013-10-19 13:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-19 13:43 - 2013-10-19 13:43 - 00002114 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-19 00:05 - 2013-10-19 00:05 - 00145904 _____ C:\Windows\Minidump\101913-330971-01.dmp
2013-10-18 23:56 - 2013-10-18 23:56 - 00145912 _____ C:\Windows\Minidump\101813-331455-01.dmp
2013-10-18 23:43 - 2013-10-18 23:43 - 00012734 _____ C:\Users\Dawud and Saarah\Desktop\dds.txt
2013-10-18 23:40 - 2013-10-18 23:40 - 00012287 _____ C:\Users\Dawud and Saarah\Desktop\hijackthis.log
2013-10-18 16:15 - 2013-10-10 13:22 - 00001654 _____ C:\Users\Dawud and Saarah\Documents\Dawud Bryant CV for Qatar.lnk
2013-10-18 12:07 - 2013-10-18 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 15:02 - 2013-10-14 15:11 - 00000000 ____D C:\Users\Dawud and Saarah\Downloads\Teachers pay teachers
2013-10-13 22:30 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-10-13 22:30 - 2013-10-13 22:30 - 00000000 ____D C:\Program Files\GUMD0D2.tmp
2013-10-05 09:55 - 2013-10-05 09:57 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Powerpoint themes
2013-09-29 16:49 - 2013-09-29 16:45 - 01042066 _____ C:\Users\Dawud and Saarah\Desktop\AdwCleaner.exe
2013-09-29 16:49 - 2013-09-12 12:52 - 00377856 _____ C:\Users\Dawud and Saarah\Desktop\d4u74i0b.exe
2013-09-29 16:49 - 2013-09-12 12:48 - 00688992 ____R (Swearware) C:\Users\Dawud and Saarah\Desktop\dds.scr
2013-09-29 16:49 - 2013-09-12 12:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dawud and Saarah\Desktop\HijackThis.exe
2013-09-29 16:26 - 2013-09-29 16:27 - 01042066 _____ C:\Users\Dawud and Saarah\Downloads\AdwCleaner.exe
2013-09-29 15:41 - 2013-09-29 16:16 - 00000000 ____D C:\ProgramData\WRData
2013-09-27 11:46 - 2013-09-27 12:41 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\My Digital Editions
2013-09-27 11:46 - 2013-09-27 11:46 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Adobe_Systems_Incorporate

==================== One Month Modified Files and Folders =======

2013-10-24 18:42 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\Dawud and Saarah\Downloads\FRST.exe
2013-10-24 18:42 - 2013-10-24 18:42 - 00000000 ____D C:\FRST
2013-10-24 18:37 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 18:37 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 18:33 - 2011-02-20 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-10-24 18:32 - 2010-10-11 21:59 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox
2013-10-24 18:31 - 2010-10-11 22:01 - 00000000 ___RD C:\Users\Dawud and Saarah\Documents\My Dropbox
2013-10-24 18:28 - 2013-10-24 18:27 - 00145904 _____ C:\Windows\Minidump\102413-31995-01.dmp
2013-10-24 18:28 - 2013-05-31 19:49 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-10-24 18:28 - 2012-07-27 19:00 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Skype
2013-10-24 18:28 - 2010-09-22 22:30 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 18:27 - 2012-10-10 13:29 - 133083310 _____ C:\Windows\MEMORY.DMP
2013-10-24 18:27 - 2012-09-27 14:09 - 00028406 _____ C:\Windows\setupact.log
2013-10-24 18:27 - 2010-10-05 20:37 - 00000000 ____D C:\Windows\Minidump
2013-10-24 18:27 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 05:43 - 2012-10-14 23:15 - 00000937 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-24 05:35 - 2013-02-07 06:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 05:35 - 2010-09-22 22:30 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-23 05:34 - 2012-02-07 20:02 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\vlc
2013-10-22 05:49 - 2012-08-31 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-21 08:58 - 2013-10-19 14:53 - 00116320 ___SH C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs
2013-10-21 08:53 - 2013-10-23 05:36 - 00000792 _____ C:\Users\Dawud and Saarah\Desktop\Saarah - Al-Maha Academy.lnk
2013-10-19 13:50 - 2010-05-03 17:41 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Adobe
2013-10-19 13:44 - 2013-10-19 13:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-19 13:43 - 2013-10-19 13:43 - 00002114 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-19 13:43 - 2013-02-07 06:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-19 13:43 - 2011-08-16 21:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 00:29 - 2012-08-31 22:15 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Mozilla
2013-10-19 00:09 - 2013-09-22 06:45 - 00000000 ____D C:\AdwCleaner
2013-10-19 00:05 - 2013-10-19 00:05 - 00145904 _____ C:\Windows\Minidump\101913-330971-01.dmp
2013-10-18 23:56 - 2013-10-18 23:56 - 00145912 _____ C:\Windows\Minidump\101813-331455-01.dmp
2013-10-18 23:43 - 2013-10-18 23:43 - 00012734 _____ C:\Users\Dawud and Saarah\Desktop\dds.txt
2013-10-18 23:43 - 2013-09-22 06:27 - 00008718 _____ C:\Users\Dawud and Saarah\Desktop\attach.txt
2013-10-18 23:40 - 2013-10-18 23:40 - 00012287 _____ C:\Users\Dawud and Saarah\Desktop\hijackthis.log
2013-10-18 21:04 - 2013-01-26 10:03 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\dvdcss
2013-10-18 12:08 - 2013-10-18 12:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-18 12:08 - 2013-01-08 14:44 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-14 15:11 - 2013-10-14 15:02 - 00000000 ____D C:\Users\Dawud and Saarah\Downloads\Teachers pay teachers
2013-10-13 22:30 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-10-13 22:30 - 2013-10-13 22:30 - 00000000 ____D C:\Program Files\GUMD0D2.tmp
2013-10-13 10:53 - 2011-12-20 15:12 - 00039602 _____ C:\Windows\PFRO.log
2013-10-10 13:22 - 2013-10-18 16:15 - 00001654 _____ C:\Users\Dawud and Saarah\Documents\Dawud Bryant CV for Qatar.lnk
2013-10-07 15:32 - 2010-03-01 19:16 - 00004978 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 09:57 - 2013-10-05 09:55 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Powerpoint themes
2013-10-05 00:16 - 2013-05-06 21:56 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Torch
2013-10-04 13:09 - 2013-05-06 21:57 - 00001163 _____ C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2013-10-04 13:09 - 2013-05-06 21:56 - 00002224 _____ C:\Users\Dawud and Saarah\Desktop\Torch.lnk
2013-10-04 12:36 - 2012-07-27 19:00 - 00000000 ___RD C:\Program Files\Skype
2013-10-04 12:36 - 2012-07-27 18:59 - 00000000 ____D C:\ProgramData\Skype
2013-10-03 21:25 - 2009-07-14 07:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-29 16:45 - 2013-09-29 16:49 - 01042066 _____ C:\Users\Dawud and Saarah\Desktop\AdwCleaner.exe
2013-09-29 16:27 - 2013-09-29 16:26 - 01042066 _____ C:\Users\Dawud and Saarah\Downloads\AdwCleaner.exe
2013-09-29 16:16 - 2013-09-29 15:41 - 00000000 ____D C:\ProgramData\WRData
2013-09-27 12:41 - 2013-09-27 11:46 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\My Digital Editions
2013-09-27 12:41 - 2011-08-06 15:52 - 00000000 ____D C:\Program Files\Adobe
2013-09-27 11:46 - 2013-09-27 11:46 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Adobe_Systems_Incorporate
2013-09-24 20:51 - 2012-10-14 23:29 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Dawud

ZeroAccess:
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb

ZeroAccess:
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@

Files to move or delete:
====================
C:\Users\Dawud and Saarah\install_flash_player.exe

Some content of TEMP:
====================
C:\Users\Dawud and Saarah\AppData\Local\Temp\Quarantine.exe
C:\Users\Dawud and Saarah\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-10-14 01:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah at 2013-10-24 18:43:36
Running from C:\Users\Dawud and Saarah\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot AntiVirus with Spy Sweeper (Disabled - Out of date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Webroot AntiVirus with Spy Sweeper (Disabled - Out of date) {8162D2B6-63C7-5812-E5F7-165FDC222080}
FW: Webroot AntiVirus with Spy Sweeper (Disabled) {0238B277-0F92-56C4-F418-841859762D46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b (Version: 1.63b)
Adobe AIR (Version: 3.0.0.4080)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Agatha Christie Bundle - 3 in 1
Amanda Rose - The Game of Time
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Antimalware Doctor
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Astroslugs
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
Azkend
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 3.0.0.10)
Born Into Darkness
Bricks of Camelot
Broken Sword - The Angel of Death (Version: 1.00.0000)
Broken Sword (Version: 1.0)
Byki (Version: 4.0)
Byki Express
Campfire Legends Double Pack
CCleaner (Version: 3.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Criminal Minds
D3DX10 (Version: 15.4.2368.0902)
Deep Blue Sea 2 - The Amulet of Light
Dell Backup and Recovery Manager (Version: 1.2.1)
Dell Edoc Viewer (Version: 1.0.0)
Dell Laser Printer 1110 Software Uninstall
DivX Setup (Version: 2.6.1.22)
Dream Chronicles(R) Trilogy 1 Bundle
Dropbox (HKCU Version: 2.0.22)
Empress of the Deep - The Darkest Secret
Empress of the Deep 2 - Song of the Blue Whale
Escape from Thunder Island
Exorcist
Farm Frenzy 3 - Madagascar
Feeding Frenzy 2 Shipwreck Showdown
Feeding Frenzy Deluxe 5.7.18.1 (Version: 5.7.18.1)
Fiction Fixers - The Curse of Oz
Gold Fever
Golden Trails - The New Western Rush
Google Chrome (Version: 30.0.1599.101)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Grim Tales: The Bride
Hotel Mahjong Deluxe
Inspector Magnusson - Murder on the Titanic
Intel AppUp(SM) center (Version: 29164)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
Jane Angel - Templar Mystery
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
LandGrabbers
Letters from Nowhere 2
Letters from Nowhere Double Pack
Logic3 12-button with vibration (Ver. 3.0) (Version: 3.0)
LUXOR 5th Passage
Max and Claire - Vocabulary (Version: 1.0)
McAfee Security Scan Plus (Version: 3.0.285.6)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mind's Eye - Secrets of the Forgotten
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
Nat Geo Games Lost Chronicles - Salem
NewPepper for Open University v0.1.3
Nightmare on the Pacific
Norton Security Scan (Version: 3.7.6.5)
Nuance PDF Reader (Version: 7.00.0000)
NVIDIA Drivers (Version: 1.9)
Our Worst Fears - Stained Skin
OurBabymaker
Paige Harper and the Tome of Mystery
Penny Dreadfuls(TM) Sweeney Todd
Penny Dreadfuls Sweeney Todd
Phantasmat
PowerDVD DX (Version: 8.3.5424)
Princess Isabella - A Witch's Curse
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek Ethernet Diagnostic Utility (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
RealUpgrade 1.1 (Version: 1.1.0)
Robinson Crusoe and the Cursed Pirates
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Royal Trouble
Search-Results Toolbar (Version: 1.2.0.0)
SKIP-BO Castaway Caper(TM)
Skype Click to Call (Version: 6.12.13601)
Skype 5.10 (Version: 5.10.116)
SopCast 3.3.2 (Version: 3.3.2)
The Hadith Software Version 1.0
The Scruffs
The Seawise Chronicles - Untamed Legacy
The Tiny Bang Story
Torch (HKCU Version: 25.0.0.4508)
Trend Micro Internet Security (Version: 16.60)
Unexpected Journey
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vampire Saga - Welcome to Hell Lock
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Victorian Mysteries - Woman in White
Viewer Setup
VLC media player 1.0.1 (Version: 1.0.1)
Wedding Salon
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.10 beta 4 (32-bit) (Version: 4.10.4)
Wisegal
Women's Murder Club - Triple Crime Pack
World's Greatest Places Mahjong

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {016B4CE5-B24E-42BF-A5D3-F42D9AA45D04} - System32\Tasks\9141e00 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup152313344.exe
Task: {033A0D1B-AE62-44CD-BFBC-E5BB52126062} - System32\Tasks\d4f14300 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup2625381120.exe
Task: {05AAAD72-38A6-4EBE-B0A3-817AFFBD719F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {05EE0E13-D38D-4888-9A72-229BCE51849D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08] (Sun Microsystems, Inc.)
Task: {097326D2-3223-465E-886E-2C1336007050} - System32\Tasks\1f2440b0 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup522469552.exe
Task: {0A1C62E8-32BF-4CDB-AAAC-D4EDDC00A1CD} - System32\Tasks\47181430 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup300760368.exe
Task: {112A8C14-8AB7-4883-BCDF-B6BF7EB2E684} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe [2013-01-08] (RealNetworks, Inc.)
Task: {15685CC5-FC74-4609-90F2-CEF8ABB9D1BE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {19E7A686-F20C-4F8E-9449-D2D102316C9B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{FABB9D30-D5E9-492C-887E-A56E423D56DB}.exe
Task: {25109084-B306-4DC7-96B7-51167E5633E6} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated)
Task: {252AAA75-B344-446C-AFA9-003077D90E7E} - System32\Tasks\7e1b1110 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup1223703056.exe
Task: {25BF980D-6D5F-4E1A-A63C-0326AEFA091B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-22] (Google Inc.)
Task: {2CC38B50-7A55-4621-8B15-A0DCCC26C388} - System32\Tasks\29b2b218 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup4102535232.exe
Task: {2E09B987-A8F8-4FD7-9A2D-BCD5D072A63A} - System32\Tasks\f7fb0300 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup4160422656.exe
Task: {31539BEC-CB58-4E70-BCBA-ABF3E69E912F} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {379D3B43-5935-44BE-9E80-455B90D94319} - System32\Tasks\6257b300 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup1649914624.exe
Task: {46FCF556-F80D-4CBA-924E-6A97B364B228} - System32\Tasks\1c5bc300 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup3634036736.exe
Task: {475FE117-4EC4-4D09-90F0-77447D2B630A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B9193DD-1643-4173-9A6E-87F5C0487426} - System32\Tasks\7b46afd0 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup284221176.exe
Task: {5D67565D-C6C3-4F2E-8886-227AAC6AE0FA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {5D6FB1D3-8DCC-4A8C-9718-623D06D601ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-22] (Google Inc.)
Task: {5F3ACC63-B036-4853-BF92-3CE02A700B12} - System32\Tasks\ad42d010 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup1568756728.exe
Task: {64E409F4-9B12-435C-9836-82634924743A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-22] (Google Inc.)
Task: {7F962F37-7F07-4EAA-A83A-AB09D0CE0F18} - System32\Tasks\4123e9e0 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup1092872672.exe
Task: {81E552EF-DCEA-4F12-BD60-43FD1000562B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-560286956-321209922-1175365262-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {83DD1FC1-276B-4244-A5A5-82AA0E0E01D4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {86DBAE88-2627-44A4-B470-C7229BDE791A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {963F21ED-F251-469E-BCFE-37AA0C104ECB} - System32\Tasks\Divx online update program => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30] ()
Task: {9A067442-4D68-4589-A766-7B70349C2FDB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {A75A5520-62CB-4C99-A2AD-FA5442B2545A} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {A8F4564A-DA02-41EE-9CAB-12A093E16C6C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {A941538C-E2E0-463C-BA82-A8B60B176626} - System32\Tasks\a28c4088 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup1835100552.exe
Task: {AA47F2B1-FAE4-4BFC-9BC9-67E4C8773621} - System32\Tasks\b8077ca8 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup2195498408.exe
Task: {AAFAECB2-FA80-4B3F-8B34-DF2AFE59D265} - System32\Tasks\ae324d0 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup3585616632.exe
Task: {AC8880AA-40C1-4330-A0B9-7438506FCB18} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-560286956-321209922-1175365262-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {B0B845C3-4813-4485-A388-BF938D83D1CE} - System32\Tasks\c82ba60 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup3612861280.exe
Task: {BD3673AB-712B-4FF4-88D1-9E002CA6D036} - System32\Tasks\d1ad07d8 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup3517777880.exe
Task: {C0EEDA52-E7C1-48D2-B1F1-2E775969A1EE} - System32\Tasks\RunAsStdUser Task => C:\Program Files\FREEzeFrog\bin\1.0.670.0\FREEzeFrogSA.exe
Task: {C4219F2B-66EA-4112-9342-55B7C7A7CD17} - System32\Tasks\818e6400 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup2173592576.exe
Task: {C50ED74B-53B5-4CC7-9870-A2720962F31E} - System32\Tasks\2fed1510 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup804066576.exe
Task: {C9520FB2-8C1A-4D1D-AF92-2AACB50A2B10} - System32\Tasks\39008600 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup3859782912.exe
Task: {CF4E3C27-9104-4EBF-89FD-A15D12833FDC} - System32\Tasks\f12835f0 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup3153944304.exe
Task: {CF6CEA54-3FEE-49AE-AE5B-9C1135B83C2A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {D3853419-0A6D-43FB-A128-8699F7AC4256} - System32\Tasks\Norton Security Scan for Dawud and Saarah => C:\PROGRA~1\NORTON~2\Engine\376~1.5\Nss.exe [2012-10-22] (Symantec Corporation)
Task: {D67705F3-A868-4119-A6D3-DF78A4CBA6AA} - System32\Tasks\7a6b6a58 => C:\Users\DAWUDA~1\AppData\Local\Temp\\setup2053859928.exe
Task: {E12EE1DB-A7DC-4531-B432-624A69168587} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19] (Adobe Systems Incorporated)
Task: {F6989ED1-5CFD-48BF-8906-F1A924E1B8A4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-560286956-321209922-1175365262-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {FBBC4A72-3B2D-4130-9E12-854C88717118} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{FABB9D30-D5E9-492C-887E-A56E423D56DB}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Dawud and Saarah.job => C:\PROGRA~1\NORTON~2\Engine\376~1.5\Nss.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F
AlternateDataStreams: C:\ProgramData\TEMP:ADF211B1
AlternateDataStreams: C:\ProgramData\TEMP:EC855C73

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2013 06:32:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/24/2013 06:32:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (10/23/2013 05:36:15 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/23/2013 05:36:15 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (10/22/2013 05:56:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007

Error: (10/22/2013 05:56:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5007

Error: (10/22/2013 05:56:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/22/2013 05:37:26 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-560286956-321209922-1175365262-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-560286956-321209922-1175365262-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000010
Disk type: 3

Error: (10/22/2013 05:37:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb23
Exception code: 0xc0000006
Fault offset: 0x0001510e
Faulting process id: 0x130c
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (10/22/2013 05:36:23 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-560286956-321209922-1175365262-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-560286956-321209922-1175365262-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000010
Disk type: 3

System errors:
=============
Error: (10/24/2013 06:27:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060

Error: (10/24/2013 06:27:59 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2

Error: (10/24/2013 06:27:57 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (10/24/2013 06:27:57 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (10/24/2013 06:28:10 PM) (Source: BugCheck) (User: )
Description: 0x00009088 (0x97803b74, 0x97803b78, 0x97803b6c, 0x97803b70)C:\Windows\MEMORY.DMP102413-31995-01

Error: (10/24/2013 06:27:54 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 05:49:20 on ‎24/‎10/‎2013 was unexpected.

Error: (10/22/2013 05:37:26 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly. It has done this 3 time(s).

Error: (10/22/2013 05:37:26 PM) (Source: Service Control Manager) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).

Error: (10/22/2013 05:37:26 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated unexpectedly. It has done this 3 time(s).

Error: (10/22/2013 05:36:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/09/2011 08:15:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 268 seconds with 240 seconds of active time. This session ended with a crash.

Error: (05/14/2011 11:23:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 302 seconds with 240 seconds of active time. This session ended with a crash.

Error: (05/22/2010 06:42:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 6460 seconds with 4500 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 2012.99 MB
Available physical RAM: 704.24 MB
Total Pagefile: 4025.98 MB
Available Pagefile: 2522.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457.06 GB) (Free:44.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

The problem is a little different to what I first suspected. The log above shows you have a Zero Access Rootkit infection so we now need to work on removing it, please follow this.

Open Notepad and *Copy & Paste* the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select *Copy* then right click in the Notepad window and select *Paste*. Save it to the same location that FRST is saved in as *fixlist.txt* _*<--- it is very important to spell this name exactly as written here.*_


```
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb\n. ATTENTION! ====> ZeroAccess/Alureon?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
C:\Users\Dawud and Saarah\install_flash_player.exe
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.*


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.
=========================================================

When done please run these scans below, you do not need to post any log from the TFC scan just RogueKiller, Rkill and Malwarebytes. Please also uninstall Trend Micro Internet Security as you should only have one Anti Virus on your system, please follow this: Trend Micro removal instructions (I missed that in your DDS log or I would have asked you to remove it along with Webroot).

Webroot has left behind some remnants please follow this: Webroot uninstall and clean up Please follow all the instructions up to and including instruction 6. As you have already uninstalled the program you obviously don't need to repeat that part.

*SCAN 1*
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*










*SCAN 3*
Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please post this in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

*SCAN 4*
*DO NOT* reboot, download Malwarebytes from here if you do not already have it: Malwarebytes. Install the program, run it and let it update. If you already have Malwarebytes launch the program.


Select *Perform full scan* and click on the *Scan* button. When the scan completes click on *Show Results*.
If the scan does not find any infections the log will appear as soon as it completes, please Copy & Paste it into your next reply.
If items are detected it will stay on the Scanner window and you will see *Objects detected: 1* (the number may be higher).
Click on *Show Results* and put a check mark next to all the items displayed in the list by clicking on each one in turn *<--- very important*, then click on *Remove Selected*.
The log will appear, Copy & Paste it into your next post.
Click on OK and close the window.


----------



## dawudbryant (Sep 12, 2013)

Hi, thanks again, heres that fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah at 2013-11-10 21:29:23 Run:1
Running from C:\Users\Dawud and Saarah\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb\n. ATTENTION! ====> ZeroAccess/Alureon?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
C:\Users\Dawud and Saarah\install_flash_player.exe
*****************
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb} => Moved successfully.
"C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@" => File/Directory not found.
"C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]" => File/Directory not found.
"C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]" => File/Directory not found.
"C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb => Moved successfully.
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb} => Moved successfully.
"C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@" => File/Directory not found.
C:\Users\Dawud and Saarah\install_flash_player.exe => Moved successfully.
==== End of Fixlog ====

i scanned it too, heres the scan for that

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah (administrator) on DAWUDANDSAARAH on 10-11-2013 21:27:49
Running from C:\Users\Dawud and Saarah\Downloads
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [UfSeAgnt.exe] - c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1398024 2009-08-12] (Trend Micro Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk [1330 2011-10-09] ()
HKLM\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk [2207 2011-10-09] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [oldzvawkdi] - C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs [116320 2013-10-21] ()
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\Administrator\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-09-22] (Google Inc.)
HKU\Administrator\...\Run: [ROC_JAN2013_TB] - "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\Administrator\...\RunOnce: [AVG search provider] - "C:\Program Files\AVG\AVG10\SearchProvider.exe" /AFTERINST
HKU\Administrator\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"
AppInit_DLLs: [ ] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oldzvawkdi..vbs ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: (No Name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/myweb...A8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice.myspace.com/in...ults&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKCU - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = 
SearchScopes: HKCU - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/myweb...A8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D2416C90-7C43-4832-AD2F-54BDCFC42716} URL = http://search.avg.com/?d=4e445065&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll (MindSpark)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @OurBabyMaker_27.com/Plugin - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [[email protected]_27.com] - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF Extension: OurBabymaker - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{A4E1CE0F-E864-4502-9E27-784BBE8F276D}] - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF Extension: XULRunner - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF HKCU\...\Firefox\Extensions: [{DDEC7074-F53C-11E1-8270-B8AC6F996F26}] - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Search Results) - http://www.google.com
CHR DefaultSuggestURL: (Search Results) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (YouTube) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Torch Share) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3158_0
CHR Extension: (Skype Click to Call) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Dawud and Saarah\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 OurBabyMaker_27Service; C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe [42504 2012-01-12] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 SfCtlCom; c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [703008 2009-08-12] (Trend Micro Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [337160 2009-07-22] (Trend Micro Inc.)
S3 tmproxy; c:\Program Files\Trend Micro\Internet Security\TmProxy.exe [648456 2009-08-12] (Trend Micro Inc.)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 arusb_lh; C:\Windows\System32\DRIVERS\arusb_lh.sys [407040 2007-11-13] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-28] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [142352 2009-07-22] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36624 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [66320 2009-07-22] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [235024 2009-07-22] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [262416 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1405720 2011-07-12] (Trend Micro Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-11-10 21:26 - 2013-11-10 21:26 - 00001004 _____ C:\Users\Dawud and Saarah\Downloads\fixlist.txt
2013-10-24 18:43 - 2013-10-24 18:44 - 00028925 _____ C:\Users\Dawud and Saarah\Downloads\Addition.txt
2013-10-24 18:42 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\Dawud and Saarah\Downloads\FRST.exe
2013-10-24 18:42 - 2013-10-24 18:42 - 00000000 ____D C:\FRST
2013-10-24 18:27 - 2013-10-24 18:28 - 00145904 _____ C:\Windows\Minidump\102413-31995-01.dmp
2013-10-23 05:36 - 2013-10-21 08:53 - 00000792 _____ C:\Users\Dawud and Saarah\Desktop\Saarah - Al-Maha Academy.lnk
2013-10-19 13:44 - 2013-10-19 13:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-19 13:43 - 2013-11-01 23:59 - 00002014 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-19 13:43 - 2013-11-01 23:59 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 00:05 - 2013-10-19 00:05 - 00145904 _____ C:\Windows\Minidump\101913-330971-01.dmp
2013-10-18 23:56 - 2013-10-18 23:56 - 00145912 _____ C:\Windows\Minidump\101813-331455-01.dmp
2013-10-18 23:43 - 2013-10-18 23:43 - 00012734 _____ C:\Users\Dawud and Saarah\Desktop\dds.txt
2013-10-18 23:40 - 2013-10-18 23:40 - 00012287 _____ C:\Users\Dawud and Saarah\Desktop\hijackthis.log
2013-10-18 16:15 - 2013-10-10 13:22 - 00001654 _____ C:\Users\Dawud and Saarah\Documents\Dawud Bryant CV for Qatar.lnk
2013-10-18 12:07 - 2013-10-18 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 15:02 - 2013-10-14 15:11 - 00000000 ____D C:\Users\Dawud and Saarah\Downloads\Teachers pay teachers
2013-10-13 22:30 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-10-13 22:30 - 2013-10-13 22:30 - 00000000 ____D C:\Program Files\GUMD0D2.tmp
==================== One Month Modified Files and Folders =======
2013-11-10 21:26 - 2013-11-10 21:26 - 00001004 _____ C:\Users\Dawud and Saarah\Downloads\fixlist.txt
2013-11-10 21:25 - 2013-02-07 06:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 21:17 - 2010-09-22 22:30 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 21:16 - 2010-10-11 21:59 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox
2013-11-10 18:50 - 2011-02-20 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-11-10 15:41 - 2010-09-22 22:30 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-08 20:13 - 2012-09-27 14:09 - 00029806 _____ C:\Windows\setupact.log
2013-11-08 20:12 - 2012-07-27 19:00 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Skype
2013-11-06 15:27 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 15:27 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 15:21 - 2013-05-31 19:49 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-06 15:21 - 2010-10-11 22:01 - 00000000 ___RD C:\Users\Dawud and Saarah\Documents\My Dropbox
2013-11-06 15:20 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 22:17 - 2012-02-07 20:02 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\vlc
2013-11-01 23:59 - 2013-10-19 13:43 - 00002014 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-01 23:59 - 2013-10-19 13:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-01 23:58 - 2013-01-26 10:03 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\dvdcss
2013-10-24 18:44 - 2013-10-24 18:43 - 00028925 _____ C:\Users\Dawud and Saarah\Downloads\Addition.txt
2013-10-24 18:42 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\Dawud and Saarah\Downloads\FRST.exe
2013-10-24 18:42 - 2013-10-24 18:42 - 00000000 ____D C:\FRST
2013-10-24 18:28 - 2013-10-24 18:27 - 00145904 _____ C:\Windows\Minidump\102413-31995-01.dmp
2013-10-24 18:27 - 2012-10-10 13:29 - 133083310 _____ C:\Windows\MEMORY.DMP
2013-10-24 18:27 - 2010-10-05 20:37 - 00000000 ____D C:\Windows\Minidump
2013-10-24 05:43 - 2012-10-14 23:15 - 00000937 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-22 05:49 - 2012-08-31 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-21 08:53 - 2013-10-23 05:36 - 00000792 _____ C:\Users\Dawud and Saarah\Desktop\Saarah - Al-Maha Academy.lnk
2013-10-19 13:50 - 2010-05-03 17:41 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Adobe
2013-10-19 13:44 - 2013-10-19 13:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 13:43 - 2013-02-07 06:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-19 13:43 - 2011-08-16 21:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 00:29 - 2012-08-31 22:15 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Mozilla
2013-10-19 00:09 - 2013-09-22 06:45 - 00000000 ____D C:\AdwCleaner
2013-10-19 00:05 - 2013-10-19 00:05 - 00145904 _____ C:\Windows\Minidump\101913-330971-01.dmp
2013-10-18 23:56 - 2013-10-18 23:56 - 00145912 _____ C:\Windows\Minidump\101813-331455-01.dmp
2013-10-18 23:43 - 2013-10-18 23:43 - 00012734 _____ C:\Users\Dawud and Saarah\Desktop\dds.txt
2013-10-18 23:43 - 2013-09-22 06:27 - 00008718 _____ C:\Users\Dawud and Saarah\Desktop\attach.txt
2013-10-18 23:40 - 2013-10-18 23:40 - 00012287 _____ C:\Users\Dawud and Saarah\Desktop\hijackthis.log
2013-10-18 12:08 - 2013-10-18 12:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-18 12:08 - 2013-01-08 14:44 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-14 15:11 - 2013-10-14 15:02 - 00000000 ____D C:\Users\Dawud and Saarah\Downloads\Teachers pay teachers
2013-10-13 22:30 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-10-13 22:30 - 2013-10-13 22:30 - 00000000 ____D C:\Program Files\GUMD0D2.tmp
2013-10-13 10:53 - 2011-12-20 15:12 - 00039602 _____ C:\Windows\PFRO.log
ZeroAccess:
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
C:\Windows\Installer\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\U\[email protected]
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-560286956-321209922-1175365262-1000\$15289c2f03a9ac28a5b954641925c5bb
ZeroAccess:
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}
C:\Users\Dawud and Saarah\AppData\Local\{15289c2f-03a9-ac28-a5b9-54641925c5bb}\@
Files to move or delete:
====================
C:\Users\Dawud and Saarah\install_flash_player.exe

Some content of TEMP:
====================
C:\Users\Dawud and Saarah\AppData\Local\Temp\Quarantine.exe
C:\Users\Dawud and Saarah\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-10-14 01:47
==================== End Of Log ============================


----------



## dawudbryant (Sep 12, 2013)

the link they gave me on the trend website was an installer, didnt offer me the chance to uninstall


----------



## dawudbryant (Sep 12, 2013)

I looked elsewhere on the site and uninstalled trend but when my pc restarted the internet connection was completely gone. I looked up on my laptop and this happens to many people. Someone said to try and reboot it to an earlier time, this didnt work cos it says there is no earlier time saved. I then found someone said this could be because theres a virus stopping it from saving an earlier time.
Someone else said to go to network connections and properties then look for Trend micro NDIS 6.0 File Driver then uninstall it. That didnt work either. Please help, the only way I can see that will work is is I reboot to the factory settings or whatever its called by that will wipe my harddrive, cant do that.


----------



## Mark1956 (May 7, 2011)

dawudbryant said:


> the link they gave me on the trend website was an installer, didnt offer me the chance to uninstall


 Who gave you the link you are referring to, the one I posted has all the instructions you needed to follow.

Did you make any progress with the Webroot clean up?

You haven't posted any results from the other scans I asked you to do which are very important to check for any other infected files and for damage to services which is quite common with this kind of infection.

I didn't ask for another scan with FRST and as you ran it before using the fix to remove the infections the log is the same as the last one. Please complete all the instructions to clean out Trend Micro and Webroot and run the other scans, we will do another scan with FRST only if the need arises.


----------



## dawudbryant (Sep 12, 2013)

the link you gave me to the trend uninstaller was actually an installer, it at no time said uninstall, it instead said to either accept the terms of the license agreement or not, i said accept cos otherwise it wouldve been cancelled, then it said install rather than uninstall. so i installed it then looked how to uninstall it and it did, but then as is common the internet network doesnt work. will download scan stuff now then put it on my pc and scan it

Also, a separate problem that might be related is my usb's are all not working, if i save a file on there they all save as word documents, no matter if they are videos or what. Then when i delete them, when i go back on they are still there and basically wont go.


----------



## dawudbryant (Sep 12, 2013)

the TFC link wont let me download, keeps popping up then it says internet explorer cannot display the webpage


----------



## dawudbryant (Sep 12, 2013)

right, i found how to get tfc, had to go to my avast to stop it from blocking it


----------



## dawudbryant (Sep 12, 2013)

ROGUE KILLER LOG

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Dawud and Saarah [Admin rights]
Mode : Scan -- Date : 11/11/2013 07:01:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : oldzvawkdi (wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs" [x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b [-][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-560286956-321209922-1175365262-1000\[...]\Run : oldzvawkdi (wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs" [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-560286956-321209922-1175365262-1000\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b [-][x][x]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{FABB9D30-D5E9-492C-887E-A56E423D56DB}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{FABB9D30-D5E9-492C-887E-A56E423D56DB}.exe - --uninstall=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][Folder] plugs : C:\Users\Dawud and Saarah\AppData\Roaming\Adobe\plugs [-] --> FOUND
[Tr.Karagany][Folder] shed : C:\Users\Dawud and Saarah\AppData\Roaming\Adobe\shed [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe ([email protected]@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD3E3333C)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x72E6E911)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ( @ ) +++++
--- User ---
[MBR] 03ed0d6d8b4a7d9877b567a52def7a06
[BSP] 7e93fb82420baa3ee535c3ecef09c40b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 8818 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18253824 | Size: 468026 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ( @ ) +++++
--- User ---
[MBR] 7d0d427d090a1814638ef284fa66fa03
[BSP] 7e55ab4e71d3f1faec48d85f57cec6cb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT12 (0x01) [VISIBLE] Offset (sectors): 32 | Size: 7 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ( @ ) +++++
--- User ---
[MBR] c6308936ba8e01bbac2d67e446af8c16
[BSP] e076bd8cb7b1d83113e4477c4169b3a3 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11112013_070128.txt >>




RKILL LOG

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/11/2013 07:04:01 AM in x86 mode.
Windows Version: Windows 7 Professional 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

 [HKLM\SOFTWARE\Microsoft\Windows Defender]
 "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
 Startup Type set to: Manual

 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 11/11/2013 07:07:20 AM
Execution time: 0 hours(s), 3 minute(s), and 19 seconds(s)

I am now doing the scan for malware bytes, its talking ages, its crashed a few times, hopefully it completes soon.


----------



## dawudbryant (Sep 12, 2013)

The Malware bytes scan wont complete, it gets to 2 hrs into the scan then crashes. It says its found 4 objects. Have you got a way I can get it to work?

Also, do you know how to get my internet back.

Thank you

D


----------



## Mark1956 (May 7, 2011)

The Rkill log shows several important services have been deleted by the infection so we will have to repair them. You mentioned above that Avast was the problem with TFC, please confirm that you really meant AVG and not Avast, there is no sign of Avast in your logs.

Please uninstall another item of security software I found in your list of programs "Antimalware Doctor".

You have not answered my question about Webroot.

Please run the Malwarebytes scan using the Quick scan option which will be a lot quicker.

With Trend Micro, what version do you have installed and is there no sign of the Diagnostic Toolkit?


----------



## dawudbryant (Sep 12, 2013)

I got rid of webroot, that went with no problems. I will try to uninstall antimalware. Also, it was avast that stopped me downloading it at first but thats on my laptop. Remember I can't use the internet on my pc now as Trend as ruined that so I have to reply to you and download the stuff youve given me via my laptop. I have no way of knowing what trend I had as its now completely gone from my pc. All I know is that it was called Trend micro Internet security. I bought the PC in 2010 so I think I used the uninstall program for Trend micro internet security 2010. 

I'll do the quick scan now on Malware


----------



## dawudbryant (Sep 12, 2013)

I tried to uninstall the antimal doctor thing but it said problem with this as it may of been uninstalled already, so it asked if I wanted to remove it from the list so I clicked yes. I cannot find any trace of it so Im guessing its gone.


----------



## dawudbryant (Sep 12, 2013)

oh yeah, and no there is no sign of the diagnostics toolkit. The link you gave me, I followed the instructions but like i said, when I opened it, it never said uninstall, was completely different from what the directions showed.


----------



## dawudbryant (Sep 12, 2013)

Hi, the quick scan for malware bytes has crashed as well after 5 minutes. It seems to have crashed maybe 2 times on the same point which is a video. If I delete that video will that help?


----------



## Mark1956 (May 7, 2011)

Ok, we can deal with any of the Anti Virus remnants later, lets get your services repaired and that should get you back on the internet. Don't worry about Malwarebytes for the moment.

Follow these instructions below then run repeat scans with FRST and Rkill and post the new logs.

Please download the attachment and save it to your desktop.
Extract the reg files from the zip folder.
Double click on each reg file in turn and allow them to merge with the registry.
When they are all done reboot the system.


----------



## dawudbryant (Sep 12, 2013)

Hi, thanks again, I done as you asked, heres the scans

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah (administrator) on DAWUDANDSAARAH on 12-11-2013 10:30:44
Running from C:\Users\Dawud and Saarah\Downloads
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk [1330 2011-10-09] ()
HKLM\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk [2207 2011-10-09] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [oldzvawkdi] - wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs"
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b
HKU\Administrator\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-09-22] (Google Inc.)
HKU\Administrator\...\Run: [ROC_JAN2013_TB] - "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\Administrator\...\RunOnce: [AVG search provider] - "C:\Program Files\AVG\AVG10\SearchProvider.exe" /AFTERINST
HKU\Administrator\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"
AppInit_DLLs: [ ] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: (No Name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm005YYgb&ptb=7FCE20C7-E1E6-4C10-888F-AC194550067E&psa=&ind=2012011210&ptnrS=YRxdm005YYgb&si=CN3S8-jiyq0CFVGKfAodNA8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKCU - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = 
SearchScopes: HKCU - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm005YYgb&ptb=7FCE20C7-E1E6-4C10-888F-AC194550067E&psa=&ind=2012011210&ptnrS=YRxdm005YYgb&si=CN3S8-jiyq0CFVGKfAodNA8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D2416C90-7C43-4832-AD2F-54BDCFC42716} URL = http://search.avg.com/?d=4e445065&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll (MindSpark)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @OurBabyMaker_27.com/Plugin - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [[email protected]_27.com] - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF Extension: OurBabymaker - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{A4E1CE0F-E864-4502-9E27-784BBE8F276D}] - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF Extension: XULRunner - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF HKCU\...\Firefox\Extensions: [{DDEC7074-F53C-11E1-8270-B8AC6F996F26}] - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Search Results) - http://www.google.com
CHR DefaultSuggestURL: (Search Results) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (YouTube) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Torch Share) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3158_0
CHR Extension: (Skype Click to Call) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Dawud and Saarah\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 OurBabyMaker_27Service; C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe [42504 2012-01-12] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S3 arusb_lh; C:\Windows\System32\DRIVERS\arusb_lh.sys [407040 2007-11-13] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-28] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-11] (Malwarebytes Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 10:24 - 2013-11-12 09:47 - 00039658 _____ C:\Users\Dawud and Saarah\Desktop\Service repair.zip
2013-11-11 07:09 - 2013-11-11 21:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-11 07:09 - 2013-11-11 07:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 07:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-11 07:04 - 2013-11-11 07:07 - 00002860 _____ C:\Users\Dawud and Saarah\Desktop\Rkill.txt
2013-11-11 07:01 - 2013-11-11 07:01 - 00003871 _____ C:\Users\Dawud and Saarah\Desktop\RKreport[0]_S_11112013_070128.txt
2013-11-11 06:57 - 2013-11-11 07:01 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\RK_Quarantine
2013-11-10 22:18 - 2013-11-11 07:52 - 00005826 _____ C:\Windows\PFRO.log
2013-11-10 22:14 - 2013-11-10 22:15 - 03847400 _____ C:\Users\Dawud and Saarah\Downloads\32bit.exe
2013-11-10 21:59 - 2013-11-10 22:04 - 14545288 _____ (Trend Micro Inc. ) C:\Users\Dawud and Saarah\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-11-10 21:36 - 2013-11-11 06:07 - 00158616 _____ C:\TMPatch.log
2013-10-24 18:43 - 2013-10-24 18:44 - 00028925 _____ C:\Users\Dawud and Saarah\Downloads\Addition.txt
2013-10-24 18:42 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\Dawud and Saarah\Downloads\FRST.exe
2013-10-24 18:42 - 2013-10-24 18:42 - 00000000 ____D C:\FRST
2013-10-24 18:27 - 2013-10-24 18:28 - 00145904 _____ C:\Windows\Minidump\102413-31995-01.dmp
2013-10-23 05:36 - 2013-10-21 08:53 - 00000792 _____ C:\Users\Dawud and Saarah\Desktop\Saarah - Al-Maha Academy.lnk
2013-10-19 13:44 - 2013-10-19 13:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-19 13:43 - 2013-11-01 23:59 - 00002014 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-19 13:43 - 2013-11-01 23:59 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 00:05 - 2013-10-19 00:05 - 00145904 _____ C:\Windows\Minidump\101913-330971-01.dmp
2013-10-18 23:56 - 2013-10-18 23:56 - 00145912 _____ C:\Windows\Minidump\101813-331455-01.dmp
2013-10-18 23:43 - 2013-10-18 23:43 - 00012734 _____ C:\Users\Dawud and Saarah\Desktop\dds.txt
2013-10-18 23:40 - 2013-10-18 23:40 - 00012287 _____ C:\Users\Dawud and Saarah\Desktop\hijackthis.log
2013-10-18 16:15 - 2013-10-10 13:22 - 00001654 _____ C:\Users\Dawud and Saarah\Documents\Dawud Bryant CV for Qatar.lnk
2013-10-18 12:07 - 2013-10-18 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 15:02 - 2013-10-14 15:11 - 00000000 ____D C:\Users\Dawud and Saarah\Downloads\Teachers pay teachers
2013-10-13 22:30 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-10-13 22:30 - 2013-10-13 22:30 - 00000000 ____D C:\Program Files\GUMD0D2.tmp

==================== One Month Modified Files and Folders =======

2013-11-12 10:29 - 2010-10-11 21:59 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox
2013-11-12 10:28 - 2013-05-31 19:49 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-12 10:28 - 2012-09-27 14:09 - 00030758 _____ C:\Windows\setupact.log
2013-11-12 10:28 - 2010-09-22 22:30 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 10:28 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 10:25 - 2013-02-07 06:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 10:23 - 2012-07-27 19:00 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Skype
2013-11-12 10:13 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 10:13 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 10:11 - 2011-02-20 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-11-12 10:10 - 2010-09-22 22:30 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 09:47 - 2013-11-12 10:24 - 00039658 _____ C:\Users\Dawud and Saarah\Desktop\Service repair.zip
2013-11-11 21:53 - 2013-11-11 07:09 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-11 07:52 - 2013-11-10 22:18 - 00005826 _____ C:\Windows\PFRO.log
2013-11-11 07:09 - 2013-11-11 07:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 07:07 - 2013-11-11 07:04 - 00002860 _____ C:\Users\Dawud and Saarah\Desktop\Rkill.txt
2013-11-11 07:01 - 2013-11-11 07:01 - 00003871 _____ C:\Users\Dawud and Saarah\Desktop\RKreport[0]_S_11112013_070128.txt
2013-11-11 07:01 - 2013-11-11 06:57 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\RK_Quarantine
2013-11-11 06:07 - 2013-11-10 21:36 - 00158616 _____ C:\TMPatch.log
2013-11-11 00:49 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-10 22:34 - 2009-07-14 07:55 - 01947717 _____ C:\Windows\WindowsUpdate.log
2013-11-10 22:15 - 2013-11-10 22:14 - 03847400 _____ C:\Users\Dawud and Saarah\Downloads\32bit.exe
2013-11-10 22:15 - 2010-03-01 19:28 - 00000000 ____D C:\ProgramData\Trend Micro
2013-11-10 22:04 - 2013-11-10 21:59 - 14545288 _____ (Trend Micro Inc. ) C:\Users\Dawud and Saarah\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-11-10 21:29 - 2010-04-06 00:30 - 00000000 ____D C:\Users\Dawud and Saarah
2013-11-06 15:21 - 2010-10-11 22:01 - 00000000 ___RD C:\Users\Dawud and Saarah\Documents\My Dropbox
2013-11-04 22:17 - 2012-02-07 20:02 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\vlc
2013-11-01 23:59 - 2013-10-19 13:43 - 00002014 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-01 23:59 - 2013-10-19 13:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-01 23:58 - 2013-01-26 10:03 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\dvdcss
2013-10-24 18:44 - 2013-10-24 18:43 - 00028925 _____ C:\Users\Dawud and Saarah\Downloads\Addition.txt
2013-10-24 18:42 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\Dawud and Saarah\Downloads\FRST.exe
2013-10-24 18:42 - 2013-10-24 18:42 - 00000000 ____D C:\FRST
2013-10-24 18:28 - 2013-10-24 18:27 - 00145904 _____ C:\Windows\Minidump\102413-31995-01.dmp
2013-10-24 18:27 - 2012-10-10 13:29 - 133083310 _____ C:\Windows\MEMORY.DMP
2013-10-24 18:27 - 2010-10-05 20:37 - 00000000 ____D C:\Windows\Minidump
2013-10-24 05:43 - 2012-10-14 23:15 - 00000937 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-22 05:49 - 2012-08-31 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-21 08:53 - 2013-10-23 05:36 - 00000792 _____ C:\Users\Dawud and Saarah\Desktop\Saarah - Al-Maha Academy.lnk
2013-10-19 13:50 - 2010-05-03 17:41 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Adobe
2013-10-19 13:44 - 2013-10-19 13:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-19 13:43 - 2013-10-19 13:43 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 13:43 - 2013-02-07 06:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-19 13:43 - 2011-08-16 21:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 00:29 - 2012-08-31 22:15 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\Mozilla
2013-10-19 00:09 - 2013-09-22 06:45 - 00000000 ____D C:\AdwCleaner
2013-10-19 00:05 - 2013-10-19 00:05 - 00145904 _____ C:\Windows\Minidump\101913-330971-01.dmp
2013-10-18 23:56 - 2013-10-18 23:56 - 00145912 _____ C:\Windows\Minidump\101813-331455-01.dmp
2013-10-18 23:43 - 2013-10-18 23:43 - 00012734 _____ C:\Users\Dawud and Saarah\Desktop\dds.txt
2013-10-18 23:43 - 2013-09-22 06:27 - 00008718 _____ C:\Users\Dawud and Saarah\Desktop\attach.txt
2013-10-18 23:40 - 2013-10-18 23:40 - 00012287 _____ C:\Users\Dawud and Saarah\Desktop\hijackthis.log
2013-10-18 12:08 - 2013-10-18 12:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-18 12:08 - 2013-01-08 14:44 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-14 15:11 - 2013-10-14 15:02 - 00000000 ____D C:\Users\Dawud and Saarah\Downloads\Teachers pay teachers
2013-10-13 22:30 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-10-13 22:30 - 2013-10-13 22:30 - 00000000 ____D C:\Program Files\GUMD0D2.tmp

Some content of TEMP:
====================
C:\Users\Dawud and Saarah\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 01:47

==================== End Of Log ============================

And RKILL

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2013 10:33:57 AM in x86 mode.
Windows Version: Windows 7 Professional 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

 [HKLM\SOFTWARE\Microsoft\Windows Defender]
 "DisableAntiSpyware" = dword:00000001


----------



## Mark1956 (May 7, 2011)

The logs are looking a lot better, how is the system running now, are you able to get on the internet?


----------



## dawudbryant (Sep 12, 2013)

Hi,

no, still cant, the trouble shooter doesnt work. Not sure how to get back online, I hope I dont have to reboot back to factory settings. Dont wanna wipe my pc


----------



## Mark1956 (May 7, 2011)

Returning the system to Factory Settings is always the very last resort, we should be able to fix this.

First check in the Device Manager that there are no yellow warnings next to Network Adapters, if there is post back and let me know, if not continue with the instructions below.

Take great care when typing the commands, any error you make will be greeted with an error message.

Click on Start and type cmd into the search box.
As the menu pops up right click on cmd and select Run as Administrator.
At the command prompt type the following:

*ipconfig /flushdns* <-- (The space between g and / is needed)

Hit the Enter key and then type:

*ipconfig /renew* <-- (The space between g and / is needed)

Hit the Enter key, type *Exit*, hit Enter.

Reboot the PC and see if you can connect to the internet again.

If that fails then open the command prompt, as above, and type in this command:

*netsh int ip reset resetlog.txt*

Hit the Enter key, wait for confirmation, type in *Exit* and hit the Enter key. Reboot and try the connection again.

If that fails try this:

*Winsock repair.*


Click on Start and type *cmd* into the search box.
When the menu pops up right click on *CMD* and then click on *Run as Administrator*.
The Command Prompt box will open. Type this command at the flashing cursor and hit the Enter key:

*netsh winsock reset*


You should see confirmation that the *Winsock Catalog* has been reset, if not please post what you do see.
Close the window and reboot the PC and check for internet connection.

Please then tell me the outcome, if you still cannot connect then also tell me what type of connection you are using, wireless or cable.


----------



## dawudbryant (Sep 12, 2013)

Hi...none of them worked unfortunately. My pc is connected via cable and all my laptops via wireless from the same box.


----------



## Mark1956 (May 7, 2011)

That is strange after all those resets. Please check the cable connection, try another cable if you have one.

Please download *Farbar Service Scanner* and save it to your desktop. Double click on the icon to run the program.


Put a check mark in all the boxes.
Press "*Scan*".
The results will be displayed when the scan completes, please Copy & Paste the entire log into your next reply. It will also save a log on the desktop in a text file.
Please copy and paste the log into your reply.


----------



## dawudbryant (Sep 12, 2013)

Farbar Service Scanner Version: 10-11-2013
Ran by Dawud and Saarah (administrator) on 13-11-2013 at 14:32:10
Running from "C:\Users\Dawud and Saarah\Desktop"
Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 14:59] - [2012-03-30 13:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-03-28 00:35] - [2010-12-21 08:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 21:56] - [2012-04-24 07:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

LOG THAT WAS SAVED TO MY DESKTOP

Farbar Service Scanner Version: 10-11-2013
Ran by Dawud and Saarah (administrator) on 13-11-2013 at 14:32:10
Running from "C:\Users\Dawud and Saarah\Desktop"
Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 14:59] - [2012-03-30 13:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-03-28 00:35] - [2010-12-21 08:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 21:56] - [2012-04-24 07:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## Mark1956 (May 7, 2011)

I think we have reached a point where the next step has to be a repair install as there is nothing obvious coming up in the scans. Clearly the infection caused some damage that we are not able to see. These instructions include those required to download and create a Windows 7 DVD which you will need if you do not have a retail copy. Make quite sure you have everything backed up to an external drive or DVD's just in case something goes wrong and a full re-install becomes the only remaining option.

Please go here: Windows 7 ISO downloads and download the version of Windows 7 that matches what you have on your PC.

If you have downloaded the ISO on a Windows 7 PC right click the ISO file, select *Open With*, then select* Windows Disc Image Burning Tool* then follow the prompts.

For PC's using other versions of Windows you must burn the ISO image to a DVD using an ISO image burner, copying the ISO to a DVD will not work, if you do not have an ISO burner download this free software and follow the instructions below to burn the disc.ImgBurn When you install ImgBurn make sure you uncheck any boxes offering bundled software.

Install the program and start the application. Select the top left hand option to burn image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you wish to burn. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

Once done, please go here Windows 7 Repair Install and follow the instructions.

When complete, test the system to see if the original problems have been resolved.


----------



## dawudbryant (Sep 12, 2013)

Ok, thanks, i'll have to buy some dvds to burn the ISO thing onto and to back up my pc. Just wanna know how do I back my full computer up to the dvd? Thanks again


----------



## dawudbryant (Sep 12, 2013)

Also, how do I find out what version of windows I have?


----------



## Mark1956 (May 7, 2011)

Most of the logs show your version of Windows as Professional 32bit (x86).

Backing up your entire hard drive would require about 100 DVD's which isn't a viable option. All you need to back up is your important data, music, photos, word documents, or anything that you would hate to loose. It is a golden rule of computing to always make regular back ups just in case something goes wrong like a hard drive failure. You should never take it for granted that your data is safe and you should only avoid backing up the data that you don't mind loosing, a hard drive failure could loose all of it and all hard drives will fail in time.

The chances are that the Repair Install will not put your data at risk, making the back ups is just a precaution. All you need do is make copies of all your valuable files and folders, put them in a new folder and then right click on it and select Send to, then select your DVD burner drive and follow the prompts. DVD's can only take 4.7GB of data so don't try to burn anything bigger. If it is too much of a task to save it all to DVD's then I would suggest you get hold of an external hard drive and then you can save everything in one go, having an external drive would be a good idea for the future protection of your data. If you get a drive of around 1TB you will have plenty of room to make a disc image (after the problems have been fixed) which can then be used to restore the entire contents of your hard drive in the event of a system failure.


----------



## dawudbryant (Sep 12, 2013)

Ok. Thanks. So I should do the reset thing before I do the ISO image burn thing?


----------



## Mark1956 (May 7, 2011)

I assume by 'Reset' you mean the Repair Install.

In order to do the Repair Install you will first need to burn the Windows 7 ISO to a DVD unless you already have a copy of your version of Windows 7.


----------



## dawudbryant (Sep 12, 2013)

yes, thats what I meant. I'm gonna buy an external hard drive the will get back to you.

Thanks again


----------



## Mark1956 (May 7, 2011)

:up:


----------



## dawudbryant (Sep 12, 2013)

Hi Mark,

Its been a long time, I've finally got an external hard drive. The problem is, my pc and laptop have now got some weird virus that has messed up my usbs. The files on my usb have all been changed to shortcuts and nothing deletes. After deleting it it re appears. Do you know how to get rid of this, I looked online and followed some guidance on how to do this but it still didn t work. I got told to get rid of a vbs file.

Also, on my pc the internet still wont work so I'll have to back it up then do that factory reboot thing you said. If I put the external hard drive into my pc to do this, will it pass on the usb virus to the hard drive?

Finally, how do I back up the entire computer? Do I just copy everything from the c drive and say send to?

Thank you

D


----------



## dawudbryant (Sep 12, 2013)

Just to refresh this topic


----------



## Mark1956 (May 7, 2011)

Ok, I'm not 100% clear on what you have done, why do you think you have an infection, is your Anti Virus giving you any alerts?

When you copied your important data to the external drive could you see and read the file copies. Have those copies just suddenly changed to shortcuts?

It is possible that when you copied the files to the external drive you made the wrong selection and created shortcuts instead of copies.


----------



## dawudbryant (Sep 12, 2013)

my wife used her usb at work and thinks thats where the virus came from. The files are shortcuts and when you click on it it opens the file into a new tab. But when you try to delete, as soon as it goes, it straight away re appears. Nothing deletes. On this site someone told me to delete my previous antivirus and instead install AVIRA. I have done that and am scanning my laptop now. But don't know what else to do.

Can I still back up my pc on to my external hard drive even with this usb virus?


----------



## dawudbryant (Sep 12, 2013)

i still need to burn the iso image, so can i download it on my laptop and put it on my usb, then put it on my pc and burn it to disc?

This is the scan I did with AVIRA on my usb, says theres no problem, is the virus on the usb or pc/laptop

Avira Free Antivirus
Report file date: Saturday, December 07, 2013 12:39

The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : user
Computer name : COMPUTER_1
Version information:
BUILD.DAT : 14.0.1.759 55393 Bytes 11/26/2013 12:19:00
AVSCAN.EXE : 14.0.1.645 1030712 Bytes 12/6/2013 21:58:26
AVSCANRC.DLL : 14.0.1.641 52280 Bytes 12/6/2013 21:58:27
LUKE.DLL : 14.0.1.641 65080 Bytes 12/6/2013 22:01:29
AVSCPLR.DLL : 14.0.1.641 124472 Bytes 12/6/2013 21:58:27
AVREG.DLL : 14.0.1.641 250424 Bytes 12/6/2013 21:58:21
avlode.dll : 14.0.1.681 517176 Bytes 12/6/2013 21:58:10
avlode.rdf : 13.0.1.48 27867 Bytes 12/6/2013 22:03:21
VBASE000.VDF : 7.11.70.0 66736640 Bytes  4/4/2013 21:47:48
VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 21:48:07
VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 21:48:31
VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 21:48:48
VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 21:49:23
VBASE005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 21:51:15
VBASE006.VDF : 7.11.103.230 2293248 Bytes 9/24/2013 21:52:13
VBASE007.VDF : 7.11.116.38 5485568 Bytes 11/28/2013 21:53:34
VBASE008.VDF : 7.11.116.39 2048 Bytes 11/28/2013 21:53:34
VBASE009.VDF : 7.11.116.40 2048 Bytes 11/28/2013 21:53:35
VBASE010.VDF : 7.11.116.41 2048 Bytes 11/28/2013 21:53:35
VBASE011.VDF : 7.11.116.42 2048 Bytes 11/28/2013 21:53:35
VBASE012.VDF : 7.11.116.43 2048 Bytes 11/28/2013 21:53:35
VBASE013.VDF : 7.11.116.44 2048 Bytes 11/28/2013 21:53:35
VBASE014.VDF : 7.11.116.195 149504 Bytes 11/30/2013 21:53:39
VBASE015.VDF : 7.11.117.180 271872 Bytes 12/4/2013 21:53:42
VBASE016.VDF : 7.11.118.17 139776 Bytes 12/6/2013 21:53:43
VBASE017.VDF : 7.11.118.18 2048 Bytes 12/6/2013 21:53:43
VBASE018.VDF : 7.11.118.19 2048 Bytes 12/6/2013 21:53:44
VBASE019.VDF : 7.11.118.20 2048 Bytes 12/6/2013 21:53:44
VBASE020.VDF : 7.11.118.21 2048 Bytes 12/6/2013 21:53:44
VBASE021.VDF : 7.11.118.22 2048 Bytes 12/6/2013 21:53:44
VBASE022.VDF : 7.11.118.23 2048 Bytes 12/6/2013 21:53:44
VBASE023.VDF : 7.11.118.24 2048 Bytes 12/6/2013 21:53:44
VBASE024.VDF : 7.11.118.25 2048 Bytes 12/6/2013 21:53:44
VBASE025.VDF : 7.11.118.26 2048 Bytes 12/6/2013 21:53:45
VBASE026.VDF : 7.11.118.27 2048 Bytes 12/6/2013 21:53:45
VBASE027.VDF : 7.11.118.28 2048 Bytes 12/6/2013 21:53:45
VBASE028.VDF : 7.11.118.29 2048 Bytes 12/6/2013 21:53:45
VBASE029.VDF : 7.11.118.30 2048 Bytes 12/6/2013 21:53:45
VBASE030.VDF : 7.11.118.31 2048 Bytes 12/6/2013 21:53:45
VBASE031.VDF : 7.11.118.68 93184 Bytes 12/6/2013 21:53:46
Engine version : 8.2.12.158
AEVDF.DLL : 8.1.3.4 102774 Bytes 12/6/2013 21:55:21
AESCRIPT.DLL : 8.1.4.172 520574 Bytes 12/6/2013 21:55:21
AESCN.DLL : 8.1.10.4 131446 Bytes 12/6/2013 21:55:19
AESBX.DLL : 8.2.16.26 1245560 Bytes 12/6/2013 21:55:25
AERDL.DLL : 8.2.0.138 704888 Bytes 12/6/2013 21:55:18
AEPACK.DLL : 8.3.3.6 762232 Bytes 12/6/2013 21:55:15
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 12/6/2013 21:55:12
AEHEUR.DLL : 8.1.4.790 6328698 Bytes 12/6/2013 21:55:10
AEHELP.DLL : 8.1.27.10 266618 Bytes 12/6/2013 21:54:10
AEGEN.DLL : 8.1.7.20 446839 Bytes 12/6/2013 21:54:07
AEEXP.DLL : 8.4.1.114 381304 Bytes 12/6/2013 21:55:27
AEEMU.DLL : 8.1.3.2 393587 Bytes 12/6/2013 21:53:55
AECORE.DLL : 8.1.32.2 201081 Bytes 12/6/2013 21:53:51
AEBB.DLL : 8.1.1.4 53619 Bytes 12/6/2013 21:53:50
AVWINLL.DLL : 14.0.1.641 23608 Bytes 12/6/2013 21:36:52
AVPREF.DLL : 14.0.1.641 48696 Bytes 12/6/2013 21:58:19
AVREP.DLL : 14.0.1.641 175672 Bytes 12/6/2013 21:58:22
AVARKT.DLL : 14.0.1.641 257080 Bytes 12/6/2013 21:57:14
AVEVTLOG.DLL : 14.0.1.641 165944 Bytes 12/6/2013 21:57:51
SQLITE3.DLL : 3.7.0.1 394808 Bytes 12/6/2013 22:02:13
AVSMTP.DLL : 14.0.1.641 60472 Bytes 12/6/2013 21:58:34
NETNT.DLL : 14.0.1.641 13368 Bytes 12/6/2013 22:01:35
RCIMAGE.DLL : 14.0.1.641 4788792 Bytes 12/6/2013 21:37:04
RCTEXT.DLL : 14.0.1.641 66616 Bytes 12/6/2013 21:37:04
Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: F:, G:, 
Process scan........................: on
Scan registry.......................: on
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Start of the scan: Saturday, December 07, 2013 12:39
Start scanning boot sectors:
Boot sector 'HDD2(F'
[INFO] No virus was found!
Boot sector 'HDD3(G'
[INFO] No virus was found!
The scan of running processes will be started:
Scan process 'avscan.exe' - '88' Module(s) have been scanned
Scan process 'avscan.exe' - '88' Module(s) have been scanned
Scan process 'avcenter.exe' - '89' Module(s) have been scanned
Scan process 'explorer.exe' - '108' Module(s) have been scanned
Scan process 'recordingmanager.exe' - '62' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '99' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '66' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '48' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'AmazonMP3DownloaderHelper.exe' - '31' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '72' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'wscript.exe' - '71' Module(s) have been scanned
Scan process 'realsched.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'sched.exe' - '39' Module(s) have been scanned
Scan process 'spoolsv.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '647' files ).

Starting the file scan:
Begin scan in 'F:\' <USB2>
Begin scan in 'G:\' <USB2>

End of the scan: Saturday, December 07, 2013 12:42
Used time: 02:35 Minute(s)
The scan has been done completely.
63 Scanned directories
1940 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1940 Files not concerned
11 Archives were scanned
0 Warnings
0 Notes


----------



## dawudbryant (Sep 12, 2013)

the anti virus had run out so i updated as i was told on this site

http://cocodrilabs.wordpress.com/20...es-turned-into-shortcuts-solved/#comment-1135

I followed all of their 5 steps as well as there extra info and it didnt work


----------



## dawudbryant (Sep 12, 2013)

but now i have uninstalled avast and i have AVIRA


----------



## Mark1956 (May 7, 2011)

We need to concentrate on one of the PC's at a time or it will get very confusing. For now, please stick with the PC we were trying to repair. If you have any doubts about the contents of the USB Flash Drive run a Full Format on it to wipe out it's contents.

You didn't answer this question I posted: _When you copied your important data to the external drive could you see and read the file copies. Have those copies just suddenly changed to shortcuts?_

The Avira scan shows no issues and I am still not sure why you think both your PC's and the Flash Drive are all infected. The scan above relates to a Windows XP machine but the thread was started with a Windows 7 PC.

If there was an infection on the USB drive it cannot have spread to the other PC's unless you copied onto the system.

I would suggest running a complete format on the external drive and then making a fresh back up of all your important files and make sure when you copy the files you do not create shortcuts by mistake. Copy a few to start with and then check they are not short cuts and you can open and read the files.

I've never come across a virus that can change files into shortcuts as that would achieve nothing for the author of the infection. The vast majority of infections are designed to steel personal information or hijack browsers to bombard you with adverts.


----------



## dawudbryant (Sep 12, 2013)

Yes, the files all of a sudden are short cuts

The scan was from my laptop, my mistake. 

I dont know how to format things. I have taken things off my usb and put them onto my pc, so could this have spread this problem?


----------



## dawudbryant (Sep 12, 2013)

my wifes usb went first. She had word documents and video files etc. Then all of a sudden the video files were word files and other files changed too. They were all short cuts. When we open it they first say you cant open them but then seconds later it opens the files in a new tab/pop up


----------



## Mark1956 (May 7, 2011)

With Windows Explorer open you can right click on any drive and select Format, uncheck the Quick Format box so it will perform a full format, this will clean off all data. But, before you do that lets just see if you can find the infected file, if there is one on the Flash Drive then we will know what we are looking for.

When you make a reference to usb please tell me what usb device you are referring to, the Flash Drive or the External Hard Drive.

Plug the USB Flash Drive into the PC, open Windows Explorer and click on the Flash Drive so it shows its contents.

Click on Organize and select *Folder and Search Options*.
Click next to *Show Hidden Files, Folders and Drives* so the circle turns blue.
Just below that uncheck the box next to *Hide Extensions for known file types* and *Hide protected operating system files (recommended)*.
Click on *Apply* and then *OK*.

Now look down the list of the contents for any file ending with .exe, if there is an infection there it should be fairly obvious, make a careful note of the infection name (the exact spelling is critical) and let me know so we can search your system for it. Right click on the file and delete it.


----------



## dawudbryant (Sep 12, 2013)

i mean two of my flash drives are messed up doing the shortcut file thing


----------



## dawudbryant (Sep 12, 2013)

there are two showing .exe at the end, but one of those has only been put on recently, after the problem was already there. I need to do this same thing on my wifes usb which I will do in a bit once she comes home.

the .exe file names are as follows

mbam-setup1.75.0.1300.exe

and

setup_broken_sword_5_episode_1_2.0.0.3.exe


----------



## dawudbryant (Sep 12, 2013)

my usb flash drive has two files, a (f and a (g. On the (f drive file it has a file called tovhfhfiei.vbs
This is the name of the file some other guy said is the problem. The ppl who have the same problem as me all have this file on their flash drive


----------



## dawudbryant (Sep 12, 2013)

actually, just seen that the tovhfhfiei.vbs file is on my (g file on my flash drive too, so on both files


----------



## dawudbryant (Sep 12, 2013)

Ive now deleted those two .exe files as u said, whether or not they will stay deleted I don't know.

I havent touched the .vbs files


----------



## Mark1956 (May 7, 2011)

Seems like it was a .vbs file that we were after and not an .exe file.

We should now do a search on the PC to see if the bad file exists on it, you can run this on both the PC's to find its location. Please check the spelling of the .vbs file you found as it is giving zero results on Google. If the spelling you gave above is wrong then please edit the spelling in the script below, one letter incorrect and this won't work.

Once you have checked the spelling it would be wise to format both of the Flash Drives to make sure it cannot spread any further.

Please post the logs from both PC's, we will then run another tool to remove the file/s.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (32-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
tovhfhfiei.vbs
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## dawudbryant (Sep 12, 2013)

the file name is tovhfhfiei.vbs


----------



## dawudbryant (Sep 12, 2013)

i dont mind clearing off my usb flashdrive but my wifes flashdrive has alot of her work on that she needs. When I try to send my wifes files to the pc to save them it wont let me complete it. Any chance I dont need to delete them


----------



## dawudbryant (Sep 12, 2013)

also, should i try to delete the .vbs file?


----------



## Mark1956 (May 7, 2011)

Delete the .vbs file and see how it goes.


----------



## dawudbryant (Sep 12, 2013)

here is the log for the laptop

SystemLook 30.07.11 by jpshortstuff
Log created at 15:35 on 08/12/2013 by user
Administrator - Elevation successful
========== filefind ==========
Searching for "tovhfhfiei.vbs"
C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs --ahs-- 77339 bytes [06:56 30/11/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs --ahs-- 77339 bytes [06:56 30/11/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
-= EOF =-

as the internet doesnt work on my pc I will need to put the systemlook onto my affected usb and put it onto the pc to do that scan for you


----------



## dawudbryant (Sep 12, 2013)

i have just looked at my wifes usb flash drive and I found the following file

ariewmdgyz

and ariewmdgyz.vbs

dmnpwnxety

jyltmybeq

jyltmybeq.vbs

ldlinux

ldlinux.sys

mtfrpodznu

mtfrpodznu.vbs

odhmctqsit

odhmctqsit.vbs

oldzvawkdi

oldzvawkdi.vbs

oldzvawkdi..vbs

qjnnpamvii

qjnnpamvii..vbs

setup_broken_sword_5_episode_1_2.0.0.3.exe

tovhfhfiei

tovhfhfiei.vbs

yblaftwdpp

yblaftwdpp.vbs


----------



## dawudbryant (Sep 12, 2013)

Should I just do the format thing, my wife said I can delete everything off of her usb flashdrive now. It usually comes straight back


----------



## dawudbryant (Sep 12, 2013)

i clicked on the files on my wifes usb to delete them. After some had deleted it said wscript.exe corrupt file. Im gonna do the scan on the pc now


----------



## dawudbryant (Sep 12, 2013)

on my wifes usb some files wont delete


----------



## dawudbryant (Sep 12, 2013)

and the tovhfhfiei.vbs file wont delete from my usb flashdrive both (f and (g


----------



## dawudbryant (Sep 12, 2013)

i copied system look to my usb and straight away it created a shortcut for it too, also, it doesnt show the vbs files


----------



## dawudbryant (Sep 12, 2013)

when i put the systemlook on to my pc's desktop then try to open it, it comes up saying

windows cannot find 'tovhfhfiei.vbs'. Make sure you typed the name correctly, and then try again.


----------



## dawudbryant (Sep 12, 2013)

that mustve been the shortcut i tried to open, so as someone told me before, thats the fake file, when i opened the .exe file it opened fine,


----------



## dawudbryant (Sep 12, 2013)

heres the log from the pc looking for the tovhfhfiei.vbs file

SystemLook 30.07.11 by jpshortstuff
Log created at 16:32 on 08/12/2013 by Dawud and Saarah
Administrator - Elevation successful
========== filefind ==========
Searching for "tovhfhfiei.vbs"
C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs --ahs-- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs --ahs-- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
-= EOF =-


----------



## Mark1956 (May 7, 2011)

I've got confused, the SystemLook report you posted above has an earlier time than the one you posted on the previous page of this thread, note the entry in bold and compare it to the one above. Are the times on your laptop and desktop showing the same?

SystemLook 30.07.11 by jpshortstuff
*Log created at 15:35 on 08/12/2013 by user*
Administrator - Elevation successful
========== filefind ==========
Searching for "tovhfhfiei.vbs"
C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs --ahs-- 77339 bytes [06:56 30/11/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs --ahs-- 77339 bytes [06:56 30/11/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
-= EOF =-

As your wife is happy to delete everything on her flash drive then run a format on it, that should delete everything. Do the same on the second flash drive and stop using them for the moment.

I ran checks on all the file names on your wife's flash drive and none of those files gave a result on Google apart from one that led back here to your earlier logs from FRST see the file in bold:
The only file that gave a positive result was this one *ldlinux.sys* which is a linux boot file.

HKCU\...\Run: [oldzvawkdi] - wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\*oldzvawkdi..vbs*"

As that suspicious file was missed in the clean up of the ZeroAccess infection I suspect that could have something to do with this present problem.

From this point on we need to stick with the PC you started the thread with and just to clear up any possible confusion at my end and to save me going back over the thread tell me if that machine is the desktop or laptop. Don't do anything that I have not asked you to do in order to avoid re-infection. Also keep the external hard drive disconnected.

Proceed as follows:

Run a Full Format on both Flash Drives, you need them to be plugged in one at a time, open windows explorer and right click on the drive in the left window, then select Format from the pop up menu, uncheck Quick Format and let it run to completion, it may take a while depending on the size of the drive. When done open the drive to check it is completely empty. If any files remain post their names and wait for further instructions.

If the flash drives appear empty continue to use just one of them to transfer logs. Next step, run FRST on the original machine, when the window opens check the box next to Addition.txt, run it and post both the logs produced. I can then do a search and provide removal instructions to clean out any suspicious files.

Once we have that cleaned up we can do the same for the other PC.

Please refer to your PC's as the laptop or desktop so I know for sure which you are talking about. PC is a generic name for personal computer so it doesn't tell me which machine you are referring to.


----------



## dawudbryant (Sep 12, 2013)

my laptop and pc times arent the same, i havent sorted out the clock yet


----------



## dawudbryant (Sep 12, 2013)

the thread was created about the pc, which is the one I removed trend from resulting in the internet no longer working.


----------



## dawudbryant (Sep 12, 2013)

ive formatted my wifes usb flash drive. It still has the tovhfhfiei.vbs file


----------



## dawudbryant (Sep 12, 2013)

im doing the formatting of my flash drives on my desktop and not on my laptop.


----------



## dawudbryant (Sep 12, 2013)

The tovhfhfiei.vbs file hasnt been deleted on my usb flashdrive either


----------



## dawudbryant (Sep 12, 2013)

should i still run FRST or wait until the usb flashdrives are sorted?


----------



## dawudbryant (Sep 12, 2013)

btw the same thing happened on my phone, it made them all short cuts.


----------



## Mark1956 (May 7, 2011)

> my laptop and pc times arent the same, i havent sorted out the clock yet


You are still referring to your desktop as a PC and the laptop as a laptop, they are both PC's (personal computers). To keep it simple please refer to the desktop as desktop and likewise with the laptop.

Before doing anything else stop AutoPlay from running so it does not run the infection on the Flash Drive, for Windows 7, (your desktop): Click on Start, Control Panel, AutoPlay. At the top of the window untick the box next to 'Use AutoPlay for all media devices' then click on the Save button and close all the windows. The XP machine has AutoPlay disabled by default so unless you have setup AutoPlay it shouldn't need to be changed.

I will look for a reliable tool to wipe the flash drives.

Please run the FRST scan on the desktop and post the logs, once we have that cleaned you should be able to go ahead with the Repair Install, then get the external hard drive cleaned.


----------



## dawudbryant (Sep 12, 2013)

ok, I meant both the desktop and laptop have two different times on them, as I live abroad the laptop which I use often is set to qatar time while the desktop is still set to uk time I think


----------



## dawudbryant (Sep 12, 2013)

Heres the log for the desktop scan

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01 (ATTENTION: ====> FRST version is 47 days old and could be outdated)
Ran by Dawud and Saarah (administrator) on DAWUDANDSAARAH on 09-12-2013 06:24:09
Running from C:\Users\Dawud and Saarah\Downloads
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk [1330 2011-10-09] ()
HKLM\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk [2207 2011-10-09] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [oldzvawkdi] - wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs"
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b
HKCU\...\Run: [tovhfhfiei] - C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs [77339 2013-11-27] ()
AppInit_DLLs: [ ] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: (No Name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm005YYgb&ptb=7FCE20C7-E1E6-4C10-888F-AC194550067E&psa=&ind=2012011210&ptnrS=YRxdm005YYgb&si=CN3S8-jiyq0CFVGKfAodNA8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKCU - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = 
SearchScopes: HKCU - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm005YYgb&ptb=7FCE20C7-E1E6-4C10-888F-AC194550067E&psa=&ind=2012011210&ptnrS=YRxdm005YYgb&si=CN3S8-jiyq0CFVGKfAodNA8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D2416C90-7C43-4832-AD2F-54BDCFC42716} URL = http://search.avg.com/?d=4e445065&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll (MindSpark)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @OurBabyMaker_27.com/Plugin - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [[email protected]_27.com] - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF Extension: OurBabymaker - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{A4E1CE0F-E864-4502-9E27-784BBE8F276D}] - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF Extension: XULRunner - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF HKCU\...\Firefox\Extensions: [{DDEC7074-F53C-11E1-8270-B8AC6F996F26}] - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Search Results) - http://www.google.com
CHR DefaultSuggestURL: (Search Results) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (YouTube) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Torch Share) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3158_0
CHR Extension: (Skype Click to Call) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Dawud and Saarah\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 OurBabyMaker_27Service; C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe [42504 2012-01-12] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S3 arusb_lh; C:\Windows\System32\DRIVERS\arusb_lh.sys [407040 2007-11-13] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-28] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-08 16:32 - 2013-12-08 16:35 - 00001108 _____ C:\Users\Dawud and Saarah\Desktop\SystemLook.txt
2013-12-08 16:32 - 2013-12-08 15:34 - 00139264 ___SH C:\Users\Dawud and Saarah\Desktop\SystemLook.exe
2013-12-05 23:08 - 2013-12-05 23:08 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Broken Sword 5
2013-12-05 22:52 - 2013-12-05 22:52 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00000000 ____D C:\Program Files\OpenAL
2013-12-05 22:25 - 2013-11-27 12:43 - 00077339 ___SH C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs
2013-12-02 15:27 - 2013-12-02 15:28 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Wedding Pics. & Others (Dawud Only)
2013-12-02 15:22 - 2013-12-08 20:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\CrashDumps
2013-12-02 15:19 - 2013-12-02 15:19 - 00000670 _____ C:\Users\Dawud and Saarah\Desktop\Service repair - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000641 _____ C:\Users\Dawud and Saarah\Desktop\RogueKiller - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000620 _____ C:\Users\Dawud and Saarah\Desktop\CleanWDF - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000595 _____ C:\Users\Dawud and Saarah\Desktop\rkill - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\TFC - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\FSS - Shortcut.lnk
2013-11-27 10:57 - 2013-11-27 10:58 - 00145920 _____ C:\Windows\Minidump\112713-24226-01.dmp
2013-11-23 17:20 - 2013-11-23 17:20 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\Week 10
2013-11-23 10:48 - 2013-11-23 10:48 - 00489472 _____ C:\Users\Dawud and Saarah\Desktop\comparatives_er_est.ppt
2013-11-23 10:38 - 2013-11-23 10:39 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\English Week 9
2013-11-16 15:53 - 2013-11-16 17:15 - 02146451 _____ C:\Users\Dawud and Saarah\Desktop\English Term 1 Week 9.rar
2013-11-15 09:44 - 2013-11-15 09:47 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\New folder
2013-11-13 14:30 - 2013-11-13 14:00 - 00360775 _____ (Farbar) C:\Users\Dawud and Saarah\Desktop\FSS.exe
2013-11-12 10:24 - 2013-11-12 09:47 - 00039658 _____ C:\Users\Dawud and Saarah\Desktop\Service repair.zip
2013-11-11 07:09 - 2013-11-11 07:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 07:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-11 06:57 - 2013-11-11 07:01 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\RK_Quarantine
2013-11-10 22:18 - 2013-12-07 12:40 - 00006882 _____ C:\Windows\PFRO.log
2013-11-10 22:14 - 2013-11-10 22:15 - 03847400 _____ C:\Users\Dawud and Saarah\Downloads\32bit.exe
2013-11-10 21:59 - 2013-11-10 22:04 - 14545288 _____ (Trend Micro Inc. ) C:\Users\Dawud and Saarah\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-11-10 21:36 - 2013-11-11 06:07 - 00158616 _____ C:\TMPatch.log

==================== One Month Modified Files and Folders =======

2013-12-09 06:23 - 2012-07-27 19:00 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Skype
2013-12-09 06:12 - 2010-09-22 22:30 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-09 06:11 - 2013-02-07 06:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 06:11 - 2010-09-22 22:30 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-08 21:16 - 2012-02-07 20:02 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\vlc
2013-12-08 20:09 - 2013-12-02 15:22 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\CrashDumps
2013-12-08 19:47 - 2011-02-20 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-12-08 16:35 - 2013-12-08 16:32 - 00001108 _____ C:\Users\Dawud and Saarah\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 16:32 - 00139264 ___SH C:\Users\Dawud and Saarah\Desktop\SystemLook.exe
2013-12-07 14:42 - 2012-09-27 14:09 - 00033054 _____ C:\Windows\setupact.log
2013-12-07 12:53 - 2009-07-14 07:55 - 02085738 _____ C:\Windows\WindowsUpdate.log
2013-12-07 12:47 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 12:47 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 12:42 - 2010-03-01 19:28 - 00000000 ____D C:\ProgramData\Sonic
2013-12-07 12:41 - 2010-10-11 21:59 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox
2013-12-07 12:40 - 2013-11-10 22:18 - 00006882 _____ C:\Windows\PFRO.log
2013-12-07 12:40 - 2013-05-31 19:49 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-07 12:40 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 23:08 - 2013-12-05 23:08 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Broken Sword 5
2013-12-05 22:52 - 2013-12-05 22:52 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00000000 ____D C:\Program Files\OpenAL
2013-12-02 15:28 - 2013-12-02 15:27 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Wedding Pics. & Others (Dawud Only)
2013-12-02 15:19 - 2013-12-02 15:19 - 00000670 _____ C:\Users\Dawud and Saarah\Desktop\Service repair - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000641 _____ C:\Users\Dawud and Saarah\Desktop\RogueKiller - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000620 _____ C:\Users\Dawud and Saarah\Desktop\CleanWDF - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000595 _____ C:\Users\Dawud and Saarah\Desktop\rkill - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\TFC - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\FSS - Shortcut.lnk
2013-12-01 19:36 - 2013-01-26 10:03 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\dvdcss
2013-11-27 12:43 - 2013-12-05 22:25 - 00077339 ___SH C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs
2013-11-27 10:58 - 2013-11-27 10:57 - 00145920 _____ C:\Windows\Minidump\112713-24226-01.dmp
2013-11-27 10:57 - 2012-10-10 13:29 - 104947566 _____ C:\Windows\MEMORY.DMP
2013-11-27 10:57 - 2010-10-05 20:37 - 00000000 ____D C:\Windows\Minidump
2013-11-23 17:20 - 2013-11-23 17:20 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\Week 10
2013-11-23 10:48 - 2013-11-23 10:48 - 00489472 _____ C:\Users\Dawud and Saarah\Desktop\comparatives_er_est.ppt
2013-11-23 10:39 - 2013-11-23 10:38 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\English Week 9
2013-11-23 10:39 - 2010-08-11 01:49 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\games
2013-11-16 17:15 - 2013-11-16 15:53 - 02146451 _____ C:\Users\Dawud and Saarah\Desktop\English Term 1 Week 9.rar
2013-11-15 09:47 - 2013-11-15 09:44 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\New folder
2013-11-15 09:45 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 14:00 - 2013-11-13 14:30 - 00360775 _____ (Farbar) C:\Users\Dawud and Saarah\Desktop\FSS.exe
2013-11-12 09:47 - 2013-11-12 10:24 - 00039658 _____ C:\Users\Dawud and Saarah\Desktop\Service repair.zip
2013-11-11 07:09 - 2013-11-11 07:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 07:01 - 2013-11-11 06:57 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\RK_Quarantine
2013-11-11 06:07 - 2013-11-10 21:36 - 00158616 _____ C:\TMPatch.log
2013-11-10 22:15 - 2013-11-10 22:14 - 03847400 _____ C:\Users\Dawud and Saarah\Downloads\32bit.exe
2013-11-10 22:15 - 2010-03-01 19:28 - 00000000 ____D C:\ProgramData\Trend Micro
2013-11-10 22:04 - 2013-11-10 21:59 - 14545288 _____ (Trend Micro Inc. ) C:\Users\Dawud and Saarah\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-11-10 21:29 - 2010-04-06 00:30 - 00000000 ____D C:\Users\Dawud and Saarah

Some content of TEMP:
====================
C:\Users\Dawud and Saarah\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 01:47

==================== End Of Log ============================


----------



## dawudbryant (Sep 12, 2013)

i cant do that autoplay thing on my laptop, it doesnt have that option in the control panel


----------



## dawudbryant (Sep 12, 2013)

I also forgot to say that I bought some dvd rw to do that iso image thing u told me about


----------



## Mark1956 (May 7, 2011)

The instructions I gave to turn off AutoPlay were for WIndows 7 and included a note about the XP laptop.



> Before doing anything else stop AutoPlay from running so it does not run the infection on the Flash Drive, *for Windows 7*, (your desktop): Click on Start, Control Panel, AutoPlay. At the top of the window untick the box next to 'Use AutoPlay for all media devices' then click on the Save button and close all the windows. *The XP machine has AutoPlay disabled by default so unless you have setup AutoPlay it shouldn't need to be changed.*


Did you find the setting on the desktop PC?

I'd like you to download this program and install it on the laptop only, to make sure it is going to wipe the flash drives Roadkil's Disk Wipe, select the correct version of Windows in the box, click on the download button and save to your desktop.

Unzip the file and run it with either of the infected Flash Drives plugged in, select the flash drive and click on Erase, it may take a long time depending on the size of the drive. Check the flash drive when done and let me know if it has wiped out all the files. We need to make sure this works before going any further to stop any chance of passing the infection back to the PC's as we progress with the clean up.

Don't do anything with creating the Windows 7 DVD until we are sure everything has been cleaned.


----------



## dawudbryant (Sep 12, 2013)

i have disabled autoplay on the pc


----------



## Mark1956 (May 7, 2011)

Ok, check out the RoadKil program on the laptop and let me know if it clears the infection off either of the flash drives.

If it works, wipe the other one as well.


----------



## dawudbryant (Sep 12, 2013)

the problem is, on my laptop it shows the flash drives to be blank but on y desktop it shows the one file left.

Also, during the scan, it popped up saying...the wrong volume is in the drive. Please insert volume into drive E:


----------



## dawudbryant (Sep 12, 2013)

it didnt clear my (g on my flashdrive, it still is showing the word document of the log i sent u earlier


----------



## dawudbryant (Sep 12, 2013)

i mean the shortcut of the word document


----------



## dawudbryant (Sep 12, 2013)

i tried to manually delete the shortcut but it then came up saying u need to format it, yet i have already done this, so I re formatted it and am now using the disk wipe again


----------



## dawudbryant (Sep 12, 2013)

it seems to of done it now, ill try again on my wifes flashdrive


----------



## Mark1956 (May 7, 2011)

> Also, during the scan, it popped up saying...the wrong volume is in the drive. Please insert volume into drive E:


 Yup, it did the same on my PC when I tried it out so probably a small bug in the program causing the pop up when it is searching for all the connected drives. I just kept clicking on Cancel and the main window eventually appeared.

As your flash drive has two partitions you need to run the Erase on both of them.

Sounds like you are making progress erasing the flash drives. Once done I think we need to change direction and get the laptop clean first. As that has internet connection the flash drives won't need to be used until we start back on the desktop. This should eliminate the risk of re-infecting the flash drives from the laptop.

ALL instructions from this point will be for the laptop unless I state otherwise. Once you are happy the flash drives are clean do not plug them in to either of the PC's.

Find FRST on your laptop, right click on it and select Delete. Then download a fresh copy as the program may have received an update, save it to the desktop and run it, post both the logs produced.


----------



## dawudbryant (Sep 12, 2013)

ive done both flash drives, but the only way i can check if they are fully cleared is if i put them into my desktop, is that ok


----------



## dawudbryant (Sep 12, 2013)

ok, ill look for that


----------



## dawudbryant (Sep 12, 2013)

cant find it, ill have to download it


----------



## dawudbryant (Sep 12, 2013)

i cant find a link, do you have one?


----------



## dawudbryant (Sep 12, 2013)

the only way ill know if the flash drives are 100% clear is if i plug them into the desktop as thats the one that showed the vbs files


----------



## Mark1956 (May 7, 2011)

The link for FRST was earlier in the thread, to save you looking here it is again with the instructions.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.

If the flash drives appear empty on the laptop they should be ok, plugging them back into the desktop might reinfect them so its up to you if you want to take that chance and have to wipe them again.


----------



## dawudbryant (Sep 12, 2013)

thanks


----------



## Mark1956 (May 7, 2011)

You're welcome, post the logs when ready.


----------



## dawudbryant (Sep 12, 2013)

heres the first log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by user (administrator) on COMPUTER_1 on 09-12-2013 20:03:01
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wscript.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
() C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\alg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\msdtc.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TkBellExe] - C:\Program Files\real\realplayer\Update\realsched.exe [295072 2013-03-05] (RealNetworks, Inc.)
HKLM\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-07-11] (Google Inc.)
HKU\Guest\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-17] (Microsoft Corporation)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2289C1EC-B6EE-4B74-83C7-F63FCA11993D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10675
SearchScopes: HKCU - {D89485F7-86F9-4609-9BA4-B2503D067007} URL = http://search.us.com/serp?guid={A2C...&action=default_search&serpv=5&k={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.0\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: artur.dubovoy - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: firefox - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: hdvc3 - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS.0\system32\npDeployJava1.dll No File
CHR Extension: (Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (HDvid Codec 3) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo\3.0_0
CHR Extension: (avast! WebRep) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (RealDownloader) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-12-07] (Avira Operations GmbH & Co. KG)
S3 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
R3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [246272 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
R3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS.0\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\Windows\System32\Drivers\abp480n5.sys [23552 2001-08-18] (Microsoft Corporation)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2009-03-16] (Creative)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1391104 2009-01-07] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [14248 2008-11-05] (Windows (R) Codename Longhorn DDK provider)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2009-03-16] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [x]
R3 HpqKbFiltr; system32\DRIVERS\HpqKbFiltr.sys [x]
R3 RTSTOR; system32\drivers\RTSTOR.SYS [x]
R1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]
S3 usbaudio; system32\drivers\usbaudio.sys [x]
S3 usbscan; system32\DRIVERS\usbscan.sys [x]
U1 WS2IFSL; 
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-09 20:03 - 2013-12-09 20:03 - 00018702 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-09 20:02 - 2013-12-09 20:02 - 00000000 ____D C:\FRST
2013-12-09 20:00 - 2013-12-09 20:00 - 01060641 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-09 14:59 - 2013-12-09 15:00 - 00048290 _____ C:\Documents and Settings\user\Desktop\diskwipe.zip
2013-12-09 11:59 - 2013-12-09 12:11 - 22762773 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [22] English Subbed.flv
2013-12-09 11:58 - 2013-12-09 12:09 - 21567526 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [12] English Subbed.flv
2013-12-09 11:57 - 2013-12-09 12:08 - 23607319 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [22] English Subbed.flv
2013-12-09 11:56 - 2013-12-09 12:07 - 22696010 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [12] English Subbed.flv
2013-12-09 11:54 - 2013-12-09 12:07 - 22570134 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [22] English Subbed.flv
2013-12-09 11:51 - 2013-12-09 12:04 - 23816813 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [12] English Subbed.flv
2013-12-09 11:35 - 2013-12-09 11:44 - 23364256 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [12] English Subbed.flv
2013-12-09 11:35 - 2013-12-09 11:43 - 19935258 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [22] English Subbed.flv
2013-12-09 11:34 - 2013-12-09 11:42 - 23228214 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [22] English Subbed.flv
2013-12-09 11:27 - 2013-12-09 11:36 - 26414698 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [12] English Subbed.flv
2013-12-09 09:08 - 2013-12-09 09:28 - 27687077 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [22] English Subbed.flv
2013-12-09 09:08 - 2013-12-09 09:26 - 25098463 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [12] English Subbed.flv
2013-12-09 08:46 - 2013-12-09 08:46 - 00000000 ____D C:\Documents and Settings\user\.swt
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Vuze.lnk
2013-12-09 08:43 - 2013-12-09 20:01 - 00000000 ____D C:\Documents and Settings\user\Application Data\Azureus
2013-12-09 08:43 - 2013-12-09 08:44 - 00000000 ____D C:\Program Files\Vuze
2013-12-09 08:43 - 2013-12-09 08:43 - 00000000 _____ C:\END
2013-12-09 08:39 - 2013-12-09 08:48 - 23573062 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [12] English Subbed.flv
2013-12-09 08:39 - 2013-12-09 08:48 - 23192056 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [22] English Subbed.flv
2013-12-09 08:32 - 2013-12-09 08:32 - 00071808 _____ (Azureus Software, Inc.) C:\Documents and Settings\user\My Documents\VuzeBittorrentClientInstaller.exe
2013-12-09 08:23 - 2013-12-09 08:32 - 24959547 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [22] English Subbed.flv
2013-12-09 08:23 - 2013-12-09 08:31 - 23530571 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [12] English Subbed.flv
2013-12-09 08:10 - 2013-12-09 08:17 - 25507209 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [22] English Subbed.flv
2013-12-09 08:06 - 2013-12-09 08:14 - 27093737 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [12] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 08:08 - 28046653 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [22] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 08:05 - 21091991 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [12] English Subbed.flv
2013-12-09 07:50 - 2013-12-09 07:58 - 23303232 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [22] English Subbed.flv
2013-12-09 07:49 - 2013-12-09 07:57 - 24342219 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [12] English Subbed.flv
2013-12-09 05:34 - 2013-12-09 05:35 - 59674350 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 4.mp4
2013-12-08 22:47 - 2013-12-08 22:47 - 75200917 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 1.mp4
2013-12-08 22:45 - 2013-12-08 22:45 - 75192823 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 3.mp4
2013-12-08 22:44 - 2013-12-08 22:44 - 75023592 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 2.mp4
2013-12-08 22:26 - 2013-12-08 22:26 - 51267501 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 5.mp4
2013-12-08 22:05 - 2013-12-08 23:21 - 220780616 _____ C:\Documents and Settings\user\My Documents\The Prince Reigns On (Naseem Hamed Documentary).flv
2013-12-08 21:52 - 2013-12-08 22:02 - 16276428 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 6.flv
2013-12-08 21:43 - 2013-12-08 21:46 - 08031330 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed body-slams Cesar Soto.flv
2013-12-08 21:40 - 2013-12-08 21:48 - 21321580 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed Vs Juan Gerardo Cabrera (ENTRANCE & FULL FIGHT).flv
2013-12-08 17:20 - 2013-12-08 18:22 - 333570783 _____ C:\Documents and Settings\user\My Documents\Armour of God (Jackie Chan Dub).flv
2013-12-08 17:20 - 2013-12-08 17:23 - 347745474 _____ C:\Documents and Settings\user\My Documents\2013.12.07.Guillermo.Rigondeaux.vs.Joseph.Agbeko.HBO.mp4
2013-12-08 16:40 - 2013-12-08 16:40 - 17158430 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Joseph Agbeko Post-Fight Interview.mp4
2013-12-08 15:35 - 2013-12-08 15:38 - 00001038 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 15:34 - 00139264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-08 15:32 - 2013-12-08 15:33 - 227173530 _____ C:\Documents and Settings\user\My Documents\2013.12.07.James.Kirkland.vs.Glen.Tapia.HBO.mp4
2013-12-08 15:28 - 2013-12-08 15:29 - 199106183 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Chris John vs Simpiwe Vetyeka.mp4
2013-12-08 15:12 - 2013-12-08 15:14 - 122359325 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Darren Barker vs Felix Sturm.mp4
2013-12-07 18:06 - 2013-12-07 18:11 - 534102647 _____ C:\Documents and Settings\user\My Documents\Alpha Papa (2013).flv
2013-12-07 15:42 - 2013-12-07 15:50 - 333674931 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Bradley Skeete vs Colin Lynes.mp4
2013-12-07 15:34 - 2013-12-07 15:40 - 287045765 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Krzysztof Wlodarczyk vs Giacobbe Fragomeni III.mp4
2013-12-07 12:49 - 2013-12-07 15:20 - 00000000 ____D C:\WINDOWS.0\system32\NtmsData
2013-12-07 10:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\user\Application Data\Avira
2013-12-07 01:07 - 2013-12-07 01:07 - 00001709 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira Control Center.lnk
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Program Files\Avira
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2013-12-07 01:06 - 2013-12-07 01:03 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avipbb.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avgntflt.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avkmgr.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00028520 _____ (Avira GmbH) C:\WINDOWS.0\system32\Drivers\ssmdrv.sys
2013-12-07 01:05 - 2013-12-07 01:05 - 00000000 ____D C:\Documents and Settings\user\My Documents\Avira
2013-12-07 00:36 - 2013-12-07 00:36 - 02294160 _____ C:\Documents and Settings\user\Desktop\avira_free_antivirus.exe
2013-12-05 14:10 - 2013-12-05 14:10 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-12-05 11:27 - 2013-12-05 11:27 - 00000000 ____D C:\Program Files\OpenAL
2013-12-05 01:27 - 2013-12-05 21:22 - 00000000 ____D C:\GOG Games
2013-12-04 17:34 - 2013-12-04 17:38 - 302552601 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis vs Frank Bruno.mp4
2013-12-04 17:27 - 2013-12-04 17:27 - 206268753 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis - Michael Grant. 2000-04-29.mp4
2013-12-04 13:49 - 2013-12-04 13:49 - 00003711 _____ C:\Documents and Settings\user\Application Data\DMZ.vbs
2013-12-02 17:04 - 2013-12-02 17:04 - 22828005 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed Highlights (by GP).mp4
2013-12-02 15:19 - 2013-12-02 15:19 - 00000479 _____ C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000467 _____ C:\Documents and Settings\user\My Documents\Image007 (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000455 _____ C:\Documents and Settings\user\My Documents\Image007.lnk
2013-12-02 11:45 - 2013-12-02 11:48 - 336175903 _____ C:\Documents and Settings\user\My Documents\â˜¯ The Art of Action, Martial Arts in the Movies (Full Documentary) â˜¯.mp4
2013-12-02 07:07 - 2013-12-02 07:07 - 28304396 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt2.mp4
2013-12-02 07:06 - 2013-12-02 07:07 - 25371963 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt1.mp4
2013-12-02 06:50 - 2013-12-02 06:50 - 21223730 _____ C:\Documents and Settings\user\My Documents\GEOFF THOMPSON PASSENGERS.mp4
2013-12-02 06:34 - 2013-12-02 06:35 - 04124631 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson on getting hurt in a street fight.mp4
2013-12-01 13:07 - 2013-12-01 13:09 - 262243540 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson - Fear, My Friend _ London Real.mp4
2013-12-01 11:53 - 2013-12-01 11:58 - 10920534 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson.wmv
2013-12-01 11:39 - 2013-12-01 12:01 - 00217088 _____ C:\Documents and Settings\user\My Documents\Thompson.MSWMM
2013-12-01 11:33 - 2013-12-01 12:01 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-12-01 11:27 - 2013-12-01 11:28 - 66487343 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson The best Martial Arts instructor on the planet.mpg
2013-12-01 10:13 - 2013-12-01 10:15 - 252072230 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Adonis Stevenson vs Tony Bellew.mp4
2013-12-01 09:18 - 2013-12-01 09:19 - 131224639 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Sergey Kovalev vs Ismayl Sillakh.mp4
2013-12-01 08:52 - 2012-12-27 18:46 - 600507683 _____ C:\Documents and Settings\user\My Documents\Martial Arts the real story episode 2.mpg
2013-12-01 07:04 - 2013-12-01 07:07 - 12362400 _____ C:\Documents and Settings\user\My Documents\Mike Tyson makes a little boy cry at Nuke the Fridge Con 2011 (HD).mp4
2013-12-01 06:33 - 2013-12-01 06:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaws.exe
2013-12-01 06:33 - 2013-12-01 06:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javacpl.cpl
2013-12-01 06:32 - 2013-12-01 06:33 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
2013-12-01 06:32 - 2013-12-01 06:31 - 00175016 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaw.exe
2013-12-01 06:32 - 2013-12-01 06:31 - 00174504 _____ (Oracle Corporation) C:\WINDOWS.0\system32\java.exe
2013-12-01 06:32 - 2013-12-01 06:31 - 00094632 _____ (Oracle Corporation) C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-12-01 06:16 - 2013-12-01 06:16 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\user\Desktop\jxpiinstall.exe
2013-11-30 11:25 - 2013-11-30 11:25 - 27768873 _____ C:\Documents and Settings\user\My Documents\Oedipus.mp4
2013-11-30 11:23 - 2013-11-30 11:23 - 25327010 _____ C:\Documents and Settings\user\My Documents\Mythologique.mp4
2013-11-30 10:19 - 2013-11-30 10:18 - 00241220 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 11.rar
2013-11-30 09:56 - 2013-11-27 12:43 - 00077339 ___SH C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs
2013-11-28 21:17 - 2013-11-28 22:53 - 00000000 ____D C:\Documents and Settings\user\Application Data\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:12 - 00000742 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Broken Sword 2.5.lnk
2013-11-28 21:12 - 2013-11-28 21:12 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Broken Sword 2.5
2013-11-28 21:02 - 2013-11-28 21:12 - 00000000 ____D C:\Program Files\Broken Sword 2.5
2013-11-28 17:38 - 2013-11-28 17:38 - 15863306 _____ C:\Documents and Settings\user\My Documents\Conor Mcgregor Leading the Irish Invasion in MMA.mp4
2013-11-28 13:36 - 2013-11-28 13:36 - 11138079 _____ C:\Documents and Settings\user\My Documents\FLOYD MAYWEATHER JR. DANCING WITH THE JUMP ROPE.mp4
2013-11-28 12:03 - 2013-11-28 12:03 - 11954764 _____ C:\Documents and Settings\user\My Documents\NSYNC- Tearin' Up My Heart (The View).mp4
2013-11-28 11:59 - 2013-11-28 11:59 - 15069565 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin' Up My Heart.mp4
2013-11-28 11:56 - 2013-11-28 11:56 - 16293397 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin Up My Heart (Live MTV TRL 1998.).mp4
2013-11-28 11:54 - 2013-11-28 11:54 - 19781199 _____ C:\Documents and Settings\user\My Documents\N Sync perform Tearin' Up My Heart on 5's Company.mp4
2013-11-28 11:51 - 2013-11-28 11:51 - 14261218 _____ C:\Documents and Settings\user\My Documents\N_Sync - Tearin' Up My Heart (Fashionably Loud - 1999).mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 17150218 _____ C:\Documents and Settings\user\My Documents\'N Sync_ Bye Bye Bye-- Gloria Estefan's Caribbean Soul_ The Atlantis Concert.mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 16232428 _____ C:\Documents and Settings\user\My Documents\'N SYNC-BYE BYE BYE 2000 live.mp4
2013-11-27 22:27 - 2013-11-27 22:31 - 320287231 _____ C:\Documents and Settings\user\My Documents\2013-11-27 Anthony Mundine vs Shane Mosley.mp4
2013-11-24 09:03 - 2013-11-24 09:03 - 00020314 _____ C:\Documents and Settings\user\Desktop\hs_err_pid4312.log
2013-11-23 17:08 - 2013-11-23 17:08 - 02218261 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 10.rar
2013-11-23 17:05 - 2013-11-23 10:48 - 00489472 _____ C:\Documents and Settings\user\Desktop\comparatives_er_est.ppt
2013-11-23 14:05 - 2013-11-23 15:09 - 01792957 _____ C:\Documents and Settings\user\Desktop\In my magic box....pptx
2013-11-21 18:11 - 2013-11-21 18:11 - 00023251 _____ C:\Documents and Settings\user\Desktop\hs_err_pid5156.log
2013-11-17 12:02 - 2013-12-07 18:11 - 00000298 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-11-16 16:20 - 2013-11-16 16:20 - 00000694 _____ C:\Documents and Settings\user\Desktop\WinRAR.lnk
2013-11-16 16:20 - 2013-11-16 16:20 - 00000000 ____D C:\Program Files\WinRAR
2013-11-16 14:12 - 2013-11-16 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-11 06:25 - 2013-11-11 06:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\My Documents\mbam-setup-1.75.0.1300.exe
2013-11-11 06:20 - 2013-11-11 06:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\My Documents\rkill.exe
2013-11-11 06:17 - 2013-11-11 06:17 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\My Documents\TFC.exe
2013-11-11 06:08 - 2013-11-11 06:08 - 03538944 _____ C:\Documents and Settings\user\My Documents\RogueKiller.exe
2013-11-11 05:59 - 2013-11-11 05:59 - 07555864 _____ (Webroot Software, Inc.) C:\Documents and Settings\user\My Documents\WRUpgradeTool.exe
2013-11-11 05:55 - 2013-11-11 05:55 - 00275848 _____ (Webroot Software Inc (www.webroot.com)) C:\Documents and Settings\user\My Documents\CleanWDF.exe
2013-11-10 17:57 - 2013-11-11 21:00 - 00000000 ____D C:\Documents and Settings\user\My Documents\An Idiot Abroad Complete 3 series
==================== One Month Modified Files and Folders =======
2013-12-09 20:03 - 2013-12-09 20:03 - 00018702 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-09 20:03 - 2012-09-29 23:25 - 00000000 ___HD C:\Documents and Settings\Default User.WINDOWS.0
2013-12-09 20:02 - 2013-12-09 20:02 - 00000000 ____D C:\FRST
2013-12-09 20:01 - 2013-12-09 08:43 - 00000000 ____D C:\Documents and Settings\user\Application Data\Azureus
2013-12-09 20:00 - 2013-12-09 20:00 - 01060641 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-09 19:52 - 2012-09-30 06:44 - 00387068 _____ C:\WINDOWS.0\WindowsUpdate.log
2013-12-09 17:26 - 2013-10-22 10:03 - 00000000 ____D C:\Documents and Settings\user\Application Data\vlc
2013-12-09 15:00 - 2013-12-09 14:59 - 00048290 _____ C:\Documents and Settings\user\Desktop\diskwipe.zip
2013-12-09 12:11 - 2013-12-09 11:59 - 22762773 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [22] English Subbed.flv
2013-12-09 12:09 - 2013-12-09 11:58 - 21567526 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [12] English Subbed.flv
2013-12-09 12:08 - 2013-12-09 11:57 - 23607319 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [22] English Subbed.flv
2013-12-09 12:07 - 2013-12-09 11:56 - 22696010 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [12] English Subbed.flv
2013-12-09 12:07 - 2013-12-09 11:54 - 22570134 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [22] English Subbed.flv
2013-12-09 12:04 - 2013-12-09 11:51 - 23816813 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [12] English Subbed.flv
2013-12-09 11:44 - 2013-12-09 11:35 - 23364256 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [12] English Subbed.flv
2013-12-09 11:43 - 2013-12-09 11:35 - 19935258 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [22] English Subbed.flv
2013-12-09 11:42 - 2013-12-09 11:34 - 23228214 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [22] English Subbed.flv
2013-12-09 11:36 - 2013-12-09 11:27 - 26414698 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [12] English Subbed.flv
2013-12-09 11:36 - 2013-10-24 02:43 - 00006144 _____ C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-09 09:28 - 2013-12-09 09:08 - 27687077 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [22] English Subbed.flv
2013-12-09 09:26 - 2013-12-09 09:08 - 25098463 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [12] English Subbed.flv
2013-12-09 08:48 - 2013-12-09 08:39 - 23573062 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [12] English Subbed.flv
2013-12-09 08:48 - 2013-12-09 08:39 - 23192056 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [22] English Subbed.flv
2013-12-09 08:46 - 2013-12-09 08:46 - 00000000 ____D C:\Documents and Settings\user\.swt
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:43 - 00000000 ____D C:\Program Files\Vuze
2013-12-09 08:43 - 2013-12-09 08:43 - 00000000 _____ C:\END
2013-12-09 08:32 - 2013-12-09 08:32 - 00071808 _____ (Azureus Software, Inc.) C:\Documents and Settings\user\My Documents\VuzeBittorrentClientInstaller.exe
2013-12-09 08:32 - 2013-12-09 08:23 - 24959547 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [22] English Subbed.flv
2013-12-09 08:31 - 2013-12-09 08:23 - 23530571 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [12] English Subbed.flv
2013-12-09 08:17 - 2013-12-09 08:10 - 25507209 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [22] English Subbed.flv
2013-12-09 08:14 - 2013-12-09 08:06 - 27093737 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [12] English Subbed.flv
2013-12-09 08:08 - 2013-12-09 07:58 - 28046653 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [22] English Subbed.flv
2013-12-09 08:05 - 2013-12-09 07:58 - 21091991 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [12] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 07:50 - 23303232 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [22] English Subbed.flv
2013-12-09 07:57 - 2013-12-09 07:49 - 24342219 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [12] English Subbed.flv
2013-12-09 06:17 - 2012-10-03 20:16 - 01154714 ___SH C:\Documents and Settings\user\My Documents\Thumbs.db
2013-12-09 05:35 - 2013-12-09 05:34 - 59674350 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 4.mp4
2013-12-08 23:21 - 2013-12-08 22:05 - 220780616 _____ C:\Documents and Settings\user\My Documents\The Prince Reigns On (Naseem Hamed Documentary).flv
2013-12-08 22:47 - 2013-12-08 22:47 - 75200917 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 1.mp4
2013-12-08 22:45 - 2013-12-08 22:45 - 75192823 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 3.mp4
2013-12-08 22:44 - 2013-12-08 22:44 - 75023592 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 2.mp4
2013-12-08 22:26 - 2013-12-08 22:26 - 51267501 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 5.mp4
2013-12-08 22:02 - 2013-12-08 21:52 - 16276428 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 6.flv
2013-12-08 21:48 - 2013-12-08 21:40 - 21321580 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed Vs Juan Gerardo Cabrera (ENTRANCE & FULL FIGHT).flv
2013-12-08 21:46 - 2013-12-08 21:43 - 08031330 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed body-slams Cesar Soto.flv
2013-12-08 18:22 - 2013-12-08 17:20 - 333570783 _____ C:\Documents and Settings\user\My Documents\Armour of God (Jackie Chan Dub).flv
2013-12-08 17:23 - 2013-12-08 17:20 - 347745474 _____ C:\Documents and Settings\user\My Documents\2013.12.07.Guillermo.Rigondeaux.vs.Joseph.Agbeko.HBO.mp4
2013-12-08 16:40 - 2013-12-08 16:40 - 17158430 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Joseph Agbeko Post-Fight Interview.mp4
2013-12-08 15:38 - 2013-12-08 15:35 - 00001038 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 15:34 - 00139264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-08 15:33 - 2013-12-08 15:32 - 227173530 _____ C:\Documents and Settings\user\My Documents\2013.12.07.James.Kirkland.vs.Glen.Tapia.HBO.mp4
2013-12-08 15:29 - 2013-12-08 15:28 - 199106183 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Chris John vs Simpiwe Vetyeka.mp4
2013-12-08 15:14 - 2013-12-08 15:12 - 122359325 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Darren Barker vs Felix Sturm.mp4
2013-12-07 18:55 - 2012-09-29 23:26 - 01000240 _____ C:\WINDOWS.0\setupapi.log
2013-12-07 18:12 - 2013-10-23 12:44 - 00000276 _____ C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-07 18:12 - 2013-03-05 19:08 - 00000284 _____ C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-07 18:11 - 2013-12-07 18:06 - 534102647 _____ C:\Documents and Settings\user\My Documents\Alpha Papa (2013).flv
2013-12-07 18:11 - 2013-11-17 12:02 - 00000298 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-07 18:11 - 2013-03-06 04:14 - 00000306 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-07 15:50 - 2013-12-07 15:42 - 333674931 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Bradley Skeete vs Colin Lynes.mp4
2013-12-07 15:40 - 2013-12-07 15:34 - 287045765 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Krzysztof Wlodarczyk vs Giacobbe Fragomeni III.mp4
2013-12-07 15:20 - 2013-12-07 12:49 - 00000000 ____D C:\WINDOWS.0\system32\NtmsData
2013-12-07 12:49 - 2012-09-30 06:40 - 00000000 ____D C:\WINDOWS.0\Registration
2013-12-07 12:49 - 2012-09-29 23:20 - 00000000 ____D C:\WINDOWS.0\repair
2013-12-07 10:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\user\Application Data\Avira
2013-12-07 10:10 - 2012-09-29 23:28 - 00468100 _____ C:\WINDOWS.0\system32\PerfStringBackup.INI
2013-12-07 10:06 - 2012-09-29 23:33 - 00000159 _____ C:\WINDOWS.0\wiadebug.log
2013-12-07 10:06 - 2012-09-29 23:33 - 00000049 _____ C:\WINDOWS.0\wiaservc.log
2013-12-07 10:05 - 2012-09-30 22:39 - 00000006 ____H C:\WINDOWS.0\Tasks\SA.DAT
2013-12-07 01:10 - 2012-09-30 23:07 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2013-12-07 01:10 - 2012-09-30 22:39 - 00032456 _____ C:\WINDOWS.0\SchedLgU.Txt
2013-12-07 01:07 - 2013-12-07 01:07 - 00001709 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira Control Center.lnk
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Program Files\Avira
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2013-12-07 01:05 - 2013-12-07 01:05 - 00000000 ____D C:\Documents and Settings\user\My Documents\Avira
2013-12-07 01:03 - 2013-12-07 01:06 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avipbb.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avgntflt.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avkmgr.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00028520 _____ (Avira GmbH) C:\WINDOWS.0\system32\Drivers\ssmdrv.sys
2013-12-07 00:36 - 2013-12-07 00:36 - 02294160 _____ C:\Documents and Settings\user\Desktop\avira_free_antivirus.exe
2013-12-07 00:31 - 2012-09-30 18:43 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software
2013-12-07 00:30 - 2012-09-29 23:20 - 00000000 ____D C:\WINDOWS.0
2013-12-07 00:19 - 2001-08-23 14:00 - 00002206 _____ C:\WINDOWS.0\system32\wpa.dbl
2013-12-05 21:22 - 2013-12-05 01:27 - 00000000 ____D C:\GOG Games
2013-12-05 14:10 - 2013-12-05 14:10 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-12-05 13:56 - 2009-07-07 19:41 - 00000000 ____D C:\Documents and Settings\QA
2013-12-05 13:42 - 2012-09-30 18:43 - 00269216 _____ (AVAST Software) C:\WINDOWS.0\system32\aswBoot.exe
2013-12-05 13:15 - 2012-09-30 06:47 - 00002577 _____ C:\WINDOWS.0\system32\CONFIG.NT
2013-12-05 11:27 - 2013-12-05 11:27 - 00000000 ____D C:\Program Files\OpenAL
2013-12-05 01:24 - 2011-02-08 03:34 - 00000000 ____D C:\Documents and Settings\user\My Documents\Dawud
2013-12-05 01:20 - 2008-04-26 04:42 - 00000000 ____D C:\Program Files\MSN
2013-12-05 01:19 - 2013-11-05 07:36 - 00000000 ____D C:\Documents and Settings\user\Application Data\Amazon
2013-12-05 01:19 - 2013-11-05 07:35 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Amazon
2013-12-05 01:19 - 2009-07-11 22:12 - 00000000 ____D C:\Program Files\Google
2013-12-04 17:38 - 2013-12-04 17:34 - 302552601 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis vs Frank Bruno.mp4
2013-12-04 17:27 - 2013-12-04 17:27 - 206268753 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis - Michael Grant. 2000-04-29.mp4
2013-12-04 13:49 - 2013-12-04 13:49 - 00003711 _____ C:\Documents and Settings\user\Application Data\DMZ.vbs
2013-12-02 17:04 - 2013-12-02 17:04 - 22828005 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed Highlights (by GP).mp4
2013-12-02 15:19 - 2013-12-02 15:19 - 00000479 _____ C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000467 _____ C:\Documents and Settings\user\My Documents\Image007 (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000455 _____ C:\Documents and Settings\user\My Documents\Image007.lnk
2013-12-02 11:48 - 2013-12-02 11:45 - 336175903 _____ C:\Documents and Settings\user\My Documents\â˜¯ The Art of Action, Martial Arts in the Movies (Full Documentary) â˜¯.mp4
2013-12-02 07:07 - 2013-12-02 07:07 - 28304396 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt2.mp4
2013-12-02 07:07 - 2013-12-02 07:06 - 25371963 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt1.mp4
2013-12-02 06:50 - 2013-12-02 06:50 - 21223730 _____ C:\Documents and Settings\user\My Documents\GEOFF THOMPSON PASSENGERS.mp4
2013-12-02 06:35 - 2013-12-02 06:34 - 04124631 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson on getting hurt in a street fight.mp4
2013-12-01 13:09 - 2013-12-01 13:07 - 262243540 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson - Fear, My Friend _ London Real.mp4
2013-12-01 12:01 - 2013-12-01 11:39 - 00217088 _____ C:\Documents and Settings\user\My Documents\Thompson.MSWMM
2013-12-01 12:01 - 2013-12-01 11:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-12-01 11:58 - 2013-12-01 11:53 - 10920534 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson.wmv
2013-12-01 11:28 - 2013-12-01 11:27 - 66487343 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson The best Martial Arts instructor on the planet.mpg
2013-12-01 10:15 - 2013-12-01 10:13 - 252072230 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Adonis Stevenson vs Tony Bellew.mp4
2013-12-01 09:19 - 2013-12-01 09:18 - 131224639 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Sergey Kovalev vs Ismayl Sillakh.mp4
2013-12-01 07:07 - 2013-12-01 07:04 - 12362400 _____ C:\Documents and Settings\user\My Documents\Mike Tyson makes a little boy cry at Nuke the Fridge Con 2011 (HD).mp4
2013-12-01 06:33 - 2013-12-01 06:32 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
2013-12-01 06:31 - 2013-12-01 06:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaws.exe
2013-12-01 06:31 - 2013-12-01 06:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javacpl.cpl
2013-12-01 06:31 - 2013-12-01 06:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaw.exe
2013-12-01 06:31 - 2013-12-01 06:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS.0\system32\java.exe
2013-12-01 06:31 - 2013-12-01 06:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-12-01 06:16 - 2013-12-01 06:16 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\user\Desktop\jxpiinstall.exe
2013-11-30 11:25 - 2013-11-30 11:25 - 27768873 _____ C:\Documents and Settings\user\My Documents\Oedipus.mp4
2013-11-30 11:23 - 2013-11-30 11:23 - 25327010 _____ C:\Documents and Settings\user\My Documents\Mythologique.mp4
2013-11-30 10:18 - 2013-11-30 10:19 - 00241220 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 11.rar
2013-11-29 13:57 - 2013-05-21 06:57 - 00000000 ____D C:\Documents and Settings\user\My Documents\Jaheim
2013-11-29 00:10 - 2013-03-04 01:05 - 00000000 ____D C:\Documents and Settings\user\Application Data\Skype
2013-11-28 22:53 - 2013-11-28 21:17 - 00000000 ____D C:\Documents and Settings\user\Application Data\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:12 - 00000742 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Broken Sword 2.5.lnk
2013-11-28 21:12 - 2013-11-28 21:12 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:02 - 00000000 ____D C:\Program Files\Broken Sword 2.5
2013-11-28 18:10 - 2013-03-04 01:05 - 00002269 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Skype.lnk
2013-11-28 17:38 - 2013-11-28 17:38 - 15863306 _____ C:\Documents and Settings\user\My Documents\Conor Mcgregor Leading the Irish Invasion in MMA.mp4
2013-11-28 13:36 - 2013-11-28 13:36 - 11138079 _____ C:\Documents and Settings\user\My Documents\FLOYD MAYWEATHER JR. DANCING WITH THE JUMP ROPE.mp4
2013-11-28 12:03 - 2013-11-28 12:03 - 11954764 _____ C:\Documents and Settings\user\My Documents\NSYNC- Tearin' Up My Heart (The View).mp4
2013-11-28 11:59 - 2013-11-28 11:59 - 15069565 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin' Up My Heart.mp4
2013-11-28 11:56 - 2013-11-28 11:56 - 16293397 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin Up My Heart (Live MTV TRL 1998.).mp4
2013-11-28 11:54 - 2013-11-28 11:54 - 19781199 _____ C:\Documents and Settings\user\My Documents\N Sync perform Tearin' Up My Heart on 5's Company.mp4
2013-11-28 11:51 - 2013-11-28 11:51 - 14261218 _____ C:\Documents and Settings\user\My Documents\N_Sync - Tearin' Up My Heart (Fashionably Loud - 1999).mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 17150218 _____ C:\Documents and Settings\user\My Documents\'N Sync_ Bye Bye Bye-- Gloria Estefan's Caribbean Soul_ The Atlantis Concert.mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 16232428 _____ C:\Documents and Settings\user\My Documents\'N SYNC-BYE BYE BYE 2000 live.mp4
2013-11-27 22:31 - 2013-11-27 22:27 - 320287231 _____ C:\Documents and Settings\user\My Documents\2013-11-27 Anthony Mundine vs Shane Mosley.mp4
2013-11-27 12:43 - 2013-11-30 09:56 - 00077339 ___SH C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs
2013-11-24 09:03 - 2013-11-24 09:03 - 00020314 _____ C:\Documents and Settings\user\Desktop\hs_err_pid4312.log
2013-11-23 17:08 - 2013-11-23 17:08 - 02218261 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 10.rar
2013-11-23 15:09 - 2013-11-23 14:05 - 01792957 _____ C:\Documents and Settings\user\Desktop\In my magic box....pptx
2013-11-23 10:48 - 2013-11-23 17:05 - 00489472 _____ C:\Documents and Settings\user\Desktop\comparatives_er_est.ppt
2013-11-21 18:11 - 2013-11-21 18:11 - 00023251 _____ C:\Documents and Settings\user\Desktop\hs_err_pid5156.log
2013-11-18 15:05 - 2013-10-27 12:33 - 00000000 ____D C:\Documents and Settings\user\My Documents\OU third year
2013-11-18 05:46 - 2012-09-30 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 20:23 - 2013-11-16 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-11-16 16:20 - 2013-11-16 16:20 - 00000694 _____ C:\Documents and Settings\user\Desktop\WinRAR.lnk
2013-11-16 16:20 - 2013-11-16 16:20 - 00000000 ____D C:\Program Files\WinRAR
2013-11-16 15:49 - 2012-09-30 23:55 - 00002519 _____ C:\Documents and Settings\user\Desktop\Microsoft Office Word 2007.lnk
2013-11-11 21:00 - 2013-11-10 17:57 - 00000000 ____D C:\Documents and Settings\user\My Documents\An Idiot Abroad Complete 3 series
2013-11-11 06:25 - 2013-11-11 06:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\My Documents\mbam-setup-1.75.0.1300.exe
2013-11-11 06:20 - 2013-11-11 06:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\My Documents\rkill.exe
2013-11-11 06:17 - 2013-11-11 06:17 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\My Documents\TFC.exe
2013-11-11 06:08 - 2013-11-11 06:08 - 03538944 _____ C:\Documents and Settings\user\My Documents\RogueKiller.exe
2013-11-11 05:59 - 2013-11-11 05:59 - 07555864 _____ (Webroot Software, Inc.) C:\Documents and Settings\user\My Documents\WRUpgradeTool.exe
2013-11-11 05:55 - 2013-11-11 05:55 - 00275848 _____ (Webroot Software Inc (www.webroot.com)) C:\Documents and Settings\user\My Documents\CleanWDF.exe
Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\7z920.exe
C:\Documents and Settings\user\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\user\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\user\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\i4jdel0.exe
C:\Documents and Settings\user\Local Settings\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\user\Local Settings\Temp\TFR198.exe
C:\Documents and Settings\user\Local Settings\Temp\UpdateCheckerSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\user\Local Settings\Temp\Vuze_Installer.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================


----------



## dawudbryant (Sep 12, 2013)

2nd log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2013
Ran by user at 2013-12-09 20:05:18
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Avira Free Antivirus (Version: 14.0.1.759)
Broken Sword 2.5
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
qualitink 1.0.0 (Version: 1.0.0)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.3 (Version: 6.3.107)
VLC media player 2.1.0 (Version: 2.1.0)
Vuze (Version: 5.2.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
WinRAR 5.00 (32-bit) (Version: 5.00.0)
==================== Restore Points =========================
01-12-2013 03:28:01 Removed Java 7 Update 15
01-12-2013 03:30:20 Installed Java 7 Update 45
02-12-2013 05:21:13 System Checkpoint
03-12-2013 06:06:17 System Checkpoint
04-12-2013 06:42:19 System Checkpoint
05-12-2013 10:25:07 avast! antivirus system restore point
06-12-2013 21:27:59 avast! antivirus system restore point
08-12-2013 06:33:20 System Checkpoint
09-12-2013 06:37:22 System Checkpoint
==================== Hosts content: ==========================
2007-08-11 09:58 - 2007-08-11 09:58 - 00000768 ____A C:\WINDOWS.0\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS.0\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2013-12-07 01:06 - 2013-12-07 01:02 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-04-14 07:42 - 2008-04-14 07:42 - 00014336 _____ () C:\WINDOWS.0\system32\msdmo.dll
2013-12-09 08:43 - 2012-12-14 15:42 - 00053160 _____ () C:\Program Files\Vuze\aereg.dll
2013-12-09 08:43 - 2012-12-14 15:42 - 00077768 _____ () C:\Program Files\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll
2013-12-09 08:43 - 2012-12-14 15:42 - 00019368 _____ () C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll
==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2013 04:12:01 PM) (Source: Application Error) (User: )
Description: Faulting application recordingmanager.exe, version 1.3.0.208, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [recordingmanager.exe!ws!]
Error: (12/07/2013 06:55:28 PM) (Source: Application Error) (User: )
Description: Faulting application recordingmanager.exe, version 1.3.0.208, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [recordingmanager.exe!ws!]
Error: (12/07/2013 00:22:07 AM) (Source: Application Hang) (User: )
Description: Hanging application realplay.exe, version 16.0.0.282, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/07/2013 00:22:05 AM) (Source: Application Hang) (User: )
Description: Hanging application realplay.exe, version 16.0.0.282, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/07/2013 00:21:56 AM) (Source: Application Hang) (User: )
Description: Hanging application msmsgs.exe, version 4.7.0.3001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/05/2013 09:40:22 PM) (Source: Application Error) (User: )
Description: Faulting application recordingmanager.exe, version 1.3.0.208, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [recordingmanager.exe!ws!]
Error: (12/02/2013 06:17:32 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Processing media-specific event for [iexplore.exe!ws!]
Error: (12/01/2013 06:25:53 AM) (Source: Application Hang) (User: )
Description: Hanging application realplay.exe, version 16.0.0.282, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/26/2013 10:39:45 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/26/2013 10:39:45 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (12/09/2013 06:11:58 AM) (Source: DCOM) (User: COMPUTER_1)
Description: Unable to start a DCOM Server: {7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}.
The error:
"%{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}"
Happened while starting this command:
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE -Embedding
Error: (12/09/2013 06:11:06 AM) (Source: DCOM) (User: COMPUTER_1)
Description: Unable to start a DCOM Server: {7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}.
The error:
"%{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}"
Happened while starting this command:
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE -Embedding
Error: (12/07/2013 03:19:36 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:19:35 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:19:25 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:19:25 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:13:51 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:13:51 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:13:40 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.
Error: (12/07/2013 03:13:40 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Removable Disk USB Device.

Microsoft Office Sessions:
=========================
==================== Memory info =========================== 
Percentage of memory in use: 53%
Total physical RAM: 1014.36 MB
Available physical RAM: 468.28 MB
Total Pagefile: 2441.54 MB
Available Pagefile: 1609.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.38 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:149.01 GB) (Free:7.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## dawudbryant (Sep 12, 2013)

the reason I asked if I should plug my flashdrives back into the desktop is because when it comes the time to back up my desktop onto my new external hard drive, I don't want it to be that there is still an infection. I might just check it, if it re infects it I will just redo what you tolds me


----------



## dawudbryant (Sep 12, 2013)

neither of the flashdrives are clear, they all still have the tovhfhfiei.vbs files on them


----------



## dawudbryant (Sep 12, 2013)

this is what i was told to do before


Open Task Manager (Ctrl+Alt+Del) and End Process for any WSCRIPT.EXE that is currently running. (This will stop the running virus, the next steps are for preventing it from running again next time you start your computer)
Click on Start
Type REGEDIT and Tap Enter
Click on HKEY_CURRENT_USER
Click on Software\
Click on Microsoft\
Click on Windows\
Click on CurrentVersion\
Click on Run.
On the list on the right find any reference to a file that ends with .vbs and take note of were that .vbs file is located
Go to the said location and delete the .vbs file
Go back to Regedit and delete the key referencing thtat said .vbs file
the problem is, in regedit, it shows the vbs file, but when i search in the destination it said about i couldnt find the file


----------



## Mark1956 (May 7, 2011)

We can use FRST to remove the registry entries and the files, but before we go for that it may be of benefit to find out exactly what this infection is so we know what we are dealing with. Please follow this below and post back the findings.

Go to one of the following online services that analyzes suspicious files:

*Jotti's virusscan*
*VirusTotal*
*VirSCAN*

In the "*File to Scan*" (Upload or Submit) box, click the "*browse*" button and locate the following file:

C:\Documents and Settings\user\Start Menu\Programs\Startup\*tovhfhfiei.vbs* _<- this file_

It should also be found here: C:\Documents and Settings\user\Application Data\*tovhfhfiei.vbs*

Click "*Open*", then click the "*Submit*" button. If you get a message saying "_File has already been analyzed_", click *Reanalyze* or *Scan again*.
-- Post back with the results of the file analysis in your next reply.


----------



## dawudbryant (Sep 12, 2013)

the first location 9 out of the 22 scanners founds malware via jottis malware scan


----------



## dawudbryant (Sep 12, 2013)




----------



## dawudbryant (Sep 12, 2013)

2013-12-10 Worm.VBS.Dunihi.W







2013-12-10 Found nothing







2013-12-09 Found nothing







2013-12-10 Found nothing







2013-12-09 Found nothing







2013-12-10 Worm.VBS.Dunihi.W







2013-12-09 Found nothing







2013-12-10 Worm.VBS.Dunihi.W







2013-12-09 Found nothing







2013-12-10 Found nothing







2013-12-10 Found nothing







2013-12-10 Worm.VBS.Dinihou.o







2013-12-10 Worm.VBS.Dunihi.W







2013-12-09 Found nothing







2013-12-09 Found nothing







2013-12-08 Found nothing







Operation timed out







2013-12-10 VBS/Dinihou-A







2013-12-10 Found nothing







2013-12-09 Possible_DUNIHI







2013-12-10 Worm.VBS.Dunihi.W







2013-12-10 Found nothing







2013-12-09 VBS/Agent.NDH worm


----------



## dawudbryant (Sep 12, 2013)

for that second possible location, I cant look for it as in user there is no file called application data


----------



## dawudbryant (Sep 12, 2013)

Also, as my phone also got made to create shortcuts, does that mean I will have to do the same things to my phone, obvously i cant just delete my phone programs as they are important


----------



## Mark1956 (May 7, 2011)

I only deal with PC's, I honestly have no idea how to clean this infection out of your phone, your best bet is to take it to the place of purchase and get them to clean it out. I assume you had it connected to the PC as some point, don't connect it again until it has been cleaned.

As I suspected, the infection is identified as a Worm, not something we see very often and I'm surprised only 9 out of the 22 scanners recognized it, possibly a new variant.

It is difficult to know for sure where it came from, but it does seem likely it was from your wife's flash drive. If it did come from the system she uses at work they should be notified so the IT department can clean it off their system.

The next step will be to clean out the laptop. I'll post the instructions in a few minutes.


----------



## Mark1956 (May 7, 2011)

The second location you were trying to find the file in will be hidden so not to worry about that.

Open Notepad and *Copy & Paste* the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select *Copy* then right click in the Notepad window and select *Paste*. Save it to the same location that FRST is saved in as *fixlist.txt* _*<--- it is very important to spell this name exactly as written here.*_


```
HKLM\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
HKCU\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.*


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.

When done, reboot the system and run FRST again and post the new log so I can check the infection is gone.


----------



## Mark1956 (May 7, 2011)

When you have completed the instructions above please also run this scan to make quite sure the file does not exist in any other location.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (32-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*tovhfhfiei.vbs*
:regfind
tovhfhfiei
tovhfhfiei.vbs
:service
tovhfhfiei
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## dawudbryant (Sep 12, 2013)

heres the first log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2013
Ran by user at 2013-12-10 14:16:25 Run:1
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
HKCU\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tovhfhfiei => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tovhfhfiei => Value not found.
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs => Moved successfully.
C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs => Moved successfully.
"C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs" => File/Directory not found.
==== End of Fixlog ====


----------



## dawudbryant (Sep 12, 2013)

for some reason now, everytime i turn the laptop on, a notepad thing pops up saying this

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787


----------



## dawudbryant (Sep 12, 2013)

i just restarted, i scanned it again, heres the first log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by user (administrator) on COMPUTER_1 on 10-12-2013 14:25:47
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
() C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\alg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TkBellExe] - C:\Program Files\real\realplayer\Update\realsched.exe [295072 2013-03-05] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-07-11] (Google Inc.)
HKU\Guest\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-17] (Microsoft Corporation)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2289C1EC-B6EE-4B74-83C7-F63FCA11993D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10675
SearchScopes: HKCU - {D89485F7-86F9-4609-9BA4-B2503D067007} URL = http://search.us.com/serp?guid={A2C...&action=default_search&serpv=5&k={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.0\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: artur.dubovoy - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: firefox - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: hdvc3 - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS.0\system32\npDeployJava1.dll No File
CHR Extension: (Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (HDvid Codec 3) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo\3.0_0
CHR Extension: (avast! WebRep) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (RealDownloader) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-12-07] (Avira Operations GmbH & Co. KG)
S3 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [246272 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS.0\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\Windows\System32\Drivers\abp480n5.sys [23552 2001-08-18] (Microsoft Corporation)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2009-03-16] (Creative)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1391104 2009-01-07] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [14248 2008-11-05] (Windows (R) Codename Longhorn DDK provider)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2009-03-16] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [x]
R3 HpqKbFiltr; system32\DRIVERS\HpqKbFiltr.sys [x]
R3 RTSTOR; system32\drivers\RTSTOR.SYS [x]
R1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]
S3 usbaudio; system32\drivers\usbaudio.sys [x]
S3 usbscan; system32\DRIVERS\usbscan.sys [x]
U1 WS2IFSL; 
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-10 14:25 - 2013-12-10 14:26 - 00018361 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-10 13:23 - 2013-12-10 13:27 - 12103598 _____ C:\Documents and Settings\user\My Documents\How to Tie a Shemagh Scarf.flv
2013-12-10 13:21 - 2013-12-10 13:22 - 03624887 _____ C:\Documents and Settings\user\My Documents\How to do the traditional Bedouin Omani Masarh.flv
2013-12-10 13:16 - 2013-12-10 13:20 - 14151685 _____ C:\Documents and Settings\user\My Documents\afghan turban Imamah (امامه پګړۍ پټکۍ لونګۍ ) www.afghanvoice.com
2013-12-10 13:13 - 2013-12-10 13:15 - 06100935 _____ C:\Documents and Settings\user\My Documents\Bending a Turban like Abdul Alhazred.flv
2013-12-09 20:46 - 2013-12-09 20:46 - 02556305 _____ C:\Documents and Settings\user\My Documents\The Golden Lotus 金瓶雙艷 (1974) Official Trailer by Shaw Brothers.flv
2013-12-09 20:45 - 2013-12-09 20:48 - 07253883 _____ C:\Documents and Settings\user\My Documents\Jackie Chan - The Golden Lotus 1974 (Mandarin).flv
2013-12-09 20:38 - 2013-12-09 20:42 - 14170167 _____ C:\Documents and Settings\user\My Documents\Police Story 2013 Trailer - Jackie Chan.flv
2013-12-09 20:36 - 2013-12-09 20:39 - 07459869 _____ C:\Documents and Settings\user\My Documents\Jackie Chan 成龙 Police Story 2013 Making of 警察故事2013 Cantonese.flv
2013-12-09 20:36 - 2013-12-09 20:37 - 05339955 _____ C:\Documents and Settings\user\My Documents\Jackie Chan Project A cantonese MV.flv
2013-12-09 20:02 - 2013-12-09 20:02 - 00000000 ____D C:\FRST
2013-12-09 20:00 - 2013-12-09 20:00 - 01060641 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-09 14:59 - 2013-12-09 15:00 - 00048290 _____ C:\Documents and Settings\user\Desktop\diskwipe.zip
2013-12-09 11:59 - 2013-12-09 12:11 - 22762773 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [22] English Subbed.flv
2013-12-09 11:58 - 2013-12-09 12:09 - 21567526 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [12] English Subbed.flv
2013-12-09 11:57 - 2013-12-09 12:08 - 23607319 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [22] English Subbed.flv
2013-12-09 11:56 - 2013-12-09 12:07 - 22696010 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [12] English Subbed.flv
2013-12-09 11:54 - 2013-12-09 12:07 - 22570134 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [22] English Subbed.flv
2013-12-09 11:51 - 2013-12-09 12:04 - 23816813 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [12] English Subbed.flv
2013-12-09 11:35 - 2013-12-09 11:44 - 23364256 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [12] English Subbed.flv
2013-12-09 11:35 - 2013-12-09 11:43 - 19935258 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [22] English Subbed.flv
2013-12-09 11:34 - 2013-12-09 11:42 - 23228214 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [22] English Subbed.flv
2013-12-09 11:27 - 2013-12-09 11:36 - 26414698 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [12] English Subbed.flv
2013-12-09 09:08 - 2013-12-09 09:28 - 27687077 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [22] English Subbed.flv
2013-12-09 09:08 - 2013-12-09 09:26 - 25098463 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [12] English Subbed.flv
2013-12-09 08:46 - 2013-12-09 08:46 - 00000000 ____D C:\Documents and Settings\user\.swt
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Vuze.lnk
2013-12-09 08:43 - 2013-12-10 14:19 - 00000000 ____D C:\Documents and Settings\user\Application Data\Azureus
2013-12-09 08:43 - 2013-12-09 08:44 - 00000000 ____D C:\Program Files\Vuze
2013-12-09 08:43 - 2013-12-09 08:43 - 00000000 _____ C:\END
2013-12-09 08:39 - 2013-12-09 08:48 - 23573062 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [12] English Subbed.flv
2013-12-09 08:39 - 2013-12-09 08:48 - 23192056 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [22] English Subbed.flv
2013-12-09 08:32 - 2013-12-09 08:32 - 00071808 _____ (Azureus Software, Inc.) C:\Documents and Settings\user\My Documents\VuzeBittorrentClientInstaller.exe
2013-12-09 08:23 - 2013-12-09 08:32 - 24959547 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [22] English Subbed.flv
2013-12-09 08:23 - 2013-12-09 08:31 - 23530571 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [12] English Subbed.flv
2013-12-09 08:10 - 2013-12-09 08:17 - 25507209 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [22] English Subbed.flv
2013-12-09 08:06 - 2013-12-09 08:14 - 27093737 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [12] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 08:08 - 28046653 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [22] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 08:05 - 21091991 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [12] English Subbed.flv
2013-12-09 07:50 - 2013-12-09 07:58 - 23303232 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [22] English Subbed.flv
2013-12-09 07:49 - 2013-12-09 07:57 - 24342219 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [12] English Subbed.flv
2013-12-09 05:34 - 2013-12-09 05:35 - 59674350 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 4.mp4
2013-12-08 22:47 - 2013-12-08 22:47 - 75200917 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 1.mp4
2013-12-08 22:45 - 2013-12-08 22:45 - 75192823 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 3.mp4
2013-12-08 22:44 - 2013-12-08 22:44 - 75023592 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 2.mp4
2013-12-08 22:26 - 2013-12-08 22:26 - 51267501 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 5.mp4
2013-12-08 22:05 - 2013-12-08 23:21 - 220780616 _____ C:\Documents and Settings\user\My Documents\The Prince Reigns On (Naseem Hamed Documentary).flv
2013-12-08 21:52 - 2013-12-08 22:02 - 16276428 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 6.flv
2013-12-08 21:43 - 2013-12-08 21:46 - 08031330 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed body-slams Cesar Soto.flv
2013-12-08 21:40 - 2013-12-08 21:48 - 21321580 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed Vs Juan Gerardo Cabrera (ENTRANCE & FULL FIGHT).flv
2013-12-08 17:20 - 2013-12-08 18:22 - 333570783 _____ C:\Documents and Settings\user\My Documents\Armour of God (Jackie Chan Dub).flv
2013-12-08 17:20 - 2013-12-08 17:23 - 347745474 _____ C:\Documents and Settings\user\My Documents\2013.12.07.Guillermo.Rigondeaux.vs.Joseph.Agbeko.HBO.mp4
2013-12-08 16:40 - 2013-12-08 16:40 - 17158430 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Joseph Agbeko Post-Fight Interview.mp4
2013-12-08 15:35 - 2013-12-08 15:38 - 00001038 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 15:34 - 00139264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-08 15:32 - 2013-12-08 15:33 - 227173530 _____ C:\Documents and Settings\user\My Documents\2013.12.07.James.Kirkland.vs.Glen.Tapia.HBO.mp4
2013-12-08 15:28 - 2013-12-08 15:29 - 199106183 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Chris John vs Simpiwe Vetyeka.mp4
2013-12-08 15:12 - 2013-12-08 15:14 - 122359325 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Darren Barker vs Felix Sturm.mp4
2013-12-07 18:06 - 2013-12-07 18:11 - 534102647 _____ C:\Documents and Settings\user\My Documents\Alpha Papa (2013).flv
2013-12-07 15:42 - 2013-12-07 15:50 - 333674931 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Bradley Skeete vs Colin Lynes.mp4
2013-12-07 15:34 - 2013-12-07 15:40 - 287045765 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Krzysztof Wlodarczyk vs Giacobbe Fragomeni III.mp4
2013-12-07 12:49 - 2013-12-07 15:20 - 00000000 ____D C:\WINDOWS.0\system32\NtmsData
2013-12-07 10:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\user\Application Data\Avira
2013-12-07 01:07 - 2013-12-07 01:07 - 00001709 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira Control Center.lnk
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Program Files\Avira
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2013-12-07 01:06 - 2013-12-07 01:03 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avipbb.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avgntflt.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avkmgr.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00028520 _____ (Avira GmbH) C:\WINDOWS.0\system32\Drivers\ssmdrv.sys
2013-12-07 01:05 - 2013-12-07 01:05 - 00000000 ____D C:\Documents and Settings\user\My Documents\Avira
2013-12-07 00:36 - 2013-12-07 00:36 - 02294160 _____ C:\Documents and Settings\user\Desktop\avira_free_antivirus.exe
2013-12-05 14:10 - 2013-12-05 14:10 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-12-05 01:27 - 2013-12-05 21:22 - 00000000 ____D C:\GOG Games
2013-12-04 17:34 - 2013-12-04 17:38 - 302552601 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis vs Frank Bruno.mp4
2013-12-04 17:27 - 2013-12-04 17:27 - 206268753 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis - Michael Grant. 2000-04-29.mp4
2013-12-04 13:49 - 2013-12-04 13:49 - 00003711 _____ C:\Documents and Settings\user\Application Data\DMZ.vbs
2013-12-02 17:04 - 2013-12-02 17:04 - 22828005 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed Highlights (by GP).mp4
2013-12-02 15:19 - 2013-12-02 15:19 - 00000479 _____ C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000467 _____ C:\Documents and Settings\user\My Documents\Image007 (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000455 _____ C:\Documents and Settings\user\My Documents\Image007.lnk
2013-12-02 11:45 - 2013-12-02 11:48 - 336175903 _____ C:\Documents and Settings\user\My Documents\â˜¯ The Art of Action, Martial Arts in the Movies (Full Documentary) â˜¯.mp4
2013-12-02 07:07 - 2013-12-02 07:07 - 28304396 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt2.mp4
2013-12-02 07:06 - 2013-12-02 07:07 - 25371963 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt1.mp4
2013-12-02 06:50 - 2013-12-02 06:50 - 21223730 _____ C:\Documents and Settings\user\My Documents\GEOFF THOMPSON PASSENGERS.mp4
2013-12-02 06:34 - 2013-12-02 06:35 - 04124631 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson on getting hurt in a street fight.mp4
2013-12-01 13:07 - 2013-12-01 13:09 - 262243540 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson - Fear, My Friend _ London Real.mp4
2013-12-01 11:53 - 2013-12-01 11:58 - 10920534 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson.wmv
2013-12-01 11:39 - 2013-12-01 12:01 - 00217088 _____ C:\Documents and Settings\user\My Documents\Thompson.MSWMM
2013-12-01 11:33 - 2013-12-01 12:01 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-12-01 11:27 - 2013-12-01 11:28 - 66487343 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson The best Martial Arts instructor on the planet.mpg
2013-12-01 10:13 - 2013-12-01 10:15 - 252072230 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Adonis Stevenson vs Tony Bellew.mp4
2013-12-01 09:18 - 2013-12-01 09:19 - 131224639 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Sergey Kovalev vs Ismayl Sillakh.mp4
2013-12-01 08:52 - 2012-12-27 18:46 - 600507683 _____ C:\Documents and Settings\user\My Documents\Martial Arts the real story episode 2.mpg
2013-12-01 07:04 - 2013-12-01 07:07 - 12362400 _____ C:\Documents and Settings\user\My Documents\Mike Tyson makes a little boy cry at Nuke the Fridge Con 2011 (HD).mp4
2013-12-01 06:33 - 2013-12-01 06:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaws.exe
2013-12-01 06:33 - 2013-12-01 06:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javacpl.cpl
2013-12-01 06:32 - 2013-12-01 06:33 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
2013-12-01 06:32 - 2013-12-01 06:31 - 00175016 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaw.exe
2013-12-01 06:32 - 2013-12-01 06:31 - 00174504 _____ (Oracle Corporation) C:\WINDOWS.0\system32\java.exe
2013-12-01 06:32 - 2013-12-01 06:31 - 00094632 _____ (Oracle Corporation) C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-12-01 06:16 - 2013-12-01 06:16 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\user\Desktop\jxpiinstall.exe
2013-11-30 11:25 - 2013-11-30 11:25 - 27768873 _____ C:\Documents and Settings\user\My Documents\Oedipus.mp4
2013-11-30 11:23 - 2013-11-30 11:23 - 25327010 _____ C:\Documents and Settings\user\My Documents\Mythologique.mp4
2013-11-30 10:19 - 2013-11-30 10:18 - 00241220 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 11.rar
2013-11-28 21:17 - 2013-11-28 22:53 - 00000000 ____D C:\Documents and Settings\user\Application Data\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:12 - 00000742 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Broken Sword 2.5.lnk
2013-11-28 21:12 - 2013-11-28 21:12 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Broken Sword 2.5
2013-11-28 21:02 - 2013-11-28 21:12 - 00000000 ____D C:\Program Files\Broken Sword 2.5
2013-11-28 17:38 - 2013-11-28 17:38 - 15863306 _____ C:\Documents and Settings\user\My Documents\Conor Mcgregor Leading the Irish Invasion in MMA.mp4
2013-11-28 13:36 - 2013-11-28 13:36 - 11138079 _____ C:\Documents and Settings\user\My Documents\FLOYD MAYWEATHER JR. DANCING WITH THE JUMP ROPE.mp4
2013-11-28 12:03 - 2013-11-28 12:03 - 11954764 _____ C:\Documents and Settings\user\My Documents\NSYNC- Tearin' Up My Heart (The View).mp4
2013-11-28 11:59 - 2013-11-28 11:59 - 15069565 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin' Up My Heart.mp4
2013-11-28 11:56 - 2013-11-28 11:56 - 16293397 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin Up My Heart (Live MTV TRL 1998.).mp4
2013-11-28 11:54 - 2013-11-28 11:54 - 19781199 _____ C:\Documents and Settings\user\My Documents\N Sync perform Tearin' Up My Heart on 5's Company.mp4
2013-11-28 11:51 - 2013-11-28 11:51 - 14261218 _____ C:\Documents and Settings\user\My Documents\N_Sync - Tearin' Up My Heart (Fashionably Loud - 1999).mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 17150218 _____ C:\Documents and Settings\user\My Documents\'N Sync_ Bye Bye Bye-- Gloria Estefan's Caribbean Soul_ The Atlantis Concert.mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 16232428 _____ C:\Documents and Settings\user\My Documents\'N SYNC-BYE BYE BYE 2000 live.mp4
2013-11-27 22:27 - 2013-11-27 22:31 - 320287231 _____ C:\Documents and Settings\user\My Documents\2013-11-27 Anthony Mundine vs Shane Mosley.mp4
2013-11-23 17:08 - 2013-11-23 17:08 - 02218261 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 10.rar
2013-11-23 17:05 - 2013-11-23 10:48 - 00489472 _____ C:\Documents and Settings\user\Desktop\comparatives_er_est.ppt
2013-11-23 14:05 - 2013-11-23 15:09 - 01792957 _____ C:\Documents and Settings\user\Desktop\In my magic box....pptx
2013-11-17 12:02 - 2013-12-10 14:22 - 00000298 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-11-16 16:20 - 2013-11-16 16:20 - 00000694 _____ C:\Documents and Settings\user\Desktop\WinRAR.lnk
2013-11-16 16:20 - 2013-11-16 16:20 - 00000000 ____D C:\Program Files\WinRAR
2013-11-16 14:12 - 2013-11-16 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-11 06:25 - 2013-11-11 06:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\My Documents\mbam-setup-1.75.0.1300.exe
2013-11-11 06:20 - 2013-11-11 06:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\My Documents\rkill.exe
2013-11-11 06:17 - 2013-11-11 06:17 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\My Documents\TFC.exe
2013-11-11 06:08 - 2013-11-11 06:08 - 03538944 _____ C:\Documents and Settings\user\My Documents\RogueKiller.exe
2013-11-11 05:59 - 2013-11-11 05:59 - 07555864 _____ (Webroot Software, Inc.) C:\Documents and Settings\user\My Documents\WRUpgradeTool.exe
2013-11-11 05:55 - 2013-11-11 05:55 - 00275848 _____ (Webroot Software Inc (www.webroot.com)) C:\Documents and Settings\user\My Documents\CleanWDF.exe
2013-11-10 17:57 - 2013-11-11 21:00 - 00000000 ____D C:\Documents and Settings\user\My Documents\An Idiot Abroad Complete 3 series
==================== One Month Modified Files and Folders =======
2013-12-10 14:26 - 2013-12-10 14:25 - 00018361 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-10 14:23 - 2013-10-23 12:44 - 00000276 _____ C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 14:23 - 2013-03-05 19:08 - 00000284 _____ C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 14:23 - 2012-09-30 06:44 - 00389841 _____ C:\WINDOWS.0\WindowsUpdate.log
2013-12-10 14:22 - 2013-11-17 12:02 - 00000298 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 14:21 - 2012-09-30 22:39 - 00000006 ____H C:\WINDOWS.0\Tasks\SA.DAT
2013-12-10 14:21 - 2012-09-29 23:33 - 00000159 _____ C:\WINDOWS.0\wiadebug.log
2013-12-10 14:21 - 2012-09-29 23:33 - 00000050 _____ C:\WINDOWS.0\wiaservc.log
2013-12-10 14:21 - 2001-08-23 14:00 - 00002206 _____ C:\WINDOWS.0\system32\wpa.dbl
2013-12-10 14:20 - 2012-09-30 23:07 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2013-12-10 14:20 - 2012-09-30 22:39 - 00032456 _____ C:\WINDOWS.0\SchedLgU.Txt
2013-12-10 14:19 - 2013-12-09 08:43 - 00000000 ____D C:\Documents and Settings\user\Application Data\Azureus
2013-12-10 13:27 - 2013-12-10 13:23 - 12103598 _____ C:\Documents and Settings\user\My Documents\How to Tie a Shemagh Scarf.flv
2013-12-10 13:22 - 2013-12-10 13:21 - 03624887 _____ C:\Documents and Settings\user\My Documents\How to do the traditional Bedouin Omani Masarh.flv
2013-12-10 13:20 - 2013-12-10 13:16 - 14151685 _____ C:\Documents and Settings\user\My Documents\afghan turban Imamah (امامه پګړۍ پټکۍ لونګۍ ) www.afghanvoice.com
2013-12-10 13:15 - 2013-12-10 13:13 - 06100935 _____ C:\Documents and Settings\user\My Documents\Bending a Turban like Abdul Alhazred.flv
2013-12-10 11:52 - 2013-10-24 02:43 - 00010752 _____ C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-10 08:25 - 2013-10-22 10:03 - 00000000 ____D C:\Documents and Settings\user\Application Data\vlc
2013-12-09 20:48 - 2013-12-09 20:45 - 07253883 _____ C:\Documents and Settings\user\My Documents\Jackie Chan - The Golden Lotus 1974 (Mandarin).flv
2013-12-09 20:46 - 2013-12-09 20:46 - 02556305 _____ C:\Documents and Settings\user\My Documents\The Golden Lotus 金瓶雙艷 (1974) Official Trailer by Shaw Brothers.flv
2013-12-09 20:42 - 2013-12-09 20:38 - 14170167 _____ C:\Documents and Settings\user\My Documents\Police Story 2013 Trailer - Jackie Chan.flv
2013-12-09 20:39 - 2013-12-09 20:36 - 07459869 _____ C:\Documents and Settings\user\My Documents\Jackie Chan 成龙 Police Story 2013 Making of 警察故事2013 Cantonese.flv
2013-12-09 20:37 - 2013-12-09 20:36 - 05339955 _____ C:\Documents and Settings\user\My Documents\Jackie Chan Project A cantonese MV.flv
2013-12-09 20:03 - 2012-09-29 23:25 - 00000000 ___HD C:\Documents and Settings\Default User.WINDOWS.0
2013-12-09 20:02 - 2013-12-09 20:02 - 00000000 ____D C:\FRST
2013-12-09 20:00 - 2013-12-09 20:00 - 01060641 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-09 15:00 - 2013-12-09 14:59 - 00048290 _____ C:\Documents and Settings\user\Desktop\diskwipe.zip
2013-12-09 12:11 - 2013-12-09 11:59 - 22762773 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [22] English Subbed.flv
2013-12-09 12:09 - 2013-12-09 11:58 - 21567526 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [12] English Subbed.flv
2013-12-09 12:08 - 2013-12-09 11:57 - 23607319 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [22] English Subbed.flv
2013-12-09 12:07 - 2013-12-09 11:56 - 22696010 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [12] English Subbed.flv
2013-12-09 12:07 - 2013-12-09 11:54 - 22570134 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [22] English Subbed.flv
2013-12-09 12:04 - 2013-12-09 11:51 - 23816813 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [12] English Subbed.flv
2013-12-09 11:44 - 2013-12-09 11:35 - 23364256 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [12] English Subbed.flv
2013-12-09 11:43 - 2013-12-09 11:35 - 19935258 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [22] English Subbed.flv
2013-12-09 11:42 - 2013-12-09 11:34 - 23228214 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [22] English Subbed.flv
2013-12-09 11:36 - 2013-12-09 11:27 - 26414698 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [12] English Subbed.flv
2013-12-09 09:28 - 2013-12-09 09:08 - 27687077 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [22] English Subbed.flv
2013-12-09 09:26 - 2013-12-09 09:08 - 25098463 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [12] English Subbed.flv
2013-12-09 08:48 - 2013-12-09 08:39 - 23573062 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [12] English Subbed.flv
2013-12-09 08:48 - 2013-12-09 08:39 - 23192056 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [22] English Subbed.flv
2013-12-09 08:46 - 2013-12-09 08:46 - 00000000 ____D C:\Documents and Settings\user\.swt
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:43 - 00000000 ____D C:\Program Files\Vuze
2013-12-09 08:43 - 2013-12-09 08:43 - 00000000 _____ C:\END
2013-12-09 08:32 - 2013-12-09 08:32 - 00071808 _____ (Azureus Software, Inc.) C:\Documents and Settings\user\My Documents\VuzeBittorrentClientInstaller.exe
2013-12-09 08:32 - 2013-12-09 08:23 - 24959547 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [22] English Subbed.flv
2013-12-09 08:31 - 2013-12-09 08:23 - 23530571 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [12] English Subbed.flv
2013-12-09 08:17 - 2013-12-09 08:10 - 25507209 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [22] English Subbed.flv
2013-12-09 08:14 - 2013-12-09 08:06 - 27093737 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [12] English Subbed.flv
2013-12-09 08:08 - 2013-12-09 07:58 - 28046653 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [22] English Subbed.flv
2013-12-09 08:05 - 2013-12-09 07:58 - 21091991 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [12] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 07:50 - 23303232 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [22] English Subbed.flv
2013-12-09 07:57 - 2013-12-09 07:49 - 24342219 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [12] English Subbed.flv
2013-12-09 06:17 - 2012-10-03 20:16 - 01154714 ___SH C:\Documents and Settings\user\My Documents\Thumbs.db
2013-12-09 05:35 - 2013-12-09 05:34 - 59674350 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 4.mp4
2013-12-08 23:21 - 2013-12-08 22:05 - 220780616 _____ C:\Documents and Settings\user\My Documents\The Prince Reigns On (Naseem Hamed Documentary).flv
2013-12-08 22:47 - 2013-12-08 22:47 - 75200917 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 1.mp4
2013-12-08 22:45 - 2013-12-08 22:45 - 75192823 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 3.mp4
2013-12-08 22:44 - 2013-12-08 22:44 - 75023592 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 2.mp4
2013-12-08 22:26 - 2013-12-08 22:26 - 51267501 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 5.mp4
2013-12-08 22:02 - 2013-12-08 21:52 - 16276428 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 6.flv
2013-12-08 21:48 - 2013-12-08 21:40 - 21321580 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed Vs Juan Gerardo Cabrera (ENTRANCE & FULL FIGHT).flv
2013-12-08 21:46 - 2013-12-08 21:43 - 08031330 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed body-slams Cesar Soto.flv
2013-12-08 18:22 - 2013-12-08 17:20 - 333570783 _____ C:\Documents and Settings\user\My Documents\Armour of God (Jackie Chan Dub).flv
2013-12-08 17:23 - 2013-12-08 17:20 - 347745474 _____ C:\Documents and Settings\user\My Documents\2013.12.07.Guillermo.Rigondeaux.vs.Joseph.Agbeko.HBO.mp4
2013-12-08 16:40 - 2013-12-08 16:40 - 17158430 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Joseph Agbeko Post-Fight Interview.mp4
2013-12-08 15:38 - 2013-12-08 15:35 - 00001038 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 15:34 - 00139264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-08 15:33 - 2013-12-08 15:32 - 227173530 _____ C:\Documents and Settings\user\My Documents\2013.12.07.James.Kirkland.vs.Glen.Tapia.HBO.mp4
2013-12-08 15:29 - 2013-12-08 15:28 - 199106183 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Chris John vs Simpiwe Vetyeka.mp4
2013-12-08 15:14 - 2013-12-08 15:12 - 122359325 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Darren Barker vs Felix Sturm.mp4
2013-12-07 18:55 - 2012-09-29 23:26 - 01000240 _____ C:\WINDOWS.0\setupapi.log
2013-12-07 18:11 - 2013-12-07 18:06 - 534102647 _____ C:\Documents and Settings\user\My Documents\Alpha Papa (2013).flv
2013-12-07 18:11 - 2013-03-06 04:14 - 00000306 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-07 15:50 - 2013-12-07 15:42 - 333674931 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Bradley Skeete vs Colin Lynes.mp4
2013-12-07 15:40 - 2013-12-07 15:34 - 287045765 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Krzysztof Wlodarczyk vs Giacobbe Fragomeni III.mp4
2013-12-07 15:20 - 2013-12-07 12:49 - 00000000 ____D C:\WINDOWS.0\system32\NtmsData
2013-12-07 12:49 - 2012-09-30 06:40 - 00000000 ____D C:\WINDOWS.0\Registration
2013-12-07 12:49 - 2012-09-29 23:20 - 00000000 ____D C:\WINDOWS.0\repair
2013-12-07 10:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\user\Application Data\Avira
2013-12-07 10:10 - 2012-09-29 23:28 - 00468100 _____ C:\WINDOWS.0\system32\PerfStringBackup.INI
2013-12-07 01:07 - 2013-12-07 01:07 - 00001709 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira Control Center.lnk
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Program Files\Avira
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2013-12-07 01:05 - 2013-12-07 01:05 - 00000000 ____D C:\Documents and Settings\user\My Documents\Avira
2013-12-07 01:03 - 2013-12-07 01:06 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avipbb.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avgntflt.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avkmgr.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00028520 _____ (Avira GmbH) C:\WINDOWS.0\system32\Drivers\ssmdrv.sys
2013-12-07 00:36 - 2013-12-07 00:36 - 02294160 _____ C:\Documents and Settings\user\Desktop\avira_free_antivirus.exe
2013-12-07 00:31 - 2012-09-30 18:43 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software
2013-12-07 00:30 - 2012-09-29 23:20 - 00000000 ____D C:\WINDOWS.0
2013-12-05 21:22 - 2013-12-05 01:27 - 00000000 ____D C:\GOG Games
2013-12-05 14:10 - 2013-12-05 14:10 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-12-05 13:56 - 2009-07-07 19:41 - 00000000 ____D C:\Documents and Settings\QA
2013-12-05 13:42 - 2012-09-30 18:43 - 00269216 _____ (AVAST Software) C:\WINDOWS.0\system32\aswBoot.exe
2013-12-05 13:15 - 2012-09-30 06:47 - 00002577 _____ C:\WINDOWS.0\system32\CONFIG.NT
2013-12-05 01:24 - 2011-02-08 03:34 - 00000000 ____D C:\Documents and Settings\user\My Documents\Dawud
2013-12-05 01:20 - 2008-04-26 04:42 - 00000000 ____D C:\Program Files\MSN
2013-12-05 01:19 - 2013-11-05 07:36 - 00000000 ____D C:\Documents and Settings\user\Application Data\Amazon
2013-12-05 01:19 - 2013-11-05 07:35 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Amazon
2013-12-05 01:19 - 2009-07-11 22:12 - 00000000 ____D C:\Program Files\Google
2013-12-04 17:38 - 2013-12-04 17:34 - 302552601 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis vs Frank Bruno.mp4
2013-12-04 17:27 - 2013-12-04 17:27 - 206268753 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis - Michael Grant. 2000-04-29.mp4
2013-12-04 13:49 - 2013-12-04 13:49 - 00003711 _____ C:\Documents and Settings\user\Application Data\DMZ.vbs
2013-12-02 17:04 - 2013-12-02 17:04 - 22828005 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed Highlights (by GP).mp4
2013-12-02 15:19 - 2013-12-02 15:19 - 00000479 _____ C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000467 _____ C:\Documents and Settings\user\My Documents\Image007 (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000455 _____ C:\Documents and Settings\user\My Documents\Image007.lnk
2013-12-02 11:48 - 2013-12-02 11:45 - 336175903 _____ C:\Documents and Settings\user\My Documents\â˜¯ The Art of Action, Martial Arts in the Movies (Full Documentary) â˜¯.mp4
2013-12-02 07:07 - 2013-12-02 07:07 - 28304396 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt2.mp4
2013-12-02 07:07 - 2013-12-02 07:06 - 25371963 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt1.mp4
2013-12-02 06:50 - 2013-12-02 06:50 - 21223730 _____ C:\Documents and Settings\user\My Documents\GEOFF THOMPSON PASSENGERS.mp4
2013-12-02 06:35 - 2013-12-02 06:34 - 04124631 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson on getting hurt in a street fight.mp4
2013-12-01 13:09 - 2013-12-01 13:07 - 262243540 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson - Fear, My Friend _ London Real.mp4
2013-12-01 12:01 - 2013-12-01 11:39 - 00217088 _____ C:\Documents and Settings\user\My Documents\Thompson.MSWMM
2013-12-01 12:01 - 2013-12-01 11:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-12-01 11:58 - 2013-12-01 11:53 - 10920534 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson.wmv
2013-12-01 11:28 - 2013-12-01 11:27 - 66487343 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson The best Martial Arts instructor on the planet.mpg
2013-12-01 10:15 - 2013-12-01 10:13 - 252072230 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Adonis Stevenson vs Tony Bellew.mp4
2013-12-01 09:19 - 2013-12-01 09:18 - 131224639 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Sergey Kovalev vs Ismayl Sillakh.mp4
2013-12-01 07:07 - 2013-12-01 07:04 - 12362400 _____ C:\Documents and Settings\user\My Documents\Mike Tyson makes a little boy cry at Nuke the Fridge Con 2011 (HD).mp4
2013-12-01 06:33 - 2013-12-01 06:32 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
2013-12-01 06:31 - 2013-12-01 06:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaws.exe
2013-12-01 06:31 - 2013-12-01 06:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javacpl.cpl
2013-12-01 06:31 - 2013-12-01 06:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaw.exe
2013-12-01 06:31 - 2013-12-01 06:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS.0\system32\java.exe
2013-12-01 06:31 - 2013-12-01 06:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-12-01 06:16 - 2013-12-01 06:16 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\user\Desktop\jxpiinstall.exe
2013-11-30 11:25 - 2013-11-30 11:25 - 27768873 _____ C:\Documents and Settings\user\My Documents\Oedipus.mp4
2013-11-30 11:23 - 2013-11-30 11:23 - 25327010 _____ C:\Documents and Settings\user\My Documents\Mythologique.mp4
2013-11-30 10:18 - 2013-11-30 10:19 - 00241220 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 11.rar
2013-11-29 13:57 - 2013-05-21 06:57 - 00000000 ____D C:\Documents and Settings\user\My Documents\Jaheim
2013-11-29 00:10 - 2013-03-04 01:05 - 00000000 ____D C:\Documents and Settings\user\Application Data\Skype
2013-11-28 22:53 - 2013-11-28 21:17 - 00000000 ____D C:\Documents and Settings\user\Application Data\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:12 - 00000742 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Broken Sword 2.5.lnk
2013-11-28 21:12 - 2013-11-28 21:12 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:02 - 00000000 ____D C:\Program Files\Broken Sword 2.5
2013-11-28 18:10 - 2013-03-04 01:05 - 00002269 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Skype.lnk
2013-11-28 17:38 - 2013-11-28 17:38 - 15863306 _____ C:\Documents and Settings\user\My Documents\Conor Mcgregor Leading the Irish Invasion in MMA.mp4
2013-11-28 13:36 - 2013-11-28 13:36 - 11138079 _____ C:\Documents and Settings\user\My Documents\FLOYD MAYWEATHER JR. DANCING WITH THE JUMP ROPE.mp4
2013-11-28 12:03 - 2013-11-28 12:03 - 11954764 _____ C:\Documents and Settings\user\My Documents\NSYNC- Tearin' Up My Heart (The View).mp4
2013-11-28 11:59 - 2013-11-28 11:59 - 15069565 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin' Up My Heart.mp4
2013-11-28 11:56 - 2013-11-28 11:56 - 16293397 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin Up My Heart (Live MTV TRL 1998.).mp4
2013-11-28 11:54 - 2013-11-28 11:54 - 19781199 _____ C:\Documents and Settings\user\My Documents\N Sync perform Tearin' Up My Heart on 5's Company.mp4
2013-11-28 11:51 - 2013-11-28 11:51 - 14261218 _____ C:\Documents and Settings\user\My Documents\N_Sync - Tearin' Up My Heart (Fashionably Loud - 1999).mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 17150218 _____ C:\Documents and Settings\user\My Documents\'N Sync_ Bye Bye Bye-- Gloria Estefan's Caribbean Soul_ The Atlantis Concert.mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 16232428 _____ C:\Documents and Settings\user\My Documents\'N SYNC-BYE BYE BYE 2000 live.mp4
2013-11-27 22:31 - 2013-11-27 22:27 - 320287231 _____ C:\Documents and Settings\user\My Documents\2013-11-27 Anthony Mundine vs Shane Mosley.mp4
2013-11-23 17:08 - 2013-11-23 17:08 - 02218261 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 10.rar
2013-11-23 15:09 - 2013-11-23 14:05 - 01792957 _____ C:\Documents and Settings\user\Desktop\In my magic box....pptx
2013-11-23 10:48 - 2013-11-23 17:05 - 00489472 _____ C:\Documents and Settings\user\Desktop\comparatives_er_est.ppt
2013-11-18 15:05 - 2013-10-27 12:33 - 00000000 ____D C:\Documents and Settings\user\My Documents\OU third year
2013-11-18 05:46 - 2012-09-30 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 20:23 - 2013-11-16 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-11-16 16:20 - 2013-11-16 16:20 - 00000694 _____ C:\Documents and Settings\user\Desktop\WinRAR.lnk
2013-11-16 16:20 - 2013-11-16 16:20 - 00000000 ____D C:\Program Files\WinRAR
2013-11-16 15:49 - 2012-09-30 23:55 - 00002519 _____ C:\Documents and Settings\user\Desktop\Microsoft Office Word 2007.lnk
2013-11-11 21:00 - 2013-11-10 17:57 - 00000000 ____D C:\Documents and Settings\user\My Documents\An Idiot Abroad Complete 3 series
2013-11-11 06:25 - 2013-11-11 06:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\My Documents\mbam-setup-1.75.0.1300.exe
2013-11-11 06:20 - 2013-11-11 06:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\My Documents\rkill.exe
2013-11-11 06:17 - 2013-11-11 06:17 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\My Documents\TFC.exe
2013-11-11 06:08 - 2013-11-11 06:08 - 03538944 _____ C:\Documents and Settings\user\My Documents\RogueKiller.exe
2013-11-11 05:59 - 2013-11-11 05:59 - 07555864 _____ (Webroot Software, Inc.) C:\Documents and Settings\user\My Documents\WRUpgradeTool.exe
2013-11-11 05:55 - 2013-11-11 05:55 - 00275848 _____ (Webroot Software Inc (www.webroot.com)) C:\Documents and Settings\user\My Documents\CleanWDF.exe
Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\7z920.exe
C:\Documents and Settings\user\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\user\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\user\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\user\Local Settings\Temp\TFR198.exe
C:\Documents and Settings\user\Local Settings\Temp\UpdateCheckerSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\user\Local Settings\Temp\Vuze_Installer.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================


----------



## dawudbryant (Sep 12, 2013)

heres the systemlook log

SystemLook 30.07.11 by jpshortstuff
Log created at 14:30 on 10/12/2013 by user
Administrator - Elevation successful
========== filefind ==========
Searching for "*tovhfhfiei.vbs*"
C:\Documents and Settings\user\Recent\tovhfhfiei.vbs.lnk --a---- 1049 bytes [11:29 05/12/2013] [08:32 10/12/2013] 45186029D6AB355BA1380B69301E2F63
C:\FRST\Quarantine\tovhfhfiei.vbs --a---- 77339 bytes [06:56 30/11/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
========== regfind ==========
Searching for "tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_LOCAL_MACHINE\SOFTWARE\tovhfhfiei]
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="tovhfhfiei"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
Searching for "tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
========== service ==========
tovhfhfiei - Unable to open Service Handle.
-= EOF =-


----------



## Mark1956 (May 7, 2011)

Run the microsoft fix-it on this page: http://support.microsoft.com/kb/330132

That should fix the error at boot up. I'll just put together another script for FRST to remove the other instances of the infected file.


----------



## Mark1956 (May 7, 2011)

Please run this just as you did before, then reboot and run SystemLook again (post 124) just to be sure it has gone and post the report. Also, tell me how well the laptop is now running.

Open Notepad and *Copy & Paste* the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select *Copy* then right click in the Notepad window and select *Paste*. Save it to the same location that FRST is saved in as *fixlist.txt* _*<--- it is very important to spell this name exactly as written here.*_


```
C:\Documents and Settings\user\Recent\tovhfhfiei.vbs.lnk
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_LOCAL_MACHINE\SOFTWARE\tovhfhfiei]
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="tovhfhfiei"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.*


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.


----------



## Mark1956 (May 7, 2011)

I have found a small item of software that will immunize the infection on the USB flash drives, this will cut out the risk of it passing the infection on. Complete everything I posted above and then follow these instructions, to be extra safe, install this on the desktop as well. Once you have run it on the laptop with both of the flash drives it will be safe to transfer the program using one of them onto the desktop PC.

Download and install the USB Immunizer on this page: USB Immunizer, make sure you select the correct application and save it to your desktop.

Double click on the program's icon to run it. Plug in the infected USB flash drive, you should see it appear in the window, click on it and it should immunize the drive and confirm the job is done. This will disable any threats on the USB drive which you should then be able to locate and delete.

Repeat with the second flash drive.


----------



## dawudbryant (Sep 12, 2013)

heres that log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2013
Ran by user at 2013-12-10 17:32:46 Run:2
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Documents and Settings\user\Recent\tovhfhfiei.vbs.lnk
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_LOCAL_MACHINE\SOFTWARE\tovhfhfiei]
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="tovhfhfiei"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
*****************
C:\Documents and Settings\user\Recent\tovhfhfiei.vbs.lnk => Moved successfully.
"C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs" => File/Directory not found.
==== End of Fixlog ====


----------



## dawudbryant (Sep 12, 2013)

system look log, was pretty quick, like a split second

SystemLook 30.07.11 by jpshortstuff
Log created at 17:40 on 10/12/2013 by user
Administrator - Elevation successful
No Context: C:\Documents and Settings\user\Recent\tovhfhfiei.vbs.lnk
No Context: [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
No Context: "002"="tovhfhfiei"
No Context: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
No Context: "f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\vbs]
No Context: "a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\tovhfhfiei]
No Context: [HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Search Assistant\ACMru\5603]
No Context: "002"="tovhfhfiei"
No Context: [HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
No Context: "f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
No Context: "a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
No Context: "f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\vbs]
No Context: "a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
No Context: "f"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
No Context: [HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
No Context: "a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
No Context: C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs
-= EOF =-

laptops running ok, same as usual


----------



## dawudbryant (Sep 12, 2013)

i have done that to both flash drives. How can I locate any remaining files in the flashdrives? The only place that actually shows if the .vbs file remains is on the desktop. What should I do now?

Thanks again


----------



## Mark1956 (May 7, 2011)

You need to put the USB immunizer on the desktop PC as well, using one of the the immunized flash drives, as posted in 131. You should then be able to delete any remaining files.

The FRST scan has not completed the removal of the registry sub keys. As the files have been removed the infection should be gone, but I would not want to leave behind any traces that relate to it. The FRST tutorial web page is unavailable at the moment so I am going to post in our private forum to find out what I did wrong.

Meanwhile, run FRST again on the desktop and transfer the log with a flash drive to the laptop and post it in your next reply, we will then remove the bad files from that system.


----------



## dawudbryant (Sep 12, 2013)

Ok thank u


----------



## dawudbryant (Sep 12, 2013)

It hasnt worked. As usual the desktop shows the .vbs file, it has also created in the flashdrive a shortcut for the immunizer. It also has something called autorun.inf that wont delete.
I tried deleting the .vbs file and the shortcut for the immunizer but they straight away reappeared.

Should I still do the FRST scan?


----------



## dawudbryant (Sep 12, 2013)

oh yeah, when I tried to immunize the flashdrive it said its already done, yet its not empty


----------



## dawudbryant (Sep 12, 2013)

i just plugged back in my flashdrive that i used to put the usb immunizer to my desktop and it now is shortcuts again. Both the immunizer and the notepad file i used to show u the log have turned to shortcuts

heres the log though

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01 (ATTENTION: ====> FRST version is 48 days old and could be outdated)
Ran by Dawud and Saarah (administrator) on DAWUDANDSAARAH on 10-12-2013 19:02:57
Running from C:\Users\Dawud and Saarah\Downloads
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk [1330 2011-10-09] ()
HKLM\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk [2207 2011-10-09] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [oldzvawkdi] - wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs"
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c8e150cbfa6b47d1a45775f39d00a23e-027958058064e5f518bc24a68962ff4aa6b1ad02 --CMPID 0913b
HKCU\...\Run: [tovhfhfiei] - C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs [77339 2013-11-27] ()
AppInit_DLLs: [ ] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: (No Name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/myweb...A8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice.myspace.com/in...ults&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKCU - {0CF8A51C-4DAC-4900-BEC3-E342D52BC630} URL = 
SearchScopes: HKCU - {41396b1b-447e-473b-a34b-bb583136c7fc} URL = http://search.mywebsearch.com/myweb...A8UjQ&st=sb&n=77ecdaca&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D2416C90-7C43-4832-AD2F-54BDCFC42716} URL = http://search.avg.com/?d=4e445065&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll (MindSpark)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll (MindSpark)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @OurBabyMaker_27.com/Plugin - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [[email protected]_27.com] - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF Extension: OurBabymaker - C:\Program Files\OurBabyMaker_27\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{A4E1CE0F-E864-4502-9E27-784BBE8F276D}] - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF Extension: XULRunner - C:\Users\Dawud and Saarah\AppData\Local\{A4E1CE0F-E864-4502-9E27-784BBE8F276D}
FF HKCU\...\Firefox\Extensions: [{DDEC7074-F53C-11E1-8270-B8AC6F996F26}] - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Dawud and Saarah\AppData\Local\{DDEC7074-F53C-11E1-8270-B8AC6F996F26}\
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Search Results) - http://www.google.com
CHR DefaultSuggestURL: (Search Results) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Dawud and Saarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\OurBabyMaker_27\bar\1.bin\NP27Stub.dll (MindSpark)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (YouTube) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Torch Share) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3158_0
CHR Extension: (Skype Click to Call) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\DAWUDA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Dawud and Saarah\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 OurBabyMaker_27Service; C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe [42504 2012-01-12] (COMPANYVERS_NAME)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 arusb_lh; C:\Windows\System32\DRIVERS\arusb_lh.sys [407040 2007-11-13] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-28] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-10 18:43 - 2013-12-10 17:44 - 04071672 ___SH (Bitdefender LLC) C:\Users\Dawud and Saarah\Desktop\BDUSBImmunizerLauncher.exe
2013-12-08 16:32 - 2013-12-08 16:35 - 00001108 _____ C:\Users\Dawud and Saarah\Desktop\SystemLook.txt
2013-12-08 16:32 - 2013-12-08 15:34 - 00139264 ___SH C:\Users\Dawud and Saarah\Desktop\SystemLook.exe
2013-12-05 23:08 - 2013-12-05 23:08 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Broken Sword 5
2013-12-05 22:52 - 2013-12-05 22:52 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00000000 ____D C:\Program Files\OpenAL
2013-12-05 22:25 - 2013-11-27 12:43 - 00077339 ___SH C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs
2013-12-02 15:27 - 2013-12-02 15:28 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Wedding Pics. & Others (Dawud Only)
2013-12-02 15:22 - 2013-12-08 20:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\CrashDumps
2013-12-02 15:19 - 2013-12-02 15:19 - 00000670 _____ C:\Users\Dawud and Saarah\Desktop\Service repair - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000641 _____ C:\Users\Dawud and Saarah\Desktop\RogueKiller - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000620 _____ C:\Users\Dawud and Saarah\Desktop\CleanWDF - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000595 _____ C:\Users\Dawud and Saarah\Desktop\rkill - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\TFC - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\FSS - Shortcut.lnk
2013-11-27 10:57 - 2013-11-27 10:58 - 00145920 _____ C:\Windows\Minidump\112713-24226-01.dmp
2013-11-23 17:20 - 2013-11-23 17:20 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\Week 10
2013-11-23 10:48 - 2013-11-23 10:48 - 00489472 _____ C:\Users\Dawud and Saarah\Desktop\comparatives_er_est.ppt
2013-11-23 10:38 - 2013-11-23 10:39 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\English Week 9
2013-11-16 15:53 - 2013-11-16 17:15 - 02146451 _____ C:\Users\Dawud and Saarah\Desktop\English Term 1 Week 9.rar
2013-11-15 09:44 - 2013-11-15 09:47 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\New folder
2013-11-13 14:30 - 2013-11-13 14:00 - 00360775 _____ (Farbar) C:\Users\Dawud and Saarah\Desktop\FSS.exe
2013-11-12 10:24 - 2013-11-12 09:47 - 00039658 _____ C:\Users\Dawud and Saarah\Desktop\Service repair.zip
2013-11-11 07:09 - 2013-11-11 07:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 07:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-11 06:57 - 2013-11-11 07:01 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\RK_Quarantine
2013-11-10 22:18 - 2013-12-07 12:40 - 00006882 _____ C:\Windows\PFRO.log
2013-11-10 22:14 - 2013-11-10 22:15 - 03847400 _____ C:\Users\Dawud and Saarah\Downloads\32bit.exe
2013-11-10 21:59 - 2013-11-10 22:04 - 14545288 _____ (Trend Micro Inc. ) C:\Users\Dawud and Saarah\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-11-10 21:36 - 2013-11-11 06:07 - 00158616 _____ C:\TMPatch.log
==================== One Month Modified Files and Folders =======
2013-12-10 18:45 - 2011-02-20 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-12-10 18:41 - 2010-09-22 22:30 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 18:40 - 2013-02-07 06:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 18:39 - 2010-09-22 22:30 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 17:44 - 2013-12-10 18:43 - 04071672 ___SH (Bitdefender LLC) C:\Users\Dawud and Saarah\Desktop\BDUSBImmunizerLauncher.exe
2013-12-09 06:23 - 2012-07-27 19:00 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Skype
2013-12-09 06:21 - 2009-07-14 07:55 - 02090662 _____ C:\Windows\WindowsUpdate.log
2013-12-08 21:16 - 2012-02-07 20:02 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\vlc
2013-12-08 20:09 - 2013-12-02 15:22 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Local\CrashDumps
2013-12-08 16:35 - 2013-12-08 16:32 - 00001108 _____ C:\Users\Dawud and Saarah\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 16:32 - 00139264 ___SH C:\Users\Dawud and Saarah\Desktop\SystemLook.exe
2013-12-07 14:42 - 2012-09-27 14:09 - 00033054 _____ C:\Windows\setupact.log
2013-12-07 12:47 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 12:47 - 2009-07-14 07:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 12:42 - 2010-03-01 19:28 - 00000000 ____D C:\ProgramData\Sonic
2013-12-07 12:41 - 2010-10-11 21:59 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Dropbox
2013-12-07 12:40 - 2013-11-10 22:18 - 00006882 _____ C:\Windows\PFRO.log
2013-12-07 12:40 - 2013-05-31 19:49 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-07 12:40 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 23:08 - 2013-12-05 23:08 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Broken Sword 5
2013-12-05 22:52 - 2013-12-05 22:52 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-05 22:52 - 2013-12-05 22:52 - 00000000 ____D C:\Program Files\OpenAL
2013-12-02 15:28 - 2013-12-02 15:27 - 00000000 ____D C:\Users\Dawud and Saarah\Documents\Wedding Pics. & Others (Dawud Only)
2013-12-02 15:19 - 2013-12-02 15:19 - 00000670 _____ C:\Users\Dawud and Saarah\Desktop\Service repair - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000641 _____ C:\Users\Dawud and Saarah\Desktop\RogueKiller - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000620 _____ C:\Users\Dawud and Saarah\Desktop\CleanWDF - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000595 _____ C:\Users\Dawud and Saarah\Desktop\rkill - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\TFC - Shortcut.lnk
2013-12-02 15:18 - 2013-12-02 15:18 - 00000579 _____ C:\Users\Dawud and Saarah\Desktop\FSS - Shortcut.lnk
2013-12-01 19:36 - 2013-01-26 10:03 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\dvdcss
2013-11-27 12:43 - 2013-12-05 22:25 - 00077339 ___SH C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs
2013-11-27 10:58 - 2013-11-27 10:57 - 00145920 _____ C:\Windows\Minidump\112713-24226-01.dmp
2013-11-27 10:57 - 2012-10-10 13:29 - 104947566 _____ C:\Windows\MEMORY.DMP
2013-11-27 10:57 - 2010-10-05 20:37 - 00000000 ____D C:\Windows\Minidump
2013-11-23 17:20 - 2013-11-23 17:20 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\Week 10
2013-11-23 10:48 - 2013-11-23 10:48 - 00489472 _____ C:\Users\Dawud and Saarah\Desktop\comparatives_er_est.ppt
2013-11-23 10:39 - 2013-11-23 10:38 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\English Week 9
2013-11-23 10:39 - 2010-08-11 01:49 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\games
2013-11-16 17:15 - 2013-11-16 15:53 - 02146451 _____ C:\Users\Dawud and Saarah\Desktop\English Term 1 Week 9.rar
2013-11-15 09:47 - 2013-11-15 09:44 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\New folder
2013-11-15 09:45 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 14:00 - 2013-11-13 14:30 - 00360775 _____ (Farbar) C:\Users\Dawud and Saarah\Desktop\FSS.exe
2013-11-12 09:47 - 2013-11-12 10:24 - 00039658 _____ C:\Users\Dawud and Saarah\Desktop\Service repair.zip
2013-11-11 07:09 - 2013-11-11 07:09 - 00000000 ____D C:\Users\Dawud and Saarah\AppData\Roaming\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 07:08 - 2013-11-11 07:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 07:01 - 2013-11-11 06:57 - 00000000 ____D C:\Users\Dawud and Saarah\Desktop\RK_Quarantine
2013-11-11 06:07 - 2013-11-10 21:36 - 00158616 _____ C:\TMPatch.log
2013-11-10 22:15 - 2013-11-10 22:14 - 03847400 _____ C:\Users\Dawud and Saarah\Downloads\32bit.exe
2013-11-10 22:15 - 2010-03-01 19:28 - 00000000 ____D C:\ProgramData\Trend Micro
2013-11-10 22:04 - 2013-11-10 21:59 - 14545288 _____ (Trend Micro Inc. ) C:\Users\Dawud and Saarah\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-11-10 21:29 - 2010-04-06 00:30 - 00000000 ____D C:\Users\Dawud and Saarah
Some content of TEMP:
====================
C:\Users\Dawud and Saarah\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-10-14 01:47
==================== End Of Log ============================


----------



## dawudbryant (Sep 12, 2013)

and they dont delete, they come back, all the same problem again


----------



## Mark1956 (May 7, 2011)

The autorun.inf file is created by the immunizer on the flash drive so should be left alone, it should stop the infection from running. We now need to remove the infected files from the desktop, then we can move on to removing it from the flash drives. This does appear to be a difficult infection to remove, but I am sure we will get there in the end. Re-infection is the biggest problem, I'm just hoping that the immunizer really will stop it. I should get some useful input soon from our other Malware experts.

If you create the notepad document on the laptop you can then transfer it to the desktop with a flash drive, then transfer the log back and post it.

Open Notepad and *Copy & Paste* the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select *Copy* then right click in the Notepad window and select *Paste*. Save it to the same location that FRST is saved in as *fixlist.txt* _*<--- it is very important to spell this name exactly as written here.*_


```
HKCU\...\Run: [oldzvawkdi] - wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs"
HKCU\...\Run: [tovhfhfiei] - C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs [77339 2013-11-27] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.*


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.


----------



## dawudbryant (Sep 12, 2013)

heres the log for the desktop

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah at 2013-12-11 06:14:55 Run:2
Running from C:\Users\Dawud and Saarah\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [oldzvawkdi] - wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\oldzvawkdi..vbs"
HKCU\...\Run: [tovhfhfiei] - C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs [77339 2013-11-27] ()
Startup: C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\oldzvawkdi => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tovhfhfiei => Value deleted successfully.
C:\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs => Moved successfully.

==== End of Fixlog ====


----------



## Mark1956 (May 7, 2011)

Ok, that log looks good. As the flash drives has been in used with the infected file still on it please run FRST again on the laptop and post the log so I can check the Worm hasn't got back onto it.

I'd also like you to run a deep scan on the laptop with Eset to make quite sure it is clean.

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.


Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.


----------



## dawudbryant (Sep 12, 2013)

thanks

heres the laptop frst scan

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013 01
Ran by user (administrator) on COMPUTER_1 on 11-12-2013 12:50:28
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
() C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\alg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wscript.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TkBellExe] - C:\Program Files\real\realplayer\Update\realsched.exe [295072 2013-03-05] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Documents and Settings\user\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [tovhfhfiei] - C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs [77339 2013-11-27] ()
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-03] (Adobe Systems Incorporated)
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-07-11] (Google Inc.)
HKU\Guest\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-17] (Microsoft Corporation)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2289C1EC-B6EE-4B74-83C7-F63FCA11993D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10675
SearchScopes: HKCU - {D89485F7-86F9-4609-9BA4-B2503D067007} URL = http://search.us.com/serp?guid={A2C...&action=default_search&serpv=5&k={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.0\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: artur.dubovoy - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: firefox - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: hdvc3 - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Extensions\[email protected]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS.0\system32\npDeployJava1.dll No File
CHR Extension: (Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (HDvid Codec 3) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo\3.0_0
CHR Extension: (avast! WebRep) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (RealDownloader) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-12-07] (Avira Operations GmbH & Co. KG)
S3 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [246272 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS.0\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\Windows\System32\Drivers\abp480n5.sys [23552 2001-08-18] (Microsoft Corporation)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2009-03-16] (Creative)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1391104 2009-01-07] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [14248 2008-11-05] (Windows (R) Codename Longhorn DDK provider)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2009-03-16] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [x]
R3 HpqKbFiltr; system32\DRIVERS\HpqKbFiltr.sys [x]
R3 RTSTOR; system32\drivers\RTSTOR.SYS [x]
R1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]
S3 usbaudio; system32\drivers\usbaudio.sys [x]
S3 usbscan; system32\DRIVERS\usbscan.sys [x]
U1 WS2IFSL; 
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-11 12:50 - 2013-12-11 12:51 - 00018890 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-11 12:50 - 2013-12-11 12:50 - 00000000 ____D C:\Documents and Settings\user\Desktop\FRST-OlderVersion
2013-12-10 19:10 - 2013-11-27 12:43 - 00077339 ___SH C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs
2013-12-10 18:09 - 2013-12-10 18:09 - 00000000 ____D C:\Documents and Settings\user\My Documents\My Received Files
2013-12-10 17:44 - 2013-12-10 17:44 - 04071672 _____ (Bitdefender LLC) C:\Documents and Settings\user\Desktop\BDUSBImmunizerLauncher.exe
2013-12-10 17:01 - 2013-12-10 17:17 - 00000000 ____D C:\WINDOWS.0\pss
2013-12-10 15:45 - 2013-12-10 16:31 - 146787911 _____ C:\Documents and Settings\user\My Documents\30 Days in May 2013.flv
2013-12-10 15:33 - 2013-12-10 15:45 - 35196864 _____ C:\Documents and Settings\user\My Documents\Religious Tolerance in Oman Part 1.flv
2013-12-10 15:32 - 2013-12-10 15:45 - 35202555 _____ C:\Documents and Settings\user\My Documents\Religious Tolerance in Oman Part 2.flv
2013-12-10 15:29 - 2013-12-10 15:32 - 08522290 _____ C:\Documents and Settings\user\My Documents\Religious Tolerance in Oman Part 3.flv
2013-12-10 13:23 - 2013-12-10 13:27 - 12103598 _____ C:\Documents and Settings\user\My Documents\How to Tie a Shemagh Scarf.flv
2013-12-10 13:21 - 2013-12-10 13:22 - 03624887 _____ C:\Documents and Settings\user\My Documents\How to do the traditional Bedouin Omani Masarh.flv
2013-12-10 13:16 - 2013-12-10 13:20 - 14151685 _____ C:\Documents and Settings\user\My Documents\afghan turban Imamah (امامه پګړۍ پټکۍ لونګۍ ) www.afghanvoice.com
2013-12-10 13:13 - 2013-12-10 13:15 - 06100935 _____ C:\Documents and Settings\user\My Documents\Bending a Turban like Abdul Alhazred.flv
2013-12-09 20:46 - 2013-12-09 20:46 - 02556305 _____ C:\Documents and Settings\user\My Documents\The Golden Lotus 金瓶雙艷 (1974) Official Trailer by Shaw Brothers.flv
2013-12-09 20:45 - 2013-12-09 20:48 - 07253883 _____ C:\Documents and Settings\user\My Documents\Jackie Chan - The Golden Lotus 1974 (Mandarin).flv
2013-12-09 20:38 - 2013-12-09 20:42 - 14170167 _____ C:\Documents and Settings\user\My Documents\Police Story 2013 Trailer - Jackie Chan.flv
2013-12-09 20:36 - 2013-12-09 20:39 - 07459869 _____ C:\Documents and Settings\user\My Documents\Jackie Chan 成龙 Police Story 2013 Making of 警察故事2013 Cantonese.flv
2013-12-09 20:36 - 2013-12-09 20:37 - 05339955 _____ C:\Documents and Settings\user\My Documents\Jackie Chan Project A cantonese MV.flv
2013-12-09 20:02 - 2013-12-11 12:50 - 00000000 ____D C:\FRST
2013-12-09 20:00 - 2013-12-11 12:50 - 01061389 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-09 14:59 - 2013-12-09 15:00 - 00048290 _____ C:\Documents and Settings\user\Desktop\diskwipe.zip
2013-12-09 11:59 - 2013-12-09 12:11 - 22762773 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [22] English Subbed.flv
2013-12-09 11:58 - 2013-12-09 12:09 - 21567526 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [12] English Subbed.flv
2013-12-09 11:57 - 2013-12-09 12:08 - 23607319 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [22] English Subbed.flv
2013-12-09 11:56 - 2013-12-09 12:07 - 22696010 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [12] English Subbed.flv
2013-12-09 11:54 - 2013-12-09 12:07 - 22570134 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [22] English Subbed.flv
2013-12-09 11:51 - 2013-12-09 12:04 - 23816813 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [12] English Subbed.flv
2013-12-09 11:35 - 2013-12-09 11:44 - 23364256 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [12] English Subbed.flv
2013-12-09 11:35 - 2013-12-09 11:43 - 19935258 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [22] English Subbed.flv
2013-12-09 11:34 - 2013-12-09 11:42 - 23228214 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [22] English Subbed.flv
2013-12-09 11:27 - 2013-12-09 11:36 - 26414698 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [12] English Subbed.flv
2013-12-09 09:08 - 2013-12-09 09:28 - 27687077 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [22] English Subbed.flv
2013-12-09 09:08 - 2013-12-09 09:26 - 25098463 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [12] English Subbed.flv
2013-12-09 08:46 - 2013-12-09 08:46 - 00000000 ____D C:\Documents and Settings\user\.swt
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Vuze.lnk
2013-12-09 08:43 - 2013-12-11 12:51 - 00000000 ____D C:\Documents and Settings\user\Application Data\Azureus
2013-12-09 08:43 - 2013-12-09 08:44 - 00000000 ____D C:\Program Files\Vuze
2013-12-09 08:43 - 2013-12-09 08:43 - 00000000 _____ C:\END
2013-12-09 08:39 - 2013-12-09 08:48 - 23573062 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [12] English Subbed.flv
2013-12-09 08:39 - 2013-12-09 08:48 - 23192056 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [22] English Subbed.flv
2013-12-09 08:32 - 2013-12-09 08:32 - 00071808 _____ (Azureus Software, Inc.) C:\Documents and Settings\user\My Documents\VuzeBittorrentClientInstaller.exe
2013-12-09 08:23 - 2013-12-09 08:32 - 24959547 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [22] English Subbed.flv
2013-12-09 08:23 - 2013-12-09 08:31 - 23530571 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [12] English Subbed.flv
2013-12-09 08:10 - 2013-12-09 08:17 - 25507209 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [22] English Subbed.flv
2013-12-09 08:06 - 2013-12-09 08:14 - 27093737 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [12] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 08:08 - 28046653 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [22] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 08:05 - 21091991 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [12] English Subbed.flv
2013-12-09 07:50 - 2013-12-09 07:58 - 23303232 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [22] English Subbed.flv
2013-12-09 07:49 - 2013-12-09 07:57 - 24342219 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [12] English Subbed.flv
2013-12-09 05:34 - 2013-12-09 05:35 - 59674350 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 4.mp4
2013-12-08 22:47 - 2013-12-08 22:47 - 75200917 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 1.mp4
2013-12-08 22:45 - 2013-12-08 22:45 - 75192823 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 3.mp4
2013-12-08 22:44 - 2013-12-08 22:44 - 75023592 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 2.mp4
2013-12-08 22:26 - 2013-12-08 22:26 - 51267501 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 5.mp4
2013-12-08 22:05 - 2013-12-08 23:21 - 220780616 _____ C:\Documents and Settings\user\My Documents\The Prince Reigns On (Naseem Hamed Documentary).flv
2013-12-08 21:52 - 2013-12-08 22:02 - 16276428 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 6.flv
2013-12-08 21:43 - 2013-12-08 21:46 - 08031330 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed body-slams Cesar Soto.flv
2013-12-08 21:40 - 2013-12-08 21:48 - 21321580 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed Vs Juan Gerardo Cabrera (ENTRANCE & FULL FIGHT).flv
2013-12-08 17:20 - 2013-12-08 18:22 - 333570783 _____ C:\Documents and Settings\user\My Documents\Armour of God (Jackie Chan Dub).flv
2013-12-08 17:20 - 2013-12-08 17:23 - 347745474 _____ C:\Documents and Settings\user\My Documents\2013.12.07.Guillermo.Rigondeaux.vs.Joseph.Agbeko.HBO.mp4
2013-12-08 16:40 - 2013-12-08 16:40 - 17158430 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Joseph Agbeko Post-Fight Interview.mp4
2013-12-08 15:35 - 2013-12-10 17:40 - 00004824 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-08 15:34 - 2013-12-08 15:34 - 00139264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-08 15:32 - 2013-12-08 15:33 - 227173530 _____ C:\Documents and Settings\user\My Documents\2013.12.07.James.Kirkland.vs.Glen.Tapia.HBO.mp4
2013-12-08 15:28 - 2013-12-08 15:29 - 199106183 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Chris John vs Simpiwe Vetyeka.mp4
2013-12-08 15:12 - 2013-12-08 15:14 - 122359325 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Darren Barker vs Felix Sturm.mp4
2013-12-07 18:06 - 2013-12-07 18:11 - 534102647 _____ C:\Documents and Settings\user\My Documents\Alpha Papa (2013).flv
2013-12-07 15:42 - 2013-12-07 15:50 - 333674931 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Bradley Skeete vs Colin Lynes.mp4
2013-12-07 15:34 - 2013-12-07 15:40 - 287045765 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Krzysztof Wlodarczyk vs Giacobbe Fragomeni III.mp4
2013-12-07 12:49 - 2013-12-07 15:20 - 00000000 ____D C:\WINDOWS.0\system32\NtmsData
2013-12-07 10:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\user\Application Data\Avira
2013-12-07 01:07 - 2013-12-07 01:07 - 00001709 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira Control Center.lnk
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Program Files\Avira
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2013-12-07 01:06 - 2013-12-07 01:03 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avipbb.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avgntflt.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avkmgr.sys
2013-12-07 01:06 - 2013-12-07 01:03 - 00028520 _____ (Avira GmbH) C:\WINDOWS.0\system32\Drivers\ssmdrv.sys
2013-12-07 01:05 - 2013-12-07 01:05 - 00000000 ____D C:\Documents and Settings\user\My Documents\Avira
2013-12-07 00:36 - 2013-12-07 00:36 - 02294160 _____ C:\Documents and Settings\user\Desktop\avira_free_antivirus.exe
2013-12-05 14:10 - 2013-12-05 14:10 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-12-05 01:27 - 2013-12-05 21:22 - 00000000 ____D C:\GOG Games
2013-12-04 17:34 - 2013-12-04 17:38 - 302552601 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis vs Frank Bruno.mp4
2013-12-04 17:27 - 2013-12-04 17:27 - 206268753 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis - Michael Grant. 2000-04-29.mp4
2013-12-04 13:49 - 2013-12-04 13:49 - 00003711 _____ C:\Documents and Settings\user\Application Data\DMZ.vbs
2013-12-02 17:04 - 2013-12-02 17:04 - 22828005 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed Highlights (by GP).mp4
2013-12-02 15:19 - 2013-12-02 15:19 - 00000479 _____ C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000467 _____ C:\Documents and Settings\user\My Documents\Image007 (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000455 _____ C:\Documents and Settings\user\My Documents\Image007.lnk
2013-12-02 11:45 - 2013-12-02 11:48 - 336175903 _____ C:\Documents and Settings\user\My Documents\â˜¯ The Art of Action, Martial Arts in the Movies (Full Documentary) â˜¯.mp4
2013-12-02 07:07 - 2013-12-02 07:07 - 28304396 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt2.mp4
2013-12-02 07:06 - 2013-12-02 07:07 - 25371963 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt1.mp4
2013-12-02 06:50 - 2013-12-02 06:50 - 21223730 _____ C:\Documents and Settings\user\My Documents\GEOFF THOMPSON PASSENGERS.mp4
2013-12-02 06:34 - 2013-12-02 06:35 - 04124631 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson on getting hurt in a street fight.mp4
2013-12-01 13:07 - 2013-12-01 13:09 - 262243540 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson - Fear, My Friend _ London Real.mp4
2013-12-01 11:53 - 2013-12-01 11:58 - 10920534 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson.wmv
2013-12-01 11:39 - 2013-12-01 12:01 - 00217088 _____ C:\Documents and Settings\user\My Documents\Thompson.MSWMM
2013-12-01 11:33 - 2013-12-01 12:01 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-12-01 11:27 - 2013-12-01 11:28 - 66487343 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson The best Martial Arts instructor on the planet.mpg
2013-12-01 10:13 - 2013-12-01 10:15 - 252072230 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Adonis Stevenson vs Tony Bellew.mp4
2013-12-01 09:18 - 2013-12-01 09:19 - 131224639 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Sergey Kovalev vs Ismayl Sillakh.mp4
2013-12-01 08:52 - 2012-12-27 18:46 - 600507683 _____ C:\Documents and Settings\user\My Documents\Martial Arts the real story episode 2.mpg
2013-12-01 07:04 - 2013-12-01 07:07 - 12362400 _____ C:\Documents and Settings\user\My Documents\Mike Tyson makes a little boy cry at Nuke the Fridge Con 2011 (HD).mp4
2013-12-01 06:33 - 2013-12-01 06:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaws.exe
2013-12-01 06:33 - 2013-12-01 06:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javacpl.cpl
2013-12-01 06:32 - 2013-12-01 06:33 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
2013-12-01 06:32 - 2013-12-01 06:31 - 00175016 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaw.exe
2013-12-01 06:32 - 2013-12-01 06:31 - 00174504 _____ (Oracle Corporation) C:\WINDOWS.0\system32\java.exe
2013-12-01 06:32 - 2013-12-01 06:31 - 00094632 _____ (Oracle Corporation) C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-12-01 06:16 - 2013-12-01 06:16 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\user\Desktop\jxpiinstall.exe
2013-11-30 11:25 - 2013-11-30 11:25 - 27768873 _____ C:\Documents and Settings\user\My Documents\Oedipus.mp4
2013-11-30 11:23 - 2013-11-30 11:23 - 25327010 _____ C:\Documents and Settings\user\My Documents\Mythologique.mp4
2013-11-30 10:19 - 2013-11-30 10:18 - 00241220 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 11.rar
2013-11-28 21:17 - 2013-11-28 22:53 - 00000000 ____D C:\Documents and Settings\user\Application Data\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:12 - 00000742 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Broken Sword 2.5.lnk
2013-11-28 21:12 - 2013-11-28 21:12 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Broken Sword 2.5
2013-11-28 21:02 - 2013-11-28 21:12 - 00000000 ____D C:\Program Files\Broken Sword 2.5
2013-11-28 17:38 - 2013-11-28 17:38 - 15863306 _____ C:\Documents and Settings\user\My Documents\Conor Mcgregor Leading the Irish Invasion in MMA.mp4
2013-11-28 13:36 - 2013-11-28 13:36 - 11138079 _____ C:\Documents and Settings\user\My Documents\FLOYD MAYWEATHER JR. DANCING WITH THE JUMP ROPE.mp4
2013-11-28 12:03 - 2013-11-28 12:03 - 11954764 _____ C:\Documents and Settings\user\My Documents\NSYNC- Tearin' Up My Heart (The View).mp4
2013-11-28 11:59 - 2013-11-28 11:59 - 15069565 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin' Up My Heart.mp4
2013-11-28 11:56 - 2013-11-28 11:56 - 16293397 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin Up My Heart (Live MTV TRL 1998.).mp4
2013-11-28 11:54 - 2013-11-28 11:54 - 19781199 _____ C:\Documents and Settings\user\My Documents\N Sync perform Tearin' Up My Heart on 5's Company.mp4
2013-11-28 11:51 - 2013-11-28 11:51 - 14261218 _____ C:\Documents and Settings\user\My Documents\N_Sync - Tearin' Up My Heart (Fashionably Loud - 1999).mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 17150218 _____ C:\Documents and Settings\user\My Documents\'N Sync_ Bye Bye Bye-- Gloria Estefan's Caribbean Soul_ The Atlantis Concert.mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 16232428 _____ C:\Documents and Settings\user\My Documents\'N SYNC-BYE BYE BYE 2000 live.mp4
2013-11-27 22:27 - 2013-11-27 22:31 - 320287231 _____ C:\Documents and Settings\user\My Documents\2013-11-27 Anthony Mundine vs Shane Mosley.mp4
2013-11-23 17:08 - 2013-11-23 17:08 - 02218261 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 10.rar
2013-11-23 17:05 - 2013-11-23 10:48 - 00489472 _____ C:\Documents and Settings\user\Desktop\comparatives_er_est.ppt
2013-11-23 14:05 - 2013-11-23 15:09 - 01792957 _____ C:\Documents and Settings\user\Desktop\In my magic box....pptx
2013-11-17 12:02 - 2013-12-10 17:36 - 00000298 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-11-16 16:20 - 2013-11-16 16:20 - 00000694 _____ C:\Documents and Settings\user\Desktop\WinRAR.lnk
2013-11-16 16:20 - 2013-11-16 16:20 - 00000000 ____D C:\Program Files\WinRAR
2013-11-16 14:12 - 2013-11-16 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-11 06:25 - 2013-11-11 06:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\My Documents\mbam-setup-1.75.0.1300.exe
2013-11-11 06:20 - 2013-11-11 06:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\My Documents\rkill.exe
2013-11-11 06:17 - 2013-11-11 06:17 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\My Documents\TFC.exe
2013-11-11 06:08 - 2013-11-11 06:08 - 03538944 _____ C:\Documents and Settings\user\My Documents\RogueKiller.exe
2013-11-11 05:59 - 2013-11-11 05:59 - 07555864 _____ (Webroot Software, Inc.) C:\Documents and Settings\user\My Documents\WRUpgradeTool.exe
2013-11-11 05:55 - 2013-11-11 05:55 - 00275848 _____ (Webroot Software Inc (www.webroot.com)) C:\Documents and Settings\user\My Documents\CleanWDF.exe
==================== One Month Modified Files and Folders =======
2013-12-11 12:51 - 2013-12-11 12:50 - 00018890 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2013-12-11 12:51 - 2013-12-09 08:43 - 00000000 ____D C:\Documents and Settings\user\Application Data\Azureus
2013-12-11 12:50 - 2013-12-11 12:50 - 00000000 ____D C:\Documents and Settings\user\Desktop\FRST-OlderVersion
2013-12-11 12:50 - 2013-12-09 20:02 - 00000000 ____D C:\FRST
2013-12-11 12:50 - 2013-12-09 20:00 - 01061389 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2013-12-11 12:49 - 2013-10-22 10:03 - 00000000 ____D C:\Documents and Settings\user\Application Data\vlc
2013-12-11 12:48 - 2013-03-04 01:05 - 00000000 ____D C:\Documents and Settings\user\Application Data\Skype
2013-12-11 12:13 - 2013-03-04 01:05 - 00002269 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Skype.lnk
2013-12-11 06:30 - 2013-10-24 02:43 - 00016896 _____ C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-11 04:14 - 2013-03-06 04:14 - 00000324 _____ C:\WINDOWS.0\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 18:09 - 2013-12-10 18:09 - 00000000 ____D C:\Documents and Settings\user\My Documents\My Received Files
2013-12-10 17:44 - 2013-12-10 17:44 - 04071672 _____ (Bitdefender LLC) C:\Documents and Settings\user\Desktop\BDUSBImmunizerLauncher.exe
2013-12-10 17:41 - 2012-09-30 06:44 - 00396599 _____ C:\WINDOWS.0\WindowsUpdate.log
2013-12-10 17:40 - 2013-12-08 15:35 - 00004824 _____ C:\Documents and Settings\user\Desktop\SystemLook.txt
2013-12-10 17:37 - 2013-10-23 12:44 - 00000276 _____ C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 17:37 - 2013-03-05 19:08 - 00000284 _____ C:\WINDOWS.0\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 17:36 - 2013-11-17 12:02 - 00000298 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-10 17:36 - 2012-09-29 23:33 - 00000159 _____ C:\WINDOWS.0\wiadebug.log
2013-12-10 17:36 - 2012-09-29 23:33 - 00000050 _____ C:\WINDOWS.0\wiaservc.log
2013-12-10 17:35 - 2012-09-30 22:39 - 00032456 _____ C:\WINDOWS.0\SchedLgU.Txt
2013-12-10 17:35 - 2012-09-30 22:39 - 00000006 ____H C:\WINDOWS.0\Tasks\SA.DAT
2013-12-10 17:34 - 2012-09-30 23:07 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2013-12-10 17:17 - 2013-12-10 17:01 - 00000000 ____D C:\WINDOWS.0\pss
2013-12-10 17:17 - 2008-04-25 23:33 - 00000324 ___SH C:\boot.ini
2013-12-10 17:17 - 2001-08-23 14:00 - 00000552 _____ C:\WINDOWS.0\win.ini
2013-12-10 17:17 - 2001-08-23 14:00 - 00000227 _____ C:\WINDOWS.0\system.ini
2013-12-10 17:01 - 2012-09-29 23:20 - 00000000 ____D C:\WINDOWS.0
2013-12-10 16:31 - 2013-12-10 15:45 - 146787911 _____ C:\Documents and Settings\user\My Documents\30 Days in May 2013.flv
2013-12-10 15:45 - 2013-12-10 15:33 - 35196864 _____ C:\Documents and Settings\user\My Documents\Religious Tolerance in Oman Part 1.flv
2013-12-10 15:45 - 2013-12-10 15:32 - 35202555 _____ C:\Documents and Settings\user\My Documents\Religious Tolerance in Oman Part 2.flv
2013-12-10 15:32 - 2013-12-10 15:29 - 08522290 _____ C:\Documents and Settings\user\My Documents\Religious Tolerance in Oman Part 3.flv
2013-12-10 14:21 - 2001-08-23 14:00 - 00002206 _____ C:\WINDOWS.0\system32\wpa.dbl
2013-12-10 13:27 - 2013-12-10 13:23 - 12103598 _____ C:\Documents and Settings\user\My Documents\How to Tie a Shemagh Scarf.flv
2013-12-10 13:22 - 2013-12-10 13:21 - 03624887 _____ C:\Documents and Settings\user\My Documents\How to do the traditional Bedouin Omani Masarh.flv
2013-12-10 13:20 - 2013-12-10 13:16 - 14151685 _____ C:\Documents and Settings\user\My Documents\afghan turban Imamah (امامه پګړۍ پټکۍ لونګۍ ) www.afghanvoice.com
2013-12-10 13:15 - 2013-12-10 13:13 - 06100935 _____ C:\Documents and Settings\user\My Documents\Bending a Turban like Abdul Alhazred.flv
2013-12-09 20:48 - 2013-12-09 20:45 - 07253883 _____ C:\Documents and Settings\user\My Documents\Jackie Chan - The Golden Lotus 1974 (Mandarin).flv
2013-12-09 20:46 - 2013-12-09 20:46 - 02556305 _____ C:\Documents and Settings\user\My Documents\The Golden Lotus 金瓶雙艷 (1974) Official Trailer by Shaw Brothers.flv
2013-12-09 20:42 - 2013-12-09 20:38 - 14170167 _____ C:\Documents and Settings\user\My Documents\Police Story 2013 Trailer - Jackie Chan.flv
2013-12-09 20:39 - 2013-12-09 20:36 - 07459869 _____ C:\Documents and Settings\user\My Documents\Jackie Chan 成龙 Police Story 2013 Making of 警察故事2013 Cantonese.flv
2013-12-09 20:37 - 2013-12-09 20:36 - 05339955 _____ C:\Documents and Settings\user\My Documents\Jackie Chan Project A cantonese MV.flv
2013-12-09 20:03 - 2012-09-29 23:25 - 00000000 ___HD C:\Documents and Settings\Default User.WINDOWS.0
2013-12-09 15:00 - 2013-12-09 14:59 - 00048290 _____ C:\Documents and Settings\user\Desktop\diskwipe.zip
2013-12-09 12:11 - 2013-12-09 11:59 - 22762773 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [22] English Subbed.flv
2013-12-09 12:09 - 2013-12-09 11:58 - 21567526 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 11 Part [12] English Subbed.flv
2013-12-09 12:08 - 2013-12-09 11:57 - 23607319 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [22] English Subbed.flv
2013-12-09 12:07 - 2013-12-09 11:56 - 22696010 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 10 Part [12] English Subbed.flv
2013-12-09 12:07 - 2013-12-09 11:54 - 22570134 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [22] English Subbed.flv
2013-12-09 12:04 - 2013-12-09 11:51 - 23816813 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 9 Part [12] English Subbed.flv
2013-12-09 11:44 - 2013-12-09 11:35 - 23364256 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [12] English Subbed.flv
2013-12-09 11:43 - 2013-12-09 11:35 - 19935258 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 8 Part [22] English Subbed.flv
2013-12-09 11:42 - 2013-12-09 11:34 - 23228214 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [22] English Subbed.flv
2013-12-09 11:36 - 2013-12-09 11:27 - 26414698 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 7 Part [12] English Subbed.flv
2013-12-09 09:28 - 2013-12-09 09:08 - 27687077 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [22] English Subbed.flv
2013-12-09 09:26 - 2013-12-09 09:08 - 25098463 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 6 Part [12] English Subbed.flv
2013-12-09 08:48 - 2013-12-09 08:39 - 23573062 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [12] English Subbed.flv
2013-12-09 08:48 - 2013-12-09 08:39 - 23192056 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 5 Part [22] English Subbed.flv
2013-12-09 08:46 - 2013-12-09 08:46 - 00000000 ____D C:\Documents and Settings\user\.swt
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:44 - 00001507 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Vuze.lnk
2013-12-09 08:44 - 2013-12-09 08:43 - 00000000 ____D C:\Program Files\Vuze
2013-12-09 08:43 - 2013-12-09 08:43 - 00000000 _____ C:\END
2013-12-09 08:32 - 2013-12-09 08:32 - 00071808 _____ (Azureus Software, Inc.) C:\Documents and Settings\user\My Documents\VuzeBittorrentClientInstaller.exe
2013-12-09 08:32 - 2013-12-09 08:23 - 24959547 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [22] English Subbed.flv
2013-12-09 08:31 - 2013-12-09 08:23 - 23530571 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 4 Part [12] English Subbed.flv
2013-12-09 08:17 - 2013-12-09 08:10 - 25507209 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [22] English Subbed.flv
2013-12-09 08:14 - 2013-12-09 08:06 - 27093737 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 3 Part [12] English Subbed.flv
2013-12-09 08:08 - 2013-12-09 07:58 - 28046653 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [22] English Subbed.flv
2013-12-09 08:05 - 2013-12-09 07:58 - 21091991 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 2 Part [12] English Subbed.flv
2013-12-09 07:58 - 2013-12-09 07:50 - 23303232 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [22] English Subbed.flv
2013-12-09 07:57 - 2013-12-09 07:49 - 24342219 _____ C:\Documents and Settings\user\My Documents\Hajime no Ippo Episode 1 Part [12] English Subbed.flv
2013-12-09 06:17 - 2012-10-03 20:16 - 01154714 ___SH C:\Documents and Settings\user\My Documents\Thumbs.db
2013-12-09 05:35 - 2013-12-09 05:34 - 59674350 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 4.mp4
2013-12-08 23:21 - 2013-12-08 22:05 - 220780616 _____ C:\Documents and Settings\user\My Documents\The Prince Reigns On (Naseem Hamed Documentary).flv
2013-12-08 22:47 - 2013-12-08 22:47 - 75200917 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 1.mp4
2013-12-08 22:45 - 2013-12-08 22:45 - 75192823 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 3.mp4
2013-12-08 22:44 - 2013-12-08 22:44 - 75023592 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 2.mp4
2013-12-08 22:26 - 2013-12-08 22:26 - 51267501 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 5.mp4
2013-12-08 22:02 - 2013-12-08 21:52 - 16276428 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed - The Prince Reigns On - part 6.flv
2013-12-08 21:48 - 2013-12-08 21:40 - 21321580 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed Vs Juan Gerardo Cabrera (ENTRANCE & FULL FIGHT).flv
2013-12-08 21:46 - 2013-12-08 21:43 - 08031330 _____ C:\Documents and Settings\user\My Documents\Naseem Hamed body-slams Cesar Soto.flv
2013-12-08 18:22 - 2013-12-08 17:20 - 333570783 _____ C:\Documents and Settings\user\My Documents\Armour of God (Jackie Chan Dub).flv
2013-12-08 17:23 - 2013-12-08 17:20 - 347745474 _____ C:\Documents and Settings\user\My Documents\2013.12.07.Guillermo.Rigondeaux.vs.Joseph.Agbeko.HBO.mp4
2013-12-08 16:40 - 2013-12-08 16:40 - 17158430 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Joseph Agbeko Post-Fight Interview.mp4
2013-12-08 15:34 - 2013-12-08 15:34 - 00139264 _____ C:\Documents and Settings\user\Desktop\SystemLook.exe
2013-12-08 15:33 - 2013-12-08 15:32 - 227173530 _____ C:\Documents and Settings\user\My Documents\2013.12.07.James.Kirkland.vs.Glen.Tapia.HBO.mp4
2013-12-08 15:29 - 2013-12-08 15:28 - 199106183 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Chris John vs Simpiwe Vetyeka.mp4
2013-12-08 15:14 - 2013-12-08 15:12 - 122359325 _____ C:\Documents and Settings\user\My Documents\2013-12-07 Darren Barker vs Felix Sturm.mp4
2013-12-07 18:55 - 2012-09-29 23:26 - 01000240 _____ C:\WINDOWS.0\setupapi.log
2013-12-07 18:11 - 2013-12-07 18:06 - 534102647 _____ C:\Documents and Settings\user\My Documents\Alpha Papa (2013).flv
2013-12-07 18:11 - 2013-03-06 04:14 - 00000306 _____ C:\WINDOWS.0\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-113007714-515967899-1003.job
2013-12-07 15:50 - 2013-12-07 15:42 - 333674931 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Bradley Skeete vs Colin Lynes.mp4
2013-12-07 15:40 - 2013-12-07 15:34 - 287045765 _____ C:\Documents and Settings\user\My Documents\2013-12-06 Krzysztof Wlodarczyk vs Giacobbe Fragomeni III.mp4
2013-12-07 15:20 - 2013-12-07 12:49 - 00000000 ____D C:\WINDOWS.0\system32\NtmsData
2013-12-07 12:49 - 2012-09-30 06:40 - 00000000 ____D C:\WINDOWS.0\Registration
2013-12-07 12:49 - 2012-09-29 23:20 - 00000000 ____D C:\WINDOWS.0\repair
2013-12-07 10:12 - 2013-12-07 10:12 - 00000000 ____D C:\Documents and Settings\user\Application Data\Avira
2013-12-07 10:10 - 2012-09-29 23:28 - 00468100 _____ C:\WINDOWS.0\system32\PerfStringBackup.INI
2013-12-07 01:07 - 2013-12-07 01:07 - 00001709 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira Control Center.lnk
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Program Files\Avira
2013-12-07 01:06 - 2013-12-07 01:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2013-12-07 01:05 - 2013-12-07 01:05 - 00000000 ____D C:\Documents and Settings\user\My Documents\Avira
2013-12-07 01:03 - 2013-12-07 01:06 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avipbb.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avgntflt.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS.0\system32\Drivers\avkmgr.sys
2013-12-07 01:03 - 2013-12-07 01:06 - 00028520 _____ (Avira GmbH) C:\WINDOWS.0\system32\Drivers\ssmdrv.sys
2013-12-07 00:36 - 2013-12-07 00:36 - 02294160 _____ C:\Documents and Settings\user\Desktop\avira_free_antivirus.exe
2013-12-07 00:31 - 2012-09-30 18:43 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software
2013-12-05 21:22 - 2013-12-05 01:27 - 00000000 ____D C:\GOG Games
2013-12-05 14:10 - 2013-12-05 14:10 - 00000000 ____D C:\Documents and Settings\user\Application Data\AVAST Software
2013-12-05 13:56 - 2009-07-07 19:41 - 00000000 ____D C:\Documents and Settings\QA
2013-12-05 13:42 - 2012-09-30 18:43 - 00269216 _____ (AVAST Software) C:\WINDOWS.0\system32\aswBoot.exe
2013-12-05 13:15 - 2012-09-30 06:47 - 00002577 _____ C:\WINDOWS.0\system32\CONFIG.NT
2013-12-05 01:24 - 2011-02-08 03:34 - 00000000 ____D C:\Documents and Settings\user\My Documents\Dawud
2013-12-05 01:20 - 2008-04-26 04:42 - 00000000 ____D C:\Program Files\MSN
2013-12-05 01:19 - 2013-11-05 07:36 - 00000000 ____D C:\Documents and Settings\user\Application Data\Amazon
2013-12-05 01:19 - 2013-11-05 07:35 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Amazon
2013-12-05 01:19 - 2009-07-11 22:12 - 00000000 ____D C:\Program Files\Google
2013-12-04 17:38 - 2013-12-04 17:34 - 302552601 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis vs Frank Bruno.mp4
2013-12-04 17:27 - 2013-12-04 17:27 - 206268753 _____ C:\Documents and Settings\user\My Documents\Lennox Lewis - Michael Grant. 2000-04-29.mp4
2013-12-04 13:49 - 2013-12-04 13:49 - 00003711 _____ C:\Documents and Settings\user\Application Data\DMZ.vbs
2013-12-02 17:04 - 2013-12-02 17:04 - 22828005 _____ C:\Documents and Settings\user\My Documents\Prince Naseem Hamed Highlights (by GP).mp4
2013-12-02 15:19 - 2013-12-02 15:19 - 00000479 _____ C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000467 _____ C:\Documents and Settings\user\My Documents\Image007 (1).lnk
2013-12-02 15:19 - 2013-12-02 15:19 - 00000455 _____ C:\Documents and Settings\user\My Documents\Image007.lnk
2013-12-02 11:48 - 2013-12-02 11:45 - 336175903 _____ C:\Documents and Settings\user\My Documents\â˜¯ The Art of Action, Martial Arts in the Movies (Full Documentary) â˜¯.mp4
2013-12-02 07:07 - 2013-12-02 07:07 - 28304396 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt2.mp4
2013-12-02 07:07 - 2013-12-02 07:06 - 25371963 _____ C:\Documents and Settings\user\My Documents\Martial Arts Forge Geoff Thompson Pt1.mp4
2013-12-02 06:50 - 2013-12-02 06:50 - 21223730 _____ C:\Documents and Settings\user\My Documents\GEOFF THOMPSON PASSENGERS.mp4
2013-12-02 06:35 - 2013-12-02 06:34 - 04124631 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson on getting hurt in a street fight.mp4
2013-12-01 13:09 - 2013-12-01 13:07 - 262243540 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson - Fear, My Friend _ London Real.mp4
2013-12-01 12:01 - 2013-12-01 11:39 - 00217088 _____ C:\Documents and Settings\user\My Documents\Thompson.MSWMM
2013-12-01 12:01 - 2013-12-01 11:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-12-01 11:58 - 2013-12-01 11:53 - 10920534 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson.wmv
2013-12-01 11:28 - 2013-12-01 11:27 - 66487343 _____ C:\Documents and Settings\user\My Documents\Geoff Thompson The best Martial Arts instructor on the planet.mpg
2013-12-01 10:15 - 2013-12-01 10:13 - 252072230 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Adonis Stevenson vs Tony Bellew.mp4
2013-12-01 09:19 - 2013-12-01 09:18 - 131224639 _____ C:\Documents and Settings\user\My Documents\2013-11-30 Sergey Kovalev vs Ismayl Sillakh.mp4
2013-12-01 07:07 - 2013-12-01 07:04 - 12362400 _____ C:\Documents and Settings\user\My Documents\Mike Tyson makes a little boy cry at Nuke the Fridge Con 2011 (HD).mp4
2013-12-01 06:33 - 2013-12-01 06:32 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
2013-12-01 06:31 - 2013-12-01 06:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaws.exe
2013-12-01 06:31 - 2013-12-01 06:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javacpl.cpl
2013-12-01 06:31 - 2013-12-01 06:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS.0\system32\javaw.exe
2013-12-01 06:31 - 2013-12-01 06:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS.0\system32\java.exe
2013-12-01 06:31 - 2013-12-01 06:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS.0\system32\WindowsAccessBridge.dll
2013-12-01 06:16 - 2013-12-01 06:16 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\user\Desktop\jxpiinstall.exe
2013-11-30 11:25 - 2013-11-30 11:25 - 27768873 _____ C:\Documents and Settings\user\My Documents\Oedipus.mp4
2013-11-30 11:23 - 2013-11-30 11:23 - 25327010 _____ C:\Documents and Settings\user\My Documents\Mythologique.mp4
2013-11-30 10:18 - 2013-11-30 10:19 - 00241220 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 11.rar
2013-11-29 13:57 - 2013-05-21 06:57 - 00000000 ____D C:\Documents and Settings\user\My Documents\Jaheim
2013-11-28 22:53 - 2013-11-28 21:17 - 00000000 ____D C:\Documents and Settings\user\Application Data\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:12 - 00000742 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Broken Sword 2.5.lnk
2013-11-28 21:12 - 2013-11-28 21:12 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Broken Sword 2.5
2013-11-28 21:12 - 2013-11-28 21:02 - 00000000 ____D C:\Program Files\Broken Sword 2.5
2013-11-28 17:38 - 2013-11-28 17:38 - 15863306 _____ C:\Documents and Settings\user\My Documents\Conor Mcgregor Leading the Irish Invasion in MMA.mp4
2013-11-28 13:36 - 2013-11-28 13:36 - 11138079 _____ C:\Documents and Settings\user\My Documents\FLOYD MAYWEATHER JR. DANCING WITH THE JUMP ROPE.mp4
2013-11-28 12:03 - 2013-11-28 12:03 - 11954764 _____ C:\Documents and Settings\user\My Documents\NSYNC- Tearin' Up My Heart (The View).mp4
2013-11-28 11:59 - 2013-11-28 11:59 - 15069565 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin' Up My Heart.mp4
2013-11-28 11:56 - 2013-11-28 11:56 - 16293397 _____ C:\Documents and Settings\user\My Documents\N Sync - Tearin Up My Heart (Live MTV TRL 1998.).mp4
2013-11-28 11:54 - 2013-11-28 11:54 - 19781199 _____ C:\Documents and Settings\user\My Documents\N Sync perform Tearin' Up My Heart on 5's Company.mp4
2013-11-28 11:51 - 2013-11-28 11:51 - 14261218 _____ C:\Documents and Settings\user\My Documents\N_Sync - Tearin' Up My Heart (Fashionably Loud - 1999).mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 17150218 _____ C:\Documents and Settings\user\My Documents\'N Sync_ Bye Bye Bye-- Gloria Estefan's Caribbean Soul_ The Atlantis Concert.mp4
2013-11-28 11:24 - 2013-11-28 11:24 - 16232428 _____ C:\Documents and Settings\user\My Documents\'N SYNC-BYE BYE BYE 2000 live.mp4
2013-11-27 22:31 - 2013-11-27 22:27 - 320287231 _____ C:\Documents and Settings\user\My Documents\2013-11-27 Anthony Mundine vs Shane Mosley.mp4
2013-11-27 12:43 - 2013-12-10 19:10 - 00077339 ___SH C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs
2013-11-23 17:08 - 2013-11-23 17:08 - 02218261 _____ C:\Documents and Settings\user\Desktop\English Term 1 Week 10.rar
2013-11-23 15:09 - 2013-11-23 14:05 - 01792957 _____ C:\Documents and Settings\user\Desktop\In my magic box....pptx
2013-11-23 10:48 - 2013-11-23 17:05 - 00489472 _____ C:\Documents and Settings\user\Desktop\comparatives_er_est.ppt
2013-11-18 15:05 - 2013-10-27 12:33 - 00000000 ____D C:\Documents and Settings\user\My Documents\OU third year
2013-11-18 05:46 - 2012-09-30 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 20:23 - 2013-11-16 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 16:21 - 2013-11-16 16:21 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-11-16 16:20 - 2013-11-16 16:20 - 00000694 _____ C:\Documents and Settings\user\Desktop\WinRAR.lnk
2013-11-16 16:20 - 2013-11-16 16:20 - 00000000 ____D C:\Program Files\WinRAR
2013-11-16 15:49 - 2012-09-30 23:55 - 00002519 _____ C:\Documents and Settings\user\Desktop\Microsoft Office Word 2007.lnk
2013-11-11 21:00 - 2013-11-10 17:57 - 00000000 ____D C:\Documents and Settings\user\My Documents\An Idiot Abroad Complete 3 series
2013-11-11 06:25 - 2013-11-11 06:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\My Documents\mbam-setup-1.75.0.1300.exe
2013-11-11 06:20 - 2013-11-11 06:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\My Documents\rkill.exe
2013-11-11 06:17 - 2013-11-11 06:17 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\My Documents\TFC.exe
2013-11-11 06:08 - 2013-11-11 06:08 - 03538944 _____ C:\Documents and Settings\user\My Documents\RogueKiller.exe
2013-11-11 05:59 - 2013-11-11 05:59 - 07555864 _____ (Webroot Software, Inc.) C:\Documents and Settings\user\My Documents\WRUpgradeTool.exe
2013-11-11 05:55 - 2013-11-11 05:55 - 00275848 _____ (Webroot Software Inc (www.webroot.com)) C:\Documents and Settings\user\My Documents\CleanWDF.exe
Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\7z920.exe
C:\Documents and Settings\user\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\user\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\user\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\user\Local Settings\Temp\TFR198.exe
C:\Documents and Settings\user\Local Settings\Temp\UpdateCheckerSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\user\Local Settings\Temp\Vuze_Installer.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

Please post the Eset scan results when done.

================================================

Well, that just proved the immunizer isn't working , as can be seen from this entry the infection got back on the laptop yesterday at 19.10

2013-12-10 19:10 - 2013-11-27 12:43 - 00077339 ___SH C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs

Lets try another approach and see if Malwarebytes will find it.

First follow the instructions on this web page: http://www.pcworld.com/article/227855/infected_CD_DVD_flash.html to make sure AutoPlay is disabled for removable drives. You only need to follow the instructions in the paragraph immediately above the screenshot, you will need to install TweekUI, there is a link provided.

When done plug both of the flash drives into the laptop.

Do this so all hidden files can be seen:


Click "Start".
Click 'My Computer'
Select the 'Tools' menu
Click 'Folder Options'.
Select the 'View' tab.
Under the 'Hidden files and folders' heading, select 'Show hidden files and folders'.
Uncheck the 'Hide protected operating system files (recommended)' option.
Click 'Yes' to confirm.
Uncheck the 'Hide file extensions for known file types'.
Click 'OK'.
(Once this is done you may find that you can see the infected files on the flash drive from the laptop).

Next, launch Malwarebytes and let it update. then select to run a Full system scan (not quick) when it completes view the found threats and make sure there is a check mark next to all of them and click on the Remove Selected button, post the log produced and reboot if requested.

When that is done open Windows Explorer, locate the flash drives in the left window. Right click on the first drive and select 'Scan with Malwarebytes Anti Malware', as above, select everything for removal and click on the Remove selected button and post the log. Then repeat the same process to scan the other Flash drive.

After this, let me see the logs before you do anything else and leave the flash drives in the laptop. Please let me know if you could see the files after running the routine to show hidden files and if the files are still there after running Malwarebytes.


----------



## dawudbryant (Sep 12, 2013)

ive tried to right click on the Avira in the tray on the bottom right hand corner but its not doing anything


----------



## dawudbryant (Sep 12, 2013)

so until I can disable the antivirus I cant give you the scan you need


----------



## Mark1956 (May 7, 2011)

Ok, by pass the scan with Eset and continue with the instructions in post 145.


----------



## dawudbryant (Sep 12, 2013)

the tweakUI isnt working, i install it but it doesnt do anything after that, just has the installer but nothings been installed


----------



## Mark1956 (May 7, 2011)

Ok, skip that for now and carry on with the rest of the instructions.

If Malwarebytes kills this infection we will be getting back on track, fingers crossed.


----------



## dawudbryant (Sep 12, 2013)

hi, just to let you know im doing the malware scan and its 2 and a half hours in. Hopefully it will finish a.s.a.p


----------



## Mark1956 (May 7, 2011)

Yup, it can be a long scan as it checks everything on your hard drive, please allow it to run to completion.


----------



## dawudbryant (Sep 12, 2013)

scan before I deleted them

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: COMPUTER_1 [administrator]
12/11/2013 7:26:00 PM
MBAM-log-2013-12-12 (05-42-20) before deletion.txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431387
Time elapsed: 6 hour(s), 12 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo (PUP.Optional.HDVidCodec.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 3
C:\Documents and Settings\QA\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ct2504091 (PUP.Optional.Conduit.A) -> No action taken.
Files Detected: 42
C:\Documents and Settings\user\Local Settings\Temp\6YlAgERD.exe.part (PUP.Optional.Installrex) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe (PUP.Optional.MoviesToolBar.A) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\Setup.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Documents and Settings\user\My Documents\HDVid plug in.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP89\A0027998.exe (Trojan.Winlock) -> No action taken.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP89\A0027999.exe (Trojan.Winlock) -> No action taken.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP89\A0028001.exe (Trojan.MSIL) -> No action taken.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP90\A0028505.exe (Trojan.MSIL) -> No action taken.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP90\A0028506.exe (Trojan.Winlock) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\1.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\a.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\b.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\c.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\d.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\e.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\f.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\g.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\h.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\i.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\J.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\k.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\l.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\m.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\n.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\o.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\p.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\q.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\r.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\s.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\t.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\u.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\v.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\w.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\x.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\y.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\z.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> No action taken.
(end)

scan after I requested them removed, I now have to restart

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: COMPUTER_1 [administrator]
12/11/2013 7:26:00 PM
mbam-log-2013-12-11 (19-26-00).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431387
Time elapsed: 6 hour(s), 12 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo (PUP.Optional.HDVidCodec.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 3
C:\Documents and Settings\QA\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 42
C:\Documents and Settings\user\Local Settings\Temp\6YlAgERD.exe.part (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\HDVid plug in.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP89\A0027998.exe (Trojan.Winlock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP89\A0027999.exe (Trojan.Winlock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP89\A0028001.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP90\A0028505.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FAC2D68-35E6-4D83-B1B2-6D03AFA86E06}\RP90\A0028506.exe (Trojan.Winlock) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\1.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\a.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\b.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\c.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\d.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\e.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\f.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\g.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\h.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\i.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\J.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\k.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\l.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\m.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\n.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\o.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\p.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\q.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\r.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\s.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\t.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\u.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\v.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\w.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\x.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\y.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\QA\Application Data\PriceGong\Data\z.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
(end)


----------



## dawudbryant (Sep 12, 2013)

heres the scan on my wifes flashdrive

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: COMPUTER_1 [administrator]
12/12/2013 6:00:18 AM
mbam-log-2013-12-12 (06-00-18).txt
Scan type: Full scan (E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342914
Time elapsed: 3 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

I can still see the infected files on the flashdrive, the scan says zero virus's but yet the files are still on the flashdrive


----------



## dawudbryant (Sep 12, 2013)

heres the log of one of my flash drive files

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: COMPUTER_1 [administrator]
12/12/2013 6:06:25 AM
mbam-log-2013-12-12 (06-06-25).txt
Scan type: Full scan (F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342913
Time elapsed: 2 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## dawudbryant (Sep 12, 2013)

heres the log for the second file

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: COMPUTER_1 [administrator]
12/12/2013 6:10:07 AM
mbam-log-2013-12-12 (06-10-07).txt
Scan type: Full scan (G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342914
Time elapsed: 2 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

for both flash drives the infected files remain


----------



## dawudbryant (Sep 12, 2013)

these virus's dont seem to wanna go lol


----------



## Mark1956 (May 7, 2011)

Yup, it is a tough one to crack. The main problem here is finding a scanner that will detect it, Malwarebytes didn't find it, but it has removed quite a few items of adware and it found a couple of Trojan infections in your restore points which we can deal with latter.

As Eset was one of the scanners that recognized the infection on the Jotti site I have high hopes that it will detect it on the system. As you were unable to launch Avira, in order to stop it running, from the Task Bar see if you can launch it from Start > All programs. If that doesn't work uninstall it so that you can run the Eset scan. Let me know how it goes.

I have posted for assistance with this infection on our private forum, hopefully another Malware helper who has dealt with this Worm before will have some useful tips. Once I find a tool that can successfully remove the Worm it should be a fairly quick clean up.


----------



## dawudbryant (Sep 12, 2013)

thank u very muc my friend, i really appreciate all ur time and effort.


----------



## Mark1956 (May 7, 2011)

You're welcome, this will teach me a few new tricks by the time we get to the end of it .


----------



## dawudbryant (Sep 12, 2013)

LOL, so i'm officially a guinea pig lol


----------



## dawudbryant (Sep 12, 2013)

As Im gonna have to redo this ESET scan on my desktop, isnt it better that I put a copy of ESET onto my desktop before cleaning the flashdrives, they will only get reinfected again later otherwise. Also, is there any other things I should put on my desktop now so as to not need to put it on there later?


----------



## Mark1956 (May 7, 2011)

> LOL, so i'm officially a guinea pig lol


 In this case you are to a degree , the kind of infection you have I believe was quite common many years ago so I'm hoping somebody in our team has dealt with one before or knows what tools to use to deal with it. There is obviously the chance that this is a completely new variant and could be just the beginning of seeing this kind of infection back in the wild again. We deal with a lot of Rootkits which are quite dangerous to personal data but have several tools that are designed to catch and remove them and the guys that make the tools are continually updating them to deal with new variants. If Worms are about to hit us again this will prepare me and others for the attack. That's the challenge with Malware, it is constantly changing as new threats are appearing every day.

The problem with running the Eset scan on your desktop PC is that it has to be on-line to do it. My hope is that we can start by cleaning the laptop and the flash drives then kill off the infection using FRST on the desktop and everything will be clean. The problem at the moment is finding a trustworthy tool to clean the flash drives in order to stop re-infection, the rest can be done with FRST. The scan with Eset is a bit of an experiment so I know if it will detect the infection for future use, FRST only shows the infected files, but does not recognize them as a threat.


----------



## dawudbryant (Sep 12, 2013)

ESET RESULTS


C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs VBS/Agent.NDH worm
C:\Documents and Settings\user\My Documents\Image007 (1) (1).lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Image007 (1).lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Image007.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and a Study in Scarlet (1 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and a Study in Scarlet (2 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and a Study in Scarlet (3 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and a Study in Scarlet (4 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Baskerville Curse (1 of 5) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Baskerville Curse (2 of 5) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Baskerville Curse (3 of 5) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Baskerville Curse (4 of 5) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Baskerville Curse (5 of 5) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Sign of Four (1 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Sign of Four (2 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Sign of Four (3 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Sign of Four (4 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Valley of Fear (1 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Valley of Fear (2 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Valley of Fear (3 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\Sherlock Holmes and the Valley of Fear (4 of 4) - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 FIRST AUDITION DANIEL ALI - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 FIRST AUDITIONS FOR DANIEL MR MIYAGI - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REAHEARSAL Part 2.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 10 - YouTube.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 11 .lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 12.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 13 THE END.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 3.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 4 .lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 7 PART 8 .lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEARSAL MOVIE PART 9.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID 1983 REHEASAL MOVIE PART 5.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\Dawud\THE KARATE KID1983 ENTIRE REHEARSAL MOVIE PT 1.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\My Pictures\A230 TMA 1.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\My Pictures\A230 TMA 3.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\My Pictures\powerpoint.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\My Documents\My Pictures\U214 TMA 1.lnk LNK/Agent.AK trojan
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs VBS/Agent.NDH worm
C:\FRST\Quarantine\tovhfhfiei.vbs VBS/Agent.NDH worm
C:\RECYCLER\S-1-5-21-1060284298-113007714-515967899-1003\Dc55\2013-2014\Plans\Term 1\Week 8\Science_T1_W8.lnk LNK/Agent.AK trojan


----------



## dawudbryant (Sep 12, 2013)

Alot of the files ESET has said are infections are the ones I previously had on my flashdrive.


----------



## Mark1956 (May 7, 2011)

This is looking encouraging as Eset has found the infected file and all the links it created. Those files you mention are the shortcuts created by the infection so they can be removed.

We may have found the tool we needed. I'd now like you to install the trial version of Eset NOD32 Anti Virus which has the ability to scan removable drive. Plug both the flash drives into the laptop and follow this procedure. I just installed NOD32 onto my system so I could create the instructions, if you get stuck anywhere please let me know.

Download and install the Eset trial version from here: Eset NOD32 Antivirus, click on the green Free Trial button. Double click on the downloaded file to run the installation. During the installation uncheck the box to participate and check the box next to 'Enable detection of potentially unwanted applications'. When the product activation screen appears select 'Activate trial license'. You will need to type in your email address for the activation to complete, so expect a few emails from them. Don't worry if the activation won't complete as the scanner will still work and remove threats.

When the installation is complete run the program. Select the Smart Scan and let it run to completion, keep all browsers closed and do not run any other programs until it has finished. On the first scan it will show two scans running at the same time.

If Warning screens pops up showing any threats found it will be automatically set to remove them, click on the Finish button to complete the removal. Then let the Smart scan continue, if the Warning window opens again click on Finish.

When the scans are all complete click on Show log for each scan. A window opens showing the log. Left click on the first line so it turns blue, use the scroll bar to go to the the last line of the log. Hold down the shift key on your keyboard and left click on the last line. The entire log should now have turned blue, release the shift key and then right click on the blue area and select Copy. Come back here, left click in the message box and select Paste. If you get a warning that the log is too big then copy it into a blank Notepad document and save it to the desktop, then zip the file up and send it here as an attachment. Repeat this for the other scans so all logs get posted.

Click on Computer scan in the left pane and then click on Removable media scan, when complete copy the log as described above.

This will tell you how to zip up the logs, if you need to, and how to send an attachment.

To zip up the files in Windows (all versions). Right click the file, click on* Send To*, and then click *Compressed (zipped) Folder*. That will create a zip folder containing a copy of the file, you should see it appear.[/color]

Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the zip folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the top of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## dawudbryant (Sep 12, 2013)

scan 1

Scan Log
Version of virus signature database: 8944 (20131021)
Date: 12/13/2013 Time: 5:43:47 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\Data1.cab » CAB » core.zip » ZIP » lib/security/java.policy - is OK
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{4B051196-FE16-4D8D-8F92-CB870799206D}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\extensions\[email protected] » ZIP » chrome/content/overlay.js - Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00008a » GZIP » f_00008a - archive damaged
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e2 » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\Cache\9\36\EFD0Dd01 » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\IEHelper.dll - Win32/Toolbar.Babylon.E potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Broken sword 2 setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\OpenUniversity-windows-0.1.3.exe » INNO » {app}\proc\platform\lib\security\java.policy - is OK
C:\Documents and Settings\user\My Documents\VeohWebPlayerSetup_eng.exe » NSIS » VeohConduit.exe » WISE » TEMP_DLL_FILE_PATH - a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\user\My Documents\backups\backup-20131021-211149-300.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\cbsidlm-cbsi134-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe - a variant of Win32/CNETInstaller.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\K-Lite_Codec_Pack_930_Mega.exe » INNO » - unsupported option
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Default.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Zip.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Sword1\Setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\Sword2\Setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs - VBS/Agent.NDH worm - cleaned by deleting [1]
C:\Program Files\JRE\jre-windows-i586.exe » CAB » core.zip » ZIP » lib/security/java.policy - is OK
C:\Program Files\MapNeto_1\ldrtbMap0.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\ldrtbMap2.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper1.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap0.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap2.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap0.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap1.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMapN.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR » - archive damaged
C:\Program Files\qualitink\qualitinkBHO.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Program Files\qualitink\qualitinkUninstall.exe » NSIS » Script.nsi - Win32/BrowseFox.C potentially unwanted application
C:\Program Files\qualitink\updatequalitink.exe - a variant of Win32/BrowseFox.G potentially unwanted application - action selection postponed until scan completion
C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\temp\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab » CAB » testtar.tar » TAR » - archive damaged
Number of scanned objects: 329449
Number of threats found: 18
Number of cleaned objects: 1
Time of completion: 9:58:08 PM Total scanning time: 15261 sec (04:14:21)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## dawudbryant (Sep 12, 2013)

this is the secoond log, i hope it works


----------



## Mark1956 (May 7, 2011)

Logs are looking good, Eset appears to be doing a great clean up job, it even found some more Adware on your system. I'm looking forward to seeing if it does such a good job on the flash drives.


----------



## dawudbryant (Sep 12, 2013)

lool, is it talking them off or do i have to delete them manually?


----------



## Mark1956 (May 7, 2011)

Yes, it shows they are being deleted and quarantined, just a couple of minor adware items that it doesn't list as removed, the important thing is the Worm as the rest we can use other tools for.


----------



## dawudbryant (Sep 12, 2013)

ok, should i rescan it, and the flashdrives?


----------



## dawudbryant (Sep 12, 2013)

Im just wondering, if we need the internet in order to run the ESET scan then how can we do that on the flash drives? Surely we will only end up re infecting one of the flashdrives. Or are you trying to find a good usb immunizer?


----------



## Mark1956 (May 7, 2011)

We don't need to use Eset on the desktop or the flash drives as NOD32 is now doing that job.

May be a good idea to do a repeat scan on the laptop with NOD32 and the flash drives.

You have not posted the scan result from the flash drives which I need to see to be sure it has removed the worm.

I have found a good USB immunizer that will also scan your phone, I will post it later, just going out for the evening.


----------



## dawudbryant (Sep 12, 2013)

Thank you my friend, enjoy your evening. I'll do the scan now


----------



## dawudbryant (Sep 12, 2013)

Scan Log
Version of virus signature database: 9173 (20131214)
Date: 12/14/2013 Time: 11:24:53 PM
Scanned disks, folders and files: D:\;F:\;G:\
D:\ - error opening [4]
G:\autorun.inf - error opening [4]
G:\tovhfhfiei.vbs - VBS/Agent.NDH worm - cleaned by deleting [1]
Number of scanned objects: 8
Number of threats found: 1
Number of cleaned objects: 1
Time of completion: 11:25:05 PM Total scanning time: 12 sec (00:00:12)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## dawudbryant (Sep 12, 2013)

Scan Log
Version of virus signature database: 9174 (20131214)
Date: 12/14/2013 Time: 11:27:25 PM
Scanned disks, folders and files: D:\;E:\;F:\;G:\
D:\ - error opening [4]
E:\autorun.inf - error opening [4]
G:\autorun.inf - error opening [4]
Number of scanned objects: 7
Number of threats found: 0
Time of completion: 11:27:26 PM Total scanning time: 1 sec (00:00:01)
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## dawudbryant (Sep 12, 2013)

the flash drive of my wifes sometimes disconnects so i have to wobble it around to reconnect, hence why i had to re scan the flashdrives


----------



## dawudbryant (Sep 12, 2013)

I had left the laptop to scan overnight, then when I next saw the laptop it said it needs to reboot to finish the scan, I said no as I didnt wanna do it just yet, and now it seems to have restarted the scan from the beginning. It had found 19 threats and cleaned only one of them. I'll have to wait now for another few hours then will send you the log.


----------



## dawudbryant (Sep 12, 2013)

here it is

Scan Log
Version of virus signature database: 9174 (20131214)
Date: 12/15/2013 Time: 11:48:53 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\pagefile.sys - error opening [4]
C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs - VBS/Agent.NDH worm - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\extensions\[email protected] » ZIP » chrome/content/overlay.js - Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00008a » GZIP » f_00008a - archive damaged
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e2 » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\IEHelper.dll - Win32/Toolbar.Babylon.E potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Broken sword 2 setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\VeohWebPlayerSetup_eng.exe » NSIS » VeohConduit.exe » WISE » TEMP_DLL_FILE_PATH - a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\user\My Documents\backups\backup-20131021-211149-300.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\cbsidlm-cbsi134-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe - a variant of Win32/CNETInstaller.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\K-Lite_Codec_Pack_930_Mega.exe » INNO » - unsupported option
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Default.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Zip.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Sword1\Setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\Sword2\Setup.exe » INDIGOROSE - archive damaged
C:\Program Files\MapNeto_1\ldrtbMap0.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\ldrtbMap2.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper1.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap0.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap2.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap0.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap1.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMapN.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR » - archive damaged
C:\Program Files\qualitink\qualitinkBHO.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Program Files\qualitink\qualitinkUninstall.exe » NSIS » Script.nsi - Win32/BrowseFox.C potentially unwanted application
C:\Program Files\qualitink\updatequalitink.exe - a variant of Win32/BrowseFox.G potentially unwanted application - action selection postponed until scan completion
C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\temp\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab » CAB » testtar.tar » TAR » - archive damaged
Number of scanned objects: 108590
Number of threats found: 19
Number of cleaned objects: 1
Time of completion: 12:12:44 PM Total scanning time: 1431 sec (00:23:51)
Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## Mark1956 (May 7, 2011)

Looks like we have got it all, the items found and not removed by NOD32 are only adware which we can deal with later. Did you allow the second scan to perform a reboot when it completed, it is crucial that is done to complete the removal process. If you selected No again you must repeat the scan again and allow it to reboot the PC.

Please run a full format on both flash drives to remove the autorun.inf file that was put there by the other USB immunizer we used. Then follow the instructions below.

Please download Flash Drive Disinfector by sUBs and save it to your desktop.


Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program
Reboot your computer when done.

*Note:* Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

========================================================

When you have completed all of the above run another scan with NOD32 on the laptop and both the flash drives and post the logs. This is just to be quite certain that the Worm has not continued to replicate itself. We will then continue with a full clean up on the laptop to make sure there are no remnants left behind and to clean up the Adware.


----------



## dawudbryant (Sep 12, 2013)

i let it reboot, also, the immunizer we used before comes up as saying the flashdrives are already immunized, it wont redo it, ill just go onto your next step


----------



## dawudbryant (Sep 12, 2013)

oops, i forgot you said to re format them


----------



## dawudbryant (Sep 12, 2013)

ESET LOG FOR THE FLASH DRIVES

Scan Log
Version of virus signature database: 9175 (20131215)
Date: 12/15/2013 Time: 4:01:43 PM
Scanned disks, folders and files: D:\;E:\;F:\;G:\
D:\ - error opening [4]
Number of scanned objects: 3
Number of threats found: 0
Time of completion: 4:01:43 PM Total scanning time: 0 sec (00:00:00)
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## Mark1956 (May 7, 2011)

I just need you to check for me what drive letters are assigned to the two flash drives. The scan above shows it could not open drive D: so I need to know what drive that is.

I also need you to complete another scan on the main hard drive and post the log.


----------



## dawudbryant (Sep 12, 2013)

the d drive is just a laptop fan i have

heres the main laptop scan log, took over an hour

Scan Log
Version of virus signature database: 9175 (20131215)
Date: 12/15/2013 Time: 4:02:44 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\pagefile.sys - error opening [4]
C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\Data1.cab » CAB » core.zip » ZIP » lib/security/java.policy - is OK
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\extensions\[email protected] » ZIP » chrome/content/overlay.js - Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00008a » GZIP » f_00008a - archive damaged
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e2 » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\IEHelper.dll - Win32/Toolbar.Babylon.E potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Broken sword 2 setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\OpenUniversity-windows-0.1.3.exe » INNO » {app}\proc\platform\lib\security\java.policy - is OK
C:\Documents and Settings\user\My Documents\VeohWebPlayerSetup_eng.exe » NSIS » VeohConduit.exe » WISE » TEMP_DLL_FILE_PATH - a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\user\My Documents\backups\backup-20131021-211149-300.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\cbsidlm-cbsi134-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe - a variant of Win32/CNETInstaller.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\K-Lite_Codec_Pack_930_Mega.exe » INNO » - unsupported option
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Default.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Zip.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Sword1\Setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\Sword2\Setup.exe » INDIGOROSE - archive damaged
C:\Program Files\MapNeto_1\ldrtbMap0.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\ldrtbMap2.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper1.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap0.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap2.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap0.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap1.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMapN.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR » - archive damaged
C:\Program Files\qualitink\qualitinkBHO.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Program Files\qualitink\qualitinkUninstall.exe » NSIS » Script.nsi - Win32/BrowseFox.C potentially unwanted application
C:\Program Files\qualitink\updatequalitink.exe - a variant of Win32/BrowseFox.G potentially unwanted application - action selection postponed until scan completion
C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\temp\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab » CAB » testtar.tar » TAR » - archive damaged
Number of scanned objects: 327166
Number of threats found: 18
Number of cleaned objects: 0
Time of completion: 6:21:58 PM Total scanning time: 8354 sec (02:19:14)
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## Mark1956 (May 7, 2011)

Looks like we have succeeded in killing off the Worm, we now need to tackle the desktop. The laptop will need some more cleaning as it has several items of Adware on it, but we will come back to that once the desktop is dealt with.

As the desktop has no internet connection we need to use the off-line installer for NOD32, please follow the instructions below.

When you ran the Flash Drive Disinfector did you use it on your phone as suggested in the instructions, just wondering if it was able to clean up that as well.

Go here: Eset offline installer
On the right side of the page click on 'Offline installer'.
Make the selections for your version of Windows (you have to choose either 32bit or 64bit) and the language.
Click on the Download button and wait for the download to complete.
Copy the downloaded file to your flash drive and transfer it to the other PC and save it to the desktop.
Uninstall any existing Anti Virus programs.
Double click on the icon to start the installation.
When the screen appears to ask if you wish to set it to detect potentially unwanted applications check the option to Enable.
Click on Install.
After the install completes a Product Activation screen pops up, click on Activate later. Ignore any warnings about your PC not being protected.
Click on Start, All Programs, Eset, Eset NOD32 Antivirus then scroll down a couple of lines and click on Eset NOD32 Antivirus.
Ignore the warnings of it not being activated and click on Computer scan in the left column.
If Eset pops up a Warning window showing any threats found click on Clean. If it doesn't go away after the first click keep on clicking Clean until it goes.
Click on Smart Scan and leave to finish.
Click on Show log under each scan and post the logs back here.
Then click on Removable media scan to check nothing has jumped onto the flash drive and post that log also.


----------



## dawudbryant (Sep 12, 2013)

hi, no i didnt use it on my phone, I dont want to wipe my phone, there many files on there that have to be there. I also don't wanna wipe my pictures on there, is there no way that I can save them?


----------



## dawudbryant (Sep 12, 2013)

it keeps coming up saying either that the computer hasnt been restarted after a program uninstallation but that not true, I restarted it twice. If that doesnt come up then instead it pops up saying that the wizard is unable to complete because of an error where the system hasnt been modified.
Also, the tovhfhf.vbs file shows on the flashdrive when in the desktop pc.


----------



## Mark1956 (May 7, 2011)

As I said earlier, I've got no experience of cleaning infections from a mobile phone, but as far as I am aware the Immunizer will only remove the infected file, it shouldn't delete any of your data. The risk is if you don't run the immunizer on it it will infect any PC you plug it into.

With the desktop, I'm not sure what the problem is, it sounds like it has re-infected the flash drive.
Did NOD32 install, or are you seeing these errors when trying to install it.

Put the flash drive back into the laptop and run the USB scan with NOD32, post the log it produces. We might need to try some other tools we have not used yet.


----------



## dawudbryant (Sep 12, 2013)

the problems are coming up when i try to install it to the desktop


----------



## dawudbryant (Sep 12, 2013)

heres the phone log after i scanned it with ESET, Seems to have gotten rid of the problems

Scan Log
Version of virus signature database: 9176 (20131215)
Date: 12/16/2013 Time: 10:01:41 AM
Scanned disks, folders and files: E:\
E:\.android_secure.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\.downloadTemp.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\.mmsyscache.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\.thinkfree.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\.TSQuran.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\.tss21App.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 9302
Number of threats found: 7
Number of cleaned objects: 7
Time of completion: 10:05:41 AM Total scanning time: 240 sec (00:04:00)
Notes:
[1] Object has been deleted as it only contained the virus body.


----------



## dawudbryant (Sep 12, 2013)

i put the re-infected flashdrive back into the laptop and re scanned it as you asked, here is the log

Scan Log
Version of virus signature database: 9176 (20131215)
Date: 12/16/2013 Time: 10:17:15 AM
Scanned disks, folders and files: E:\
E:\autorun.inf.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\eav_nt32_enu.lnk - LNK/Agent.AK trojan - cleaned by deleting - quarantined [1]
E:\tovhfhfiei.vbs - VBS/Agent.NDH worm - cleaned by deleting - quarantined [1]
Number of scanned objects: 560
Number of threats found: 3
Number of cleaned objects: 3
Time of completion: 10:17:44 AM Total scanning time: 29 sec (00:00:29)
Notes:
[1] Object has been deleted as it only contained the virus body.


----------



## Mark1956 (May 7, 2011)

This worm is sure giving us the run around.

The flash drive had re-infected even though the Flash Drive Disinfector had placed the autorun.inf file onto it, which should have stopped it from being infected again. We don't want to take any chances so you had better do another scan on the laptops hard drive to make sure the flash drive hasn't passed the infection back onto it, post the log when done.

I shall be out for the rest of the morning, have another go at getting NOD32 to install on the desktop, you could also try it in Safe Mode. If it works, then run all the scans and post the logs.

If it won't install we shall have to use something else.


----------



## dawudbryant (Sep 12, 2013)

luckily it doesnt seem to have reinfected the laptop

Scan Log
Version of virus signature database: 9176 (20131215)
Date: 12/16/2013 Time: 10:22:09 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\pagefile.sys - error opening [4]
C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\Data1.cab » CAB » core.zip » ZIP » lib/security/java.policy - is OK
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\l0qf8fn3.default\extensions\[email protected] » ZIP » chrome/content/overlay.js - Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Desktop\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00008a » GZIP » f_00008a - archive damaged
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e2 » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\user\Local Settings\Temp\A2535726-BAB0-7891-BEBE-FA8412B29261\Latest\IEHelper.dll - Win32/Toolbar.Babylon.E potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Broken sword 2 setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\OpenUniversity-windows-0.1.3.exe » INNO » {app}\proc\platform\lib\security\java.policy - is OK
C:\Documents and Settings\user\My Documents\VeohWebPlayerSetup_eng.exe » NSIS » VeohConduit.exe » WISE » TEMP_DLL_FILE_PATH - a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\user\My Documents\backups\backup-20131021-211149-300.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\cbsidlm-cbsi134-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe - a variant of Win32/CNETInstaller.B potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\user\My Documents\Downloads\K-Lite_Codec_Pack_930_Mega.exe » INNO » - unsupported option
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Default.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Downloads\wrar500.exe » RAR » Zip.SFX » WINRARSFX - archive damaged
C:\Documents and Settings\user\My Documents\Sword1\Setup.exe » INDIGOROSE - archive damaged
C:\Documents and Settings\user\My Documents\Sword2\Setup.exe » INDIGOROSE - archive damaged
C:\Program Files\MapNeto_1\ldrtbMap0.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\ldrtbMap2.dll - a variant of Win32/Toolbar.Conduit.P potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\MapNeto_1ToolbarHelper1.exe - Win32/Toolbar.Conduit.Q potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap0.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\prxtbMap2.dll - Win32/Toolbar.Conduit.O potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap0.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMap1.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\MapNeto_1\tbMapN.dll - a variant of Win32/Toolbar.Conduit.B potentially unwanted application - action selection postponed until scan completion
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR » - archive damaged
C:\Program Files\qualitink\qualitinkBHO.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\Program Files\qualitink\qualitinkUninstall.exe » NSIS » Script.nsi - Win32/BrowseFox.C potentially unwanted application
C:\Program Files\qualitink\updatequalitink.exe - a variant of Win32/BrowseFox.G potentially unwanted application - action selection postponed until scan completion
C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\temp\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab » CAB » testtar.tar » TAR » - archive damaged
Number of scanned objects: 326639
Number of threats found: 18
Number of cleaned objects: 0
Time of completion: 12:49:01 PM Total scanning time: 8812 sec (02:26:52)
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## dawudbryant (Sep 12, 2013)

the ESET doesnt work via safe mode nor on normal mode


----------



## Mark1956 (May 7, 2011)

Ok, that is a good result, I suspect it is NOD32 that is blocking the worm from re-infecting the laptop as the Flash Drive Disinfector appears to have failed against this particular variant. I am becoming more convinced that this is a new variant of the worm. Have you seen a pop up appear when you plug the flash drive into the laptop, when I ran tests with NOD32 it popped up a box asking if I wanted to scan my flash drive whenever I plugged it in, are you seeing the same thing?

Now back to the desktop. Have you had any luck with further attempts to install NOD32?

If not, we have another tool we can try out which should also scan the flash drive used to transfer the program over to it, so when you transfer the program to it from the laptop leave it plugged in, then transfer the log produced back to the laptop and post it.

If you get any warnings from NOD32 in respect of Combofix please ignore them.

These instructions are written to download and run on the same machine, I'm sure you can manage the transfer to the desktop and back again. This program does not install so it should run ok and as it does a few things in the background it might even get the system back on line.

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first, just follow the prompts when you run it.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## dawudbryant (Sep 12, 2013)

yes, it pops up as i plug it in and i immediately scan it every time


----------



## Mark1956 (May 7, 2011)

> the ESET doesnt work via safe mode nor on normal mode


 In that case please go ahead and run Combofix.



> yes, it pops up as i plug it in and i immediately scan it every time


That's good and should keep the laptop clean, another step in the right direction .


----------



## dawudbryant (Sep 12, 2013)

when i run scans the computers always go on screen savers or energy saver mode, so i have to move the mouse to stop it doing that, if I do that though the above instructions say it could ruin my computer.


----------



## dawudbryant (Sep 12, 2013)

as i dont have the windows dvd do i have to create one before I start this?


----------



## Mark1956 (May 7, 2011)

Ok, click on Start, Control Panel, Power Options. In the left pane click on Choose when to turn off display and set it to Never, do the same with Choose when the computer sleeps. I actually doubt the PC would go to the screensaver or sleep when Combofix is running, but making the above settings will keep it active.


----------



## dawudbryant (Sep 12, 2013)

i cant create a dvd as my laptop doesnt have a dvd drive and the internet isnt working on the desktop


----------



## Mark1956 (May 7, 2011)

Just deleted my post as I had not seen your reply above before I posted it.

And deleted the next one as I was distracted.


----------



## dawudbryant (Sep 12, 2013)

ok thanks, lol, i wondered where it went. After Ive done that and its time to start on the combofix, do I follow their instructions first, im abit muddled up as to what order to follow the instructions


----------



## dawudbryant (Sep 12, 2013)

ive done the power saving thing


----------



## dawudbryant (Sep 12, 2013)

i hope u get paid from techguy


----------



## Mark1956 (May 7, 2011)

OK, hang in there and I will post instructions to create a Windows 7 Repair CD, you won't need internet connection to do it.

PAID!!, nope, it is a labour of love.


----------



## Mark1956 (May 7, 2011)

Follow this on the desktop to burn a Repair CD.

Go to Control Panel and select Backup and Restore. In the left hand pane select Create a System Recovery disc and follow the prompts.

When done put the CD into your laptop and scan it to see if the worm has been copied and let me know, you won't be able to delete it from the CD.

I'm off out again in a bit so speak to you later.

Do you have access to another PC that you can use to download and burn the Windows 7 DVD so that we can run the repair install once the desktop is clean. The alternative is to download it on the laptop, then transfer it with a flash drive to the desktop and burn it with that.


----------



## dawudbryant (Sep 12, 2013)

thanks Mark, you know what, I'm actually enjoying all of this, usually I hated computers lol


----------



## dawudbryant (Sep 12, 2013)

my charger for another laptop that has a disc drive is broken, and the battery is dead so it looks like ill have to download it on my laptop then use the flashdrive. But surely when I do that the flashdrive will be reinfected and the files with it.

Also, at what point do I back up my desktop to my new external hard drive?


----------



## dawudbryant (Sep 12, 2013)

usually the desktop shows the infected files, so I have looked on the burned disc and it doesnt say the .vbs file is on there, surely that means it not infected right?


----------



## Mark1956 (May 7, 2011)

PC's become a lot less daunting once you learn how they tick.

We are getting on top of the infection so once we have killed it on the desktop we should not see it again. After we have achieved that we can clean up the back up drive, you can then do a fresh back up without the risk of the infection being on there. You can also burn the Windows 7 DVD via the laptop and then run the Repair Install which should put the desktop back to normal.

As the Repair CD shows it is clean that is good, the infection is still on the desktop it just failed to be copied to the CD, it is probably created only to jump onto flash drives.


----------



## Mark1956 (May 7, 2011)

I am off out now so let me know how it goes with Combofix and post the log, I am keen to see if Combofix will detect this infection, fingers crossed.


----------



## dawudbryant (Sep 12, 2013)

excellent, cos like I said, I have a broken charger on my laptop that does have a dvd drive. So Im hoping that dvd is clear, seems to be. Ill get started on the combo fix now

Thanks


----------



## dawudbryant (Sep 12, 2013)

it restarted as it was deleting the infected files, i was worried as this wasnt meant to happen, but when it came back on it says its preparing the log so hopefully it didnt mess anything up. It found the .vbs file and should of deleted it.


----------



## dawudbryant (Sep 12, 2013)

I have now looked in the flashdrive on the desktop and the infected file is still there


----------



## dawudbryant (Sep 12, 2013)

is there no way for the pc to scan the flashdrive


----------



## dawudbryant (Sep 12, 2013)

heres the log for the desktop, ive re scanned the flash drive via ESET so if the worm is gone from the desktop hopefully when i plug in the flash drives again they wont re infect it right?

Also, I tried to follow their guidance for getting the internet back on but when I try to follow their instructions it doesnt work out like they say. In the end the internet still doesnt work so it looks like that system restart to factory settings is the only 
way.

ComboFix 13-12-13.01 - Dawud and Saarah 16/12/2013 16:23:14.1.2 - x86
Running from: c:\users\Dawud and Saarah\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Wincert\WIN32C~1.DLL
c:\programdata\windows
C:\UNWISE.EXE
c:\users\Dawud and Saarah\AppData\Roaming\Adobe\plugs
c:\users\Dawud and Saarah\AppData\Roaming\Adobe\shed
c:\users\Dawud and Saarah\AppData\Roaming\Ipvemi
c:\users\Dawud and Saarah\AppData\Roaming\Ipvemi\ororg.utu
c:\users\Dawud and Saarah\AppData\Roaming\log.txt
c:\users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs
.
.
((((((((((((((((((((((((( Files Created from 2013-11-16 to 2013-12-16 )))))))))))))))))))))))))))))))
.
.
2013-12-16 04:40 . 2013-12-16 04:40 -------- d-----w- c:\program files\ESET
2013-12-16 04:32 . 2013-12-16 04:33 -------- d-----w- c:\users\Dawud and Saarah\AppData\Local\Avg2013
2013-12-05 19:52 . 2013-12-05 19:52 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-12-05 19:52 . 2013-12-05 19:52 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-12-05 19:52 . 2013-12-05 19:52 -------- d-----w- c:\program files\OpenAL
2013-12-05 19:25 . 2013-11-27 09:43 77339 --sha-w- c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs
2013-12-02 12:22 . 2013-12-08 17:09 -------- d-----w- c:\users\Dawud and Saarah\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-19 10:43 . 2013-02-07 03:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-19 10:43 . 2011-08-16 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 19:30 . 2013-10-13 19:30 50053120 ----a-w- c:\program files\GUTD0D3.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-22 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"tovhfhfiei"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\ismagent.lnk" [2011-10-09 1330]
"Intel AppUp(SM) center_Nagware"="c:\program files\Intel\IntelAppStore\bin\AppUp.lnk" [2011-10-09 2207]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2009-10-18 7168]
.
c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
tovhfhfiei.vbs [2013-11-27 77339]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Dawud and Saarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dawud and Saarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Reader-reminder]
2010-07-05 10:36 333088 ----a-w- c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OurBabyMaker_27 Browser Plugin Loader]
2012-01-12 15:13 30096 ----a-w- c:\progra~1\OURBAB~2\bar\1.bin\27brmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 arusb_lh;Atheros OTUS Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2007-11-13 407040]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-21 1343400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-08-28 37664]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 OurBabyMaker_27Service;OurBabymakerService;c:\progra~1\OURBAB~2\bar\1.bin\27barsvc.exe [2012-01-12 42504]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 08:58 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-07 10:43]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 19:30]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\Dawud and Saarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
MSConfigStartUp-abbhrympxqfvxuu - c:\programdata\abbhrymp.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe
AddRemove-ilividtoolbargaw - c:\progra~1\SEARCH~2\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Viewer Setup - C:\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3652)
c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-16 16:35:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-16 13:35
.
Pre-Run: 57,040,195,584 bytes free
Post-Run: 57,028,591,616 bytes free
.
- - End Of File - - 83A7533CA6ECC572B8E83060AF90DA75
A36C5E4F47E84449FF07ED3517B43A31


----------



## dawudbryant (Sep 12, 2013)

just replugged in the flash drive into my desktop and finally that virus/worm isnt showing. Excellent, thank you, almost there I think.


----------



## Mark1956 (May 7, 2011)

Yup, its looking good, but there is another instance of the bad file, not sure why Combofix didn't detect that as well, so we need to remove it as follows.

Once we have this done and the worm isn't showing up any more we can go back to removing the registry entries that relate to the bad file, then run the Repair Install, you could start the download of the Windows 7 DVD in preparation. We will try a Repair Install first but if that fails we will have to resort to a clean install. We also need to check you external hard drive. You can do that by connecting it to the laptop and running Eset on it, post the log when done.

You can either copy the script below on the laptop and transfer the notepad document or type it in directly to notepad on the desktop. If you do type it you must be absolutely certain it is identical, one letter or punctuation mark out of place and it won't work.

We are now going to run ComboFix a different way.

Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._


```
KillAll::

File::
c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs

ClearJavaCache::

Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet. Disable your Anti Virus.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.










This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


----------



## dawudbryant (Sep 12, 2013)

im doing that scan now, also, I burnt the disc earlier. I will send the log in a minute, its almost done.


----------



## dawudbryant (Sep 12, 2013)

heres the log

ComboFix 13-12-13.01 - Dawud and Saarah 16/12/2013 18:25:52.2.2 - x86
Running from: c:\users\Dawud and Saarah\Desktop\ComboFix.exe
Command switches used :: c:\users\Dawud and Saarah\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs
.
.
((((((((((((((((((((((((( Files Created from 2013-11-16 to 2013-12-16 )))))))))))))))))))))))))))))))
.
.
2013-12-16 15:31 . 2013-12-16 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 15:31 . 2013-12-16 15:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-12-16 04:40 . 2013-12-16 04:40 -------- d-----w- c:\program files\ESET
2013-12-16 04:32 . 2013-12-16 04:33 -------- d-----w- c:\users\Dawud and Saarah\AppData\Local\Avg2013
2013-12-05 19:52 . 2013-12-05 19:52 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-12-05 19:52 . 2013-12-05 19:52 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-12-05 19:52 . 2013-12-05 19:52 -------- d-----w- c:\program files\OpenAL
2013-12-02 12:22 . 2013-12-08 17:09 -------- d-----w- c:\users\Dawud and Saarah\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-19 10:43 . 2013-02-07 03:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-19 10:43 . 2011-08-16 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 19:30 . 2013-10-13 19:30 50053120 ----a-w- c:\program files\GUTD0D3.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-22 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"tovhfhfiei"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\ismagent.lnk" [2011-10-09 1330]
"Intel AppUp(SM) center_Nagware"="c:\program files\Intel\IntelAppStore\bin\AppUp.lnk" [2011-10-09 2207]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2009-10-18 7168]
.
c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Dawud and Saarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dawud and Saarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Reader-reminder]
2010-07-05 10:36 333088 ----a-w- c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OurBabyMaker_27 Browser Plugin Loader]
2012-01-12 15:13 30096 ----a-w- c:\progra~1\OURBAB~2\bar\1.bin\27brmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 arusb_lh;Atheros OTUS Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2007-11-13 407040]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-21 1343400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-08-28 37664]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 OurBabyMaker_27Service;OurBabymakerService;c:\progra~1\OURBAB~2\bar\1.bin\27barsvc.exe [2012-01-12 42504]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 08:58 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-07 10:43]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 19:30]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Dawud and Saarah\AppData\Roaming\Mozilla\Firefox\Profiles\5r2djj93.default-1379853468803\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1864)
c:\users\Dawud and Saarah\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-16 18:37:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-16 15:37
ComboFix2.txt 2013-12-16 13:35
.
Pre-Run: 59,724,541,952 bytes free
Post-Run: 59,538,665,472 bytes free
.
- - End Of File - - CCCCB2D8F2701F6F42CFEE52E5318454
A36C5E4F47E84449FF07ED3517B43A31


----------



## Mark1956 (May 7, 2011)

Combofix log is looking good, how are the flash drives.

Judging by this reply in post 222:

im doing that scan now, also, I burnt the disc earlier. I will send the log in a minute, its almost done.

You've misunderstood. When I related to the Windows 7 DVD I meant the full Windows ISO not the small Repair CD. You will need to download and burn the full DVD to run a Repair Install, the Repair CD only gives access to the recovery console it won't install Windows, I appreciate the names can be confusing.

Run a scan on the external hard drive so we can see how that is.

I also need you to repeat the run you did with SystemLook on the desktop so I can recreate the file removal to get rid of all the worm's remnants.


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*tovhfhfiei.vbs*
:regfind
tovhfhfiei
tovhfhfiei.vbs
:service
tovhfhfiei
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## dawudbryant (Sep 12, 2013)

hi, ok, can I download the ISO image thing on the laptop, put it on the flash drives (which are fine now) then burn it to a dvd on the desktop?


----------



## dawudbryant (Sep 12, 2013)

Here is the system look log from the desktop

SystemLook 30.07.11 by jpshortstuff
Log created at 19:05 on 16/12/2013 by Dawud and Saarah
Administrator - Elevation successful
========== filefind ==========
Searching for "*tovhfhfiei.vbs*"
C:\FRST\Quarantine\tovhfhfiei.vbs --a---- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Qoobox\Quarantine\C\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs.vir --a---- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Qoobox\Quarantine\C\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs.vir --a---- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
========== regfind ==========
Searching for "tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs""
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI]
[HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs""
[HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI]
[HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000_Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI]
Searching for "tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs""
[HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs""
========== service ==========
tovhfhfiei - Unable to open Service Handle.
-= EOF =-


----------



## Mark1956 (May 7, 2011)

That log confirms that all that is left of the infection is remnant registry keys, the other items listed are all in quarantine.

We now need to use FRST again, you can create the script on the laptop, save it in a notepad document with the name *fixlist.txt* and transfer to the desktop to run it. Then transfer the log back and post it.

Open Notepad and *Copy & Paste* the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select *Copy* then right click in the Notepad window and select *Paste*. Save it to the same location that FRST is saved in as *fixlist.txt* _*<--- it is very important to spell this name exactly as written here.*_


```
CMD: reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "tovhfhfiei" /f
CMD: reg delete "HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f
CMD: reg delete HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Microsoft\Windows\CurrentVersion\Run /v "tovhfhfiei" /f
CMD: reg delete "HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f
CMD: reg delete "HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000_Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.*


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.


----------



## Mark1956 (May 7, 2011)

The next job after the above is complete is to run a scan with NOD32 on your external drive and post the log.

Once we know the external drive is clean you can format it and back up all the important data, you should remove Combofix as that will automatically delete all restore points and create a new one, just need to see the FRST log to confirm the deletions completed. Please wait for the instructions to remove Combofix as it is not done in the normal way. 

When that is all complete and the Windows 7 DVD has been burned you can continue with the Repair Install, this should get the desktop back on line. 

We still have a bit of cleaning up to do on the laptop, but best to take one step at a time.


----------



## dawudbryant (Sep 12, 2013)

Hi, sorry for my late reply, I was out, I will do these steps in the morning as its midnight now. My external hard drive is a brand new one so I have never plugged it into any computer. So I dont need to scan it right, or do you want me to use the immunizer on it?


----------



## Mark1956 (May 7, 2011)

No problem with the external drive as it is new and we have found the immunizer does not work with this infection. I had a feeling that earlier in the thread you had used it, got too many PC's on my mind, lol.

I'll be turning in soon myself after finishing of a heap of replies.


----------



## dawudbryant (Sep 12, 2013)

Hi Mark, its 6.17am here, I just did the fix with FRST, heres the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013 01
Ran by Dawud and Saarah at 2013-12-17 06:35:17 Run:3
Running from C:\Users\Dawud and Saarah\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CMD: reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "tovhfhfiei" /f
CMD: reg delete "HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f
CMD: reg delete HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Microsoft\Windows\CurrentVersion\Run /v "tovhfhfiei" /f
CMD: reg delete "HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f
CMD: reg delete "HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000_Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f
*****************

========= reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "tovhfhfiei" /f =========
The operation completed successfully.

========= End of CMD: =========

========= reg delete "HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f =========
The operation completed successfully.

========= End of CMD: =========

========= reg delete HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Microsoft\Windows\CurrentVersion\Run /v "tovhfhfiei" /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of CMD: =========

========= reg delete "HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of CMD: =========

========= reg delete "HKEY_USERS\S-1-5-21-560286956-321209922-1175365262-1000_Classes\VirtualStore\MACHINE\SOFTWARE\TOVHFHFIEI" /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of CMD: =========

==== End of Fixlog ====


----------



## Mark1956 (May 7, 2011)

Ok, just to be extra sure please run the SystemLook scan again as in post 224 and post the result.

Have you downloaded the Windows 7 DVD yet?

We now need to remove Combofix, as follows.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).


----------



## dawudbryant (Sep 12, 2013)

heres the system look log

SystemLook 30.07.11 by jpshortstuff
Log created at 14:25 on 17/12/2013 by Dawud and Saarah
Administrator - Elevation successful
========== filefind ==========
Searching for "*tovhfhfiei.vbs*"
C:\FRST\Quarantine\tovhfhfiei.vbs --a---- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Qoobox\Quarantine\C\Users\Dawud and Saarah\AppData\Roaming\tovhfhfiei.vbs.vir --a---- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
C:\Qoobox\Quarantine\C\Users\Dawud and Saarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tovhfhfiei.vbs.vir --a---- 77339 bytes [19:25 05/12/2013] [09:43 27/11/2013] 48E56F1EF5AF4A0CA1485F6F4CEEB1D7
========== regfind ==========
Searching for "tovhfhfiei"
No data found.
Searching for "tovhfhfiei.vbs"
No data found.
========== service ==========
tovhfhfiei - Unable to open Service Handle.
-= EOF =-

Also, I'm searching online for the windows 7 iso thing, im not sure if the thing i found is the right thing.

Also, are these good instructions? Says to download IMAGEBURN

http://www.zdnet.com/blog/hardware/how-to-burn-your-windows-7-iso-to-dvd-disc/3317


----------



## dawudbryant (Sep 12, 2013)

I've now uninstalled ComboFix


----------



## Mark1956 (May 7, 2011)

Good progress, the infection is gone from the desktop, we will do further checks on the laptop, but for now please complete the download and burning of the Windows 7 DVD so we can repair the desktop and get it back on line.

Meanwhile I would like to ask that you do us a small favor. As this infection wasn't fully detected by Combofix and missed by several AV tools it would help the community to have a sample of the file uploaded for inspection. This will allow the updating of various scanners and the flash drive immunizer so that they can detect this Worm in the future.

Right click on the URL at the top of your screen to copy the URL for this thread, it should turn blue, select Copy from the pop up menu.

Then please go *Here* and enter the URL to this thread beside *Link to topic where this file was requested:* Just right click in the box and select Paste so the URL appears in the box.

Then click on *Browse* and locate the following file on your computer:

C:\FRST\Quarantine\tovhfhfiei.vbs

Left click once on the file and then click on Open. You should see the file name appear on the box.

Next: Copy and Paste this text below into the message box:

Combofix did not detect all instances of the .vbs file.
Both Malwarebytes and FRST missed the infection.
Only 9 out of 22 AV's at Jotti's site recognized the file as an infection.
sUBs Flash Drive Disinfector and Bitdefender's USB Immunizer failed to stop a flash drive being re-infected from the PC.
NOD32 Anti Virus was successful at removing the infection from PC, flash drive and mobile phone.

When done, click on *Send File*.


----------



## Mark1956 (May 7, 2011)

Just spotted the end of your last post. You don't need ImgBurn on a Windows 7 PC to burn the DVD and there was a link to download ImbBurn in the instructions. You should also only use the link I gave earlier to download the ISO image of Windows 7 as that is an official download source.

Note this part in my instructions:

If you have downloaded the ISO on a Windows 7 PC right click the ISO file, select *Open With*, then select* Windows Disc Image Burning Tool* then follow the prompts.

This also applies when you have transferred the ISO file from another PC as Windows 7 has a built in ISO burner.


----------



## Mark1956 (May 7, 2011)

To avoid any confusion, this is from my instructions to get the ISO image.

Please go here: Windows 7 ISO downloads and download the version of Windows 7 that matches what you have on your PC.


----------



## dawudbryant (Sep 12, 2013)

Thanks, I just tried to do that thing, I located the file but when I click open it says missing shortcut, then says file not found


----------



## Mark1956 (May 7, 2011)

my mistake, that file I suggested you look for is on the desktop and you will have followed the instructions on the laptop.

We will have to do this anyway so please can you run the SystemLook scan on the laptop so we can find the location of the quarantined file, it should be in the NOD32 quarantine.


----------



## dawudbryant (Sep 12, 2013)

Also, I have no clue what verion of windows iso I need to download, none of them say 32 bit and I dont know whether its professional, ultimate or whatever


----------



## dawudbryant (Sep 12, 2013)

heres the system look log for the laptop

SystemLook 30.07.11 by jpshortstuff
Log created at 19:52 on 17/12/2013 by user
Administrator - Elevation successful
========== filefind ==========
Searching for "*tovhfhfiei.vbs*"
C:\FRST\Quarantine\tovhfhfiei.vbs.lnk --a---- 1049 bytes [11:29 05/12/2013] [08:32 10/12/2013] 45186029D6AB355BA1380B69301E2F63
========== regfind ==========
Searching for "tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="tovhfhfiei"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\lnk]
"a"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs""
[HKEY_LOCAL_MACHINE\SOFTWARE\tovhfhfiei]
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="tovhfhfiei"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\lnk]
"a"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs""
Searching for "tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\lnk]
"a"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs""
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\lnk]
"a"="C:\FRST\Quarantine\tovhfhfiei.vbs.lnk"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\vbs]
"a"="C:\Documents and Settings\user\Start Menu\Programs\Startup\tovhfhfiei.vbs"
[HKEY_USERS\S-1-5-21-1060284298-113007714-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"tovhfhfiei"="wscript.exe //B "C:\Documents and Settings\user\Application Data\tovhfhfiei.vbs""
========== service ==========
tovhfhfiei - Unable to open Service Handle.
-= EOF =-


----------



## Mark1956 (May 7, 2011)

You need to download Windows 7 Professional 32bit.


----------



## dawudbryant (Sep 12, 2013)

i have downloaded this one, hope its right, doesnt say 32 bit

*http://msft.digitalrivercontent.net/win/X17-24209.iso
Windows 7 Professional x86 SP1 (bootable)*

http://msft.digitalrivercontent.net/win/X17-24280.iso


----------



## Mark1956 (May 7, 2011)

That's the one we need, the X86 means it is 32bit, confusing I know, but there is a reason for it which I have completely forgotten. Anyway, for future reference when you see X86 it is 32 bit, when you see X64 it is a lot more obvious that means 64bit.

Back to uploading that file. I can see from the SystemLook scan on the laptop it is a shortcut in the Quarantine not the actual file, you can see that by the .lnk on the end of the file name. If I recall correctly it was Eset NOD32 that took out the actual file and it doesn't appear to have a quarantine folder, it just deleted the file. On the desktop it is the actual file in quarantine which we dare not move.

Not to worry about that for the moment, once we have run the Repair install the FRST quarantine folder should still be there and with internet connection (which I hope we get) you can upload it from the desktop.


----------



## dawudbryant (Sep 12, 2013)

ok, I'm just downloading that file, its taking ages but when it's done I'll do as you said and burn it to disc if I can find that post then I'll let you know how it went. Then I can backup the desktop to my new external hard drive right?

Thanks again


----------



## Mark1956 (May 7, 2011)

It is a big file so it may take a few hours depending on your download speed.

I'll post the link again for the instructions. You should back up your important data to the external drive before you start the Repair Install. If the repair is successful you can then perform a full image back up once you are sure the system is back to optimum performance.

Windows 7 Repair Install follow the instructions from 5.


----------



## dawudbryant (Sep 12, 2013)

Thanks. How do I do a backup? Do I send files by right clicking on the c:/ drive then pressing send to? I have to format the hard drive too right? Ill do that then use ESET on it.


----------



## dawudbryant (Sep 12, 2013)

Ill try and back it up from the c:\ drive, I think thats the way to do it


----------



## Mark1956 (May 7, 2011)

A new hard drive should already be formatted. You will see a warning saying you have to format it first if it isn't, as soon as you try to copy something onto it.

At this point all you need to do is copy all your important files over to the hard drive from within Windows Explorer, as your files will all be in libraries, just right click on each library in turn and select 'Send to' and click on the drive in the pop up menu. You can check the drive afterward to make sure everything has been copied.

When you finish copying the files, left click on the drive and select Eject. This makes quite sure it isn't in the middle of doing something and will avoid any risk of data loss.


----------



## dawudbryant (Sep 12, 2013)

when I click into C:/ drive it seems to have everything in it, including the files in the internet explorer thing. I am also trying again to put the ESET thing on my desktop and it seems to be working after we did the ComboFix. I'll let you know when its done so we can get on with the reset thing.


----------



## Mark1956 (May 7, 2011)

Sounds encouraging, another step forward


----------



## dawudbryant (Sep 12, 2013)

Heres the two scans it did. The first deleted 80 of 81 finds, the second one didnt have anything deleted.


----------



## dawudbryant (Sep 12, 2013)

i highlighted the files I wanted sending that is about 400gb but when I pasted them into the external hard drive it says its sending only 18.1gb and not the right amount of files. It says its sending 48,000 files but there is actually double that. Do you know why this is? Some of the files are shown as faint like its a hidden file, could it be that they are being sent but its not showing up?


----------



## Mark1956 (May 7, 2011)

Ok, first thing, the Eset scan looks good, there is just one thing you need to remove. In your Downloads folder delete anything with the name *ilivid* in the name as that is Adware.

You sure have a lot of files to save. As there is a problem (not sure why that should be an issue) you will need to try sending them in batches. The feint files are probably shadow copies which you don't need. Check these settings in Windows Explorer to make sure system files are hidden.

Open Windows Explorer, click on Organise (top left of the window).
Select 'Folder and search options' then click on the View tab.
Just below 'Hidden files and folders' click on the circle next to 'Don't show hidden files, folders, or drives' so it turns blue. If it is already blue then leave it as it is.
Now go down the list a few lines and make sure there is a check mark in the box next to 'Hide protected operating system files (Recommended)', click on the box to add a check mark if you don't see one.
Then click on Apply at the bottom of the box and then click on OK.
Once done you should no longer see any system files.

Have you tried just sending the libraries to the external drive one at a time?


----------



## Mark1956 (May 7, 2011)

I've just thought of something else. Click on Start, right click on Computer and then select Manage.
Click on Disk Management, under Storage, and find the external drive from the list at the top of the window. Look under the column File System, it should say NTFS, if it is showing FAT32 then that will be the problem as FAT32 cannot save files bigger than 4GB. You will need to reformat it to NTFS which has no limit.


----------



## dawudbryant (Sep 12, 2013)

Hi, I am now sending them one at a time and it seems to be working, also, I remember seeing NTFS so I think its already set to that. I think this is gonna take all night, but tomorrow hopefully we can get this dealt with. Thanks


----------



## dawudbryant (Sep 12, 2013)

I couldnt find the ilivid file in the downloads but i found a toolbar in desktop, then in old firefox. I will delete that.


----------



## dawudbryant (Sep 12, 2013)

if i try to delete a large amount the pop up deleting thing crashes, i have to do control alt delete to get rid of it. There is also a problem when I go onto my pictures. it closes it. Will these hopefully be solved when I reset the computer?


----------



## Mark1956 (May 7, 2011)

I don't envy you having to copy so many files, did you try using 'Send to' with complete libraries or is that what you had the first problem with. Have you tried that with the pictures folder?

If issues remain they will hopefully be fixed with the Repair Install, possibly caused by the earlier infection.


----------



## dawudbryant (Sep 12, 2013)

its ok, its doing it now. just gotta sit and wait lol


----------



## Mark1956 (May 7, 2011)

Great


----------



## dawudbryant (Sep 12, 2013)

its still going on, a few files wont send but its not far off now


----------



## Mark1956 (May 7, 2011)

Ok, when you are done carry on with the Repair Install, Windows 7 Repair Install and follow the instructions from 5.


----------



## dawudbryant (Sep 12, 2013)

unfortunately the disc isnt working. When I try to install it, it comes up saying
D:\Sources\SPWIZENG.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

It also says on another pop up that
The file 'autorun.dll' could not be loaded or is corrupt. Setup cannot continue. Error code is (0xC1)


----------



## dawudbryant (Sep 12, 2013)

when I had tried to burn the dvd the windows burner didnt work so I used Roxio. I dont know if that has anything to do with it


----------



## Mark1956 (May 7, 2011)

A few steps forward and then another one back 

Did the Windows burner give you any error notices and what did they say?

Did you get as far as seeing the screen shown at instruction number 8?


----------



## dawudbryant (Sep 12, 2013)

the windows burner only had the option for a dvdr, mine are dvdrw's

i got as far as just clicking the runsetup.exe which is what didnt work


----------



## dawudbryant (Sep 12, 2013)

ive just found a dvdr so i will try that. Also Im redownloading the iso thing


----------



## dawudbryant (Sep 12, 2013)

the new disc works but its asking me to upgrade, which i dont wanna do as it entails installing loads of other stuff im not sure about. I dont know what to do if i dont do the upgrade but instead choose the other option.


----------



## dawudbryant (Sep 12, 2013)

i clicked to do it without an upgrade which might send all my files to a file called old windows 7 or something like that. Im now waiting on it to finish copying the following files
Expanding windows files
installing features
installing updates
completing installation


----------



## dawudbryant (Sep 12, 2013)

how am i supposed to know the windows 7 product key?


----------



## Mark1956 (May 7, 2011)

Sorry I didn't get back to you in time, it was the Upgrade that you needed to do, the other option will have wiped out all your installed software.

Your product key will be on a sticker on the PC.


----------



## dawudbryant (Sep 12, 2013)

The upgrade option wouldnt work as it told me to install something that I didnt know what it was, the guide didnt go 100% as it said. Luckily I've backed up all of my desktop files. I suppose now I'll have to reinstall them all. Its saying the next step is to do a disk clean up. Should I do that? My files are saved in a file called Windows Old in the c:\, but now theres another thing next to C:\ in windows called Recovery (E


----------



## dawudbryant (Sep 12, 2013)

I have backed up all the files from my desktop so it should be easy putting them back right, just have to send all files to files like my documents, my videos, desktop etc etc.


----------



## dawudbryant (Sep 12, 2013)

By the way, I forgot to say that the internet is back working, thanks a lot for your help. Just got to get this last bit sorted out now (not sure whether to do the disk cleanup thing etc, ie. the final steps).


----------



## dawudbryant (Sep 12, 2013)

its even taken word etc off. How do I put them back?


----------



## Mark1956 (May 7, 2011)

This will tell you all you need to know about disc cleanup: http://windows.microsoft.com/en-gb/...nup#delete-files-using-disk-cleanup=windows-7

All your software, including word will have been removed. Did it come pre-installed with Word when it was new.


----------



## Mark1956 (May 7, 2011)

As for the new partition E:, not sure how that got created, open Windows Explorer and in the left pane tell me what is listed under Computer, right click on the E: and select properties, tell me what size it is and the free space.

Also, click on the E: drive in the left pane and tell me what you see in the right pane.


----------



## dawudbryant (Sep 12, 2013)

the E: has 3.61GB

I think the word etc came with a disc, I'll have a look


----------



## dawudbryant (Sep 12, 2013)

I found some DELL discs but dont know if any of them have the word, excel etc


----------



## dawudbryant (Sep 12, 2013)

i dont see why it wants me to do a disc clean up. Also, do you know how I can delete the E:\ ?


----------



## dawudbryant (Sep 12, 2013)

forgot to tell you the free space for the E:\, its got 4.99GB space left so in total it is 8.61GB


----------



## dawudbryant (Sep 12, 2013)

im moving files over from the Old windows file to the new one


----------



## dawudbryant (Sep 12, 2013)

i think the disc cleanup is needed because it first says to go into the Old windows file and copy your files then put them in the new files i.e, the stuff from the old documents into the new, then the disk cleanup is said to delete the folder called Old windows. So basically I dont have two copies of everything


----------



## Mark1956 (May 7, 2011)

Looking back at the earlier logs there is a 9GB partition which can only be your Recovery partition, hence the name. This can be used to return the machine back to the state it was in when it left the factory which you should also be able to do with the DELL discs as they contain the same data. As you have had to do a clean install it will have changed the boot manager so it probably won't be possible to run a re-install from the Recovery partition.

It may be worth using the discs as that should also install Word/Office and all the original software and drivers. As you will have already wiped out everything apart from Windows you have nothing to loose using the DELL discs. Not sure how many discs you have, but usually one will be marked as an install disc the other will be marked as driver or utilities. If the install disc is marked as disc 1 there may be another disc or two that will be required.

If you do a reinstall from the DELL discs this will return all the settings required to allow the Recovery partition to be used if you ever need it in the future, so I wouldn't delete it. 

If in doubt, tell me what is written on the discs.

You can cancel the option of disc clean up, but if you reinstall from the DELL discs that won't matter.


----------



## dawudbryant (Sep 12, 2013)

The discs I have finally found are the following

Microsoft works 9

Drivers and utilities Dell laser printer 1110

Dell divers and utilities Already installed on your computer (Contents, device drivers and diagnostics and utilites)

Another saying the same as the last one

Dell drivers and documentation (contents, device drivers, setup guide and users guide)

Operating system Already installed on your computer, reinstallation cd, microsoft windows xp professional service pack 3

Operating system already installed on your computer. Reinstallation dvd windows 7 professional 32 bit


These dvds I had abroad in my house, my family are here visiting me so I asked them to bring them from my house, I now have these dvds with me, its a shame I didnt get them a few days ago. Wouldve saved me having to burn that disc


----------



## dawudbryant (Sep 12, 2013)

im installing the eset, just wanna know if I need any other antivirus installed or does eset do that job?


----------



## Mark1956 (May 7, 2011)

> These dvds I had abroad in my house, my family are here visiting me so I asked them to bring them from my house, I now have these dvds with me, its a shame I didnt get them a few days ago. Wouldve saved me having to burn that disc


 Yup, that would have been handy, but if the Repair Install with the Windows 7 DVD you burned had worked you would not have needed anything else and all your installed software, including Office, would have remained in place.


> im installing the eset, just wanna know if I need any other antivirus installed or does eset do that job?


Eset NOD32 will be fine for your Anti Virus, but if you need to have Office back on there you will need to do another re-install using the DELL discs in order to get it and that will wipe out anything you add to the present Windows 7 install.

The only additional security software you could add is Comodo firewall (free) and put Adwcleaner on there to keep the system free of Adware. You could also add Malwarebytes and SuperAntiSpyware, both have free versions that you can run regular scans with or the paid for version that will actively scan the system for increased protection.

If you want Office back on there you should run a complete re-install with this disc:
Operating system already installed on your computer. Reinstallation dvd windows 7 professional 32 bit
And then use this disc to install all the required drivers:
Dell divers and utilities Already installed on your computer (Contents, device drivers and diagnostics and utilites)


----------



## dawudbryant (Sep 12, 2013)

ok so if i want office back I have to do another reinstall. Is there a way I can just download them online?


----------



## dawudbryant (Sep 12, 2013)

also, thanks for the info on other programs to download, will do


----------



## dawudbryant (Sep 12, 2013)

here is a site I found with the microsoft office programs, should be ok i think

http://en.softonic.com/s/microsoft-office-free-download


----------



## Mark1956 (May 7, 2011)

Microsoft Office needs a Product key to validate it as is the case with any version of Windows. Office is not a free product and Microsoft has no official sites to download it from. Any site that provides the download of Office is doing so illegally and it will be useless without the product key which has to be paid for. If it is pre-activated it will be a pirated copy and therefore illegal.

The copy of Office on the Dell discs will already be licensed so it would be far better to reinstall from the Dell discs and then everything will be legal and you will have your original version of Office back on the PC.


----------



## dawudbryant (Sep 12, 2013)

ok, but now all of my files are out of the old windows file and in the new one, what will happen to them when I reinstall from the dell discs? Will they be deleted? Also, the pc has just suddenly restarted a couple of times hile downloading a file, I dont know why.

finally, do you know what I should do with that new e:\?


----------



## Mark1956 (May 7, 2011)

See post 285 in respect of the E: drive.

If you reinstall from the Dell discs and there is no option to preserve all your files they will be wiped out, but this is the only way you will get Office back on the system unless you go and buy a new copy of it which will include a Product key to validate it.

The restarts might be due to Windows Update as there will be many updates to install, if it continues we will have to investigate further. Did you see any error messages?

Personally I would recommend you run the re-install from the Dell discs then everything will be back to normal, all the correct drivers will get installed and Office.


----------



## dawudbryant (Sep 12, 2013)

there hasn't been any error messages before it restarts, just a message after it starts back, I cant remember what it says but if it happens again I will write it down. If I do the dell re-install discs is it as simple as following the prompts and doing to discs one after the other?


----------



## dawudbryant (Sep 12, 2013)

theres two of these discs

Dell divers and utilities Already installed on your computer (Contents, device drivers and diagnostics and utilites)

but they have a different number, one says p/n JM9G4, the other says p/n TW209


----------



## Mark1956 (May 7, 2011)

I've never actually used a Dell reinstall disc, but I would suspect the installation will be just as user friendly as the Windows disc. As long as you read all the prompts carefully you should not go far wrong.

I would use the disc you have listed above, I'm not sure what the difference is between the two, but the other one also has documentation that you probably won't need, but does not list diagnostics and utilities which can be usefull.

Dell divers and utilities Already installed on your computer (Contents, device drivers and *diagnostics and utilites)* <---I would use this one.

Dell drivers and *documentation *(contents, device drivers, setup guide and users guide)


----------



## dawudbryant (Sep 12, 2013)

i plugged in the disc, it installed but now im being asked to plug in a resource disc


----------



## dawudbryant (Sep 12, 2013)

I ran the diagnostics disc as well as I could but Im not sure if it worked. Im now doing the microsoft 9 disc I have


----------



## Mark1956 (May 7, 2011)

I've not heard of a Microsoft 9 disc and it doesn't seem to relate to anything in your list of Dell discs


----------



## Mark1956 (May 7, 2011)

Off out now for the evening, hope it all goes well.


----------



## dawudbryant (Sep 12, 2013)

i tried to download a program and it says I need to install a open gl driver. I can't find anywhere to download this that is safe. Do you know how I can get this


----------



## Mark1956 (May 7, 2011)

As you've not reported any other problem I assume the re-install all completed ok and Windows is up and running again without any problems.

What is the program you are trying to download? A GL driver is something to do with graphics.

On a separate issue I should bring this to your attention: As you have completed a fresh install of Windows you need to check that Windows Update has downloaded and installed all available updates. There will be well over 100 updates to install.


----------



## dawudbryant (Sep 12, 2013)

Nothing seemed to happen. I dont think the dell re-install disc did anything. Also I was trying to re install a game I had and it says theres abroken or missing gpu open gl driver that needs reinstalling.


----------



## Mark1956 (May 7, 2011)

I'm a bit confused, you said earlier the Dell reinstall disc had run and was then asking for the resource disc. Post 298. You're now saying the Dell reinstall disc didn't do anything.

You referred to Microsoft 9 which I asked about and you have not answered. Post 299.

In post 302 you said "i tried to download a program and it says I need to install a open gl driver". I asked what the program was, but you have not replied.

You've just said in your last post "Nothing seemed to happen" I don't not what you are relating to.

I suggested you got all the available Windows Updates installed which you have not responded to.

It will help me to help you if you can explain exactly what has taken place since trying to do another re-install with the Dell discs and answer all the questions I've posted. You must also check that all Windows Updates have been installed.

Please also go into Device Manager and look to see if there are any small yellow warnings next to any item in the list and tell me what they relate to.


----------



## dawudbryant (Sep 12, 2013)

I tried to re install a computer game but it says broken or missing gpu open gl driver needs re installing. 

When i did the re-install and it asked for a resource disc i just put the same disc in again and it seemed to be doing something...the next step in windows guide was to reboot which i did but i cant see if it did anything. That was the device and diagnostics disc.

The windows 9 disc just installed windows office and that worked but i still dont have word or excel etc.

Also, i dont know how to get windows updates. 

So i still need to get microsoft word...excel etc and work out how to get the gpu open gl driver re installed.

Thanks for your help again


----------



## Mark1956 (May 7, 2011)

You're welcome.

Windows Office should include Word, click on start All Programs, then Office, it should show a list of the installed components, Word and Excel should be there.

I still need you to check in Device Manager to make sure there are no yellow warnings. If the graphics card drivers have not been installed that could be related to the OpenGL problem.

For Windows Update: Click on Start > Control Panel > Windows Update.
Click on Check for Updates in the left pane, wait for the scan to finish.
If it shows that any updates are available, download and install them.
You needn't have any of the Optional Updates which will be listed separately.


----------



## dawudbryant (Sep 12, 2013)

My mistake, the windows 9 disc installed windows works. Hasnt installed word etc.
In device manager there arent any yellow markers.

Have done the windows update.


----------



## Mark1956 (May 7, 2011)

Microsoft Works 9 will include Microsoft Spreadsheet which will work with Excel documents and Word which will work with Office Word documents. Your original logs show you had Office 2007 installed, this is obviously not included in the Dell recovery disc as you are not able to find it so it must have been installed from another disc, perhaps one you no longer have, or it has been mislaid.

Apart from the problem with the game showing the OpenGL error is everything else ok?

Please tell me the name of the game so I can look up the system requirements.

Once we have this desktop back to 100% we can do the final clean up on the laptop, nearly there in time for Christmas


----------



## dawudbryant (Sep 12, 2013)

lol, everything seems ok for now, the game thing hopefully is ok now as i have found a way to get it running on my laptop. The word problem should be sorted too as I know someone with them all on disc.

Thanks for your help. Just gotta get back to the laptop then it seems.


----------



## Mark1956 (May 7, 2011)

Didn't you find Word, it should be there after installing Works. If you install Office from someone else's disc you won't be able to validate the licence unless you have your own Product key.

So, onto the laptop, better start with running a full system scan with NOD32 and posting the log so we can see what is left to clean up.


----------



## dawudbryant (Sep 12, 2013)

in works it shows all the word and excel etc but when i click on it, it says not enough disc space, I dont know what to clear up


----------



## Mark1956 (May 7, 2011)

Better run FRST on the system and post both the logs so I can see what is on there.

Please download Farbar Recovery Scan Tool and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note*: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## dawudbryant (Sep 12, 2013)

THANKS, will do asap


----------



## Mark1956 (May 7, 2011)

Ok, I shall be away from my PC for the next 24 hours.

Just one thought, if you have got everything saved from the Windows.old folder you could delete it as that may free up a lot of disc space.


----------



## dawudbryant (Sep 12, 2013)

ok, ill do that, thanks. As the desktop keeps restarting should I do a reboot? Also, how do I do this? Thanks


----------



## dawudbryant (Sep 12, 2013)

heres the FRST scan log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013
Ran by DawudandSaarah86 (administrator) on DAWUDANDSAARAH8 on 27-12-2013 12:40:24
Running from C:\Users\DawudandSaarah86\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7J9R2WV
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
MountPoints2: {0cc0a748-69bb-11e3-b02e-806e6f6e6963} - D:\SETUP.EXE
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA2500ED90DFDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Users\DawudandSaarah86\AppData\Roaming\Mozilla\Firefox\Profiles\cd1teb6t.default
FF Homepage: www.google.co.uk
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Lamborghini Cherry ) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkkklbgbfaeockpgbkleblklmcjdbnbj\1_0
CHR Extension: (Google Wallet) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\DawudandSaarah86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
========================== Services (Whitelisted) =================
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2013-12-05] (Mozilla Foundation)
==================== Drivers (Whitelisted) ====================
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-12-27 03:41 - 2013-12-27 03:41 - 00145888 _____ C:\Windows\Minidump\122713-19936-01.dmp
2013-12-27 03:30 - 2013-12-27 03:30 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2013-12-27 03:29 - 2013-12-27 03:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-12-27 03:29 - 2013-12-27 03:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-12-27 03:02 - 2013-12-27 03:03 - 00152064 _____ C:\Windows\Minidump\122713-32573-01.dmp
2013-12-26 18:30 - 2013-12-26 18:30 - 01510128 _____ C:\Windows\Minidump\122613-29109-01.dmp
2013-12-26 15:00 - 2013-12-26 15:00 - 00002693 _____ C:\Users\DawudandSaarah86\Desktop\Microsoft Office Word 2007.lnk
2013-12-26 14:41 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2013-12-26 14:40 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Microsoft Works
2013-12-26 14:40 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2013-12-26 14:40 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-12-26 14:37 - 2013-12-26 14:37 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Microsoft Help
2013-12-26 14:37 - 2013-12-26 14:37 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-12-26 07:41 - 2013-12-26 07:41 - 00152072 _____ C:\Windows\Minidump\122613-11793-01.dmp
2013-12-26 06:24 - 2013-12-26 06:24 - 00152064 _____ C:\Windows\Minidump\122613-9625-01.dmp
2013-12-25 20:52 - 2013-12-25 20:52 - 00152064 _____ C:\Windows\Minidump\122513-13868-01.dmp
2013-12-25 00:29 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-24 23:57 - 2012-09-14 12:56 - 00809496 ____R (Creative Labs Inc.) C:\Windows\system32\tmp4C9A.tmp
2013-12-24 23:42 - 2013-12-24 23:43 - 00000000 ____D C:\2fbf2bc0febb86bb6fdda2771ba8c114
2013-12-24 23:24 - 2013-12-24 23:24 - 00152072 _____ C:\Windows\Minidump\122413-10483-01.dmp
2013-12-24 16:55 - 2013-12-24 16:55 - 00152064 _____ C:\Windows\Minidump\122413-14710-01.dmp
2013-12-24 16:10 - 2013-12-24 16:10 - 00152064 _____ C:\Windows\Minidump\122413-16894-01.dmp
2013-12-24 07:26 - 2013-12-24 07:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-23 12:52 - 2013-12-23 12:52 - 00152072 _____ C:\Windows\Minidump\122313-17238-01.dmp
2013-12-23 12:24 - 2013-12-23 12:24 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-23 12:18 - 2013-11-26 13:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-23 12:18 - 2013-11-26 12:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-23 12:18 - 2013-11-26 12:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-23 12:18 - 2013-11-26 11:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-23 12:18 - 2013-11-26 11:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-23 12:18 - 2013-11-26 11:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-23 12:18 - 2013-11-26 11:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-23 12:18 - 2013-11-26 11:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-23 12:18 - 2013-11-26 11:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-23 12:18 - 2013-11-26 11:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-23 12:18 - 2013-11-26 11:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-23 12:18 - 2013-11-26 11:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-23 12:18 - 2013-11-26 11:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-23 12:18 - 2013-11-26 11:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-23 12:18 - 2013-11-26 10:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-23 12:18 - 2013-11-26 10:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-23 12:18 - 2013-11-26 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-23 12:18 - 2013-11-26 09:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-23 12:18 - 2013-11-26 09:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-23 12:15 - 2013-12-23 12:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-23 12:15 - 2013-12-01 14:42 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-21 11:38 - 2013-12-21 11:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-21 11:38 - 2013-12-21 11:38 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-21 11:38 - 2013-12-21 11:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-21 10:36 - 2013-12-24 23:57 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-21 10:36 - 2013-12-24 23:57 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-21 10:36 - 2013-12-21 11:27 - 00001926 _____ C:\Users\Public\Desktop\Broken Sword 5 - the Serpent's Curse - Episode 1.lnk
2013-12-21 10:32 - 2013-12-21 10:32 - 00000000 ____D C:\GOG Games
2013-12-21 10:27 - 2013-12-21 10:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-21 10:10 - 2013-12-24 16:59 - 00074752 _____ C:\Users\DawudandSaarah86\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 10:10 - 2013-12-21 10:10 - 00000000 _____ C:\Users\DawudandSaarah86\AppData\Roaming\wklnhst.dat
2013-12-21 10:09 - 2012-02-11 08:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-21 10:09 - 2011-03-25 05:58 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-21 10:09 - 2011-03-25 05:58 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-21 10:09 - 2011-03-25 05:58 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-21 10:09 - 2011-03-25 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-21 10:09 - 2011-03-25 05:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-21 10:09 - 2011-03-25 05:57 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-21 10:09 - 2011-03-25 05:57 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-21 10:09 - 2011-03-11 08:39 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-12-21 10:09 - 2011-03-11 08:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-12-21 10:09 - 2011-03-11 08:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-12-21 10:09 - 2011-03-11 08:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-12-21 10:09 - 2011-03-11 08:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-12-21 10:09 - 2011-03-11 08:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-12-21 10:09 - 2011-03-11 08:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-12-21 10:09 - 2011-03-11 08:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-12-21 10:09 - 2011-03-11 07:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-12-21 10:08 - 2013-11-23 21:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-21 10:08 - 2013-04-17 10:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-21 10:08 - 2011-02-25 08:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-12-21 09:29 - 2013-12-21 09:29 - 00000000 ____D C:\Windows\system32\vmm32
2013-12-21 03:29 - 2012-07-26 06:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-21 03:29 - 2012-07-26 06:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-21 03:29 - 2012-07-26 06:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-21 03:29 - 2012-07-26 06:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-21 03:29 - 2012-07-26 06:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-21 03:29 - 2012-07-26 05:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-21 03:29 - 2012-07-26 05:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-21 03:29 - 2012-06-02 17:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-21 03:28 - 2012-03-01 08:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-12-21 03:28 - 2012-03-01 08:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-12-21 03:20 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-21 03:20 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-21 02:34 - 2013-12-21 02:34 - 00152080 _____ C:\Windows\Minidump\122113-15444-01.dmp
2013-12-21 01:18 - 2013-12-21 01:18 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Macromedia
2013-12-21 01:18 - 2013-12-21 01:18 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Adobe
2013-12-21 00:56 - 2013-12-21 09:29 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 00:52 - 2013-12-27 12:34 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 00:52 - 2013-12-27 12:05 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 00:52 - 2013-12-26 06:26 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Google
2013-12-21 00:51 - 2013-12-27 11:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 00:51 - 2013-12-21 00:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-21 00:51 - 2013-12-21 00:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-21 00:51 - 2013-12-21 00:51 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-21 00:46 - 2013-12-21 00:46 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Adobe
2013-12-21 00:42 - 2013-12-21 00:42 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 00:42 - 2013-12-21 00:42 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Mozilla
2013-12-21 00:42 - 2013-12-21 00:42 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Mozilla
2013-12-21 00:36 - 2013-12-21 00:36 - 00282992 _____ (Mozilla) C:\Users\DawudandSaarah86\Downloads\Firefox Setup Stub 26.0.exe
2013-12-21 00:14 - 2013-12-27 09:48 - 01170665 _____ C:\Windows\WindowsUpdate.log
2013-12-21 00:11 - 2013-12-21 00:15 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-21 00:09 - 2013-12-20 01:54 - 00000000 ____D C:\Windows\Panther
2013-12-20 23:57 - 2013-12-20 06:54 - 00000000 ____D C:\Windows.old
2013-12-20 13:11 - 2013-11-26 23:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-12-20 12:00 - 2013-12-20 12:00 - 00152072 _____ C:\Windows\Minidump\122013-16333-01.dmp
2013-12-20 11:24 - 2013-12-20 11:27 - 00003604 _____ C:\Windows\IE9_main.log
2013-12-20 11:12 - 2013-12-21 11:40 - 00024714 _____ C:\Windows\IE11_main.log
2013-12-20 11:08 - 2013-12-20 11:08 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-20 11:05 - 2013-12-21 03:11 - 00024465 _____ C:\Windows\IE10_main.log
2013-12-20 11:05 - 2013-12-20 11:05 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-20 10:31 - 2013-12-20 10:31 - 00152080 _____ C:\Windows\Minidump\122013-20748-01.dmp
2013-12-20 08:24 - 2013-12-25 16:47 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\vlc
2013-12-20 08:24 - 2013-12-20 08:24 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-20 07:59 - 2013-12-27 12:38 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Skype
2013-12-20 07:59 - 2013-12-20 07:59 - 00002503 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-20 07:59 - 2013-12-20 07:59 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-12-20 07:37 - 2013-12-21 10:31 - 00000000 ____D C:\Broken Sword 5
2013-12-20 07:21 - 2013-12-20 07:21 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\WinRAR
2013-12-20 07:08 - 2013-12-20 07:08 - 00000000 ____D C:\ProgramData\Trymedia
2013-12-20 06:50 - 2013-12-20 06:50 - 01681800 _____ (ESET) C:\Users\DawudandSaarah86\Desktop\eset_nod32_antivirus_live_installer_.exe
2013-12-20 06:03 - 2013-12-27 03:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-20 06:03 - 2013-12-21 04:52 - 00000000 ____D C:\ProgramData\Google
2013-12-20 06:03 - 2013-12-20 07:59 - 00000000 ____D C:\ProgramData\Skype
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ___HD C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Zylom
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\WRData
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Wincert
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Uninstall
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Trusteer
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Trend Micro
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Transparent
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\The Game Equation
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\T1 Games
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Sun
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\SugarGames
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\SpinTop Games
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Sonic
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\ScanSoft
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Real
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\QuickTime
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\PopCap Games
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\PoBros
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\PlayFirst
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Particles
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Nuance
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Norton
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Nitro PDF
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\MythPeople
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\MumboJumbo
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\MFAData
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Merscom
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Meridian93
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\McAfee
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\LittleGamesCompany
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Intel
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Graboid Inc
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\GameHouse
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\fwlbdhwdxxmueef
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2013-12-20 06:03 - 2013-12-18 11:30 - 00000000 ____D C:\ProgramData\Roxio
2013-12-20 06:03 - 2013-12-16 15:32 - 00000000 ____D C:\ProgramData\Symantec
2013-12-20 06:03 - 2013-09-06 11:48 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Fugazo
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\FloodLightGames
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Flood Light Games
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\FarmFrenzy3_Madagascar
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Exorcist DS 3
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\ESET
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\DivX
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Dell
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Datamngr
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Colibri Games
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\BVRP Software
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Big Fish Games
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Big Finish
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\AVG
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Atheros
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Arcade Lab
2013-12-20 06:01 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-20 06:01 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\Apple
2013-12-20 06:01 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\aliasworlds
2013-12-20 06:01 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\Adobe
2013-12-20 06:01 - 2012-09-26 00:37 - 00069785 _____ C:\ProgramData\iersmgeqjevhlrt
2013-12-20 05:59 - 2013-12-20 05:59 - 00000000 ____D C:\Program Files\WinRAR
2013-12-20 05:59 - 2013-10-13 22:30 - 50053120 _____ C:\Program Files\GUTD0D3.tmp
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Windows Live
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Veoh Networks
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Veetle
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Transparent
2013-12-20 05:56 - 2013-12-20 07:59 - 00000000 ___RD C:\Program Files\Skype
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\THQ
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\SopCast
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\Roxio
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\QuickTime
2013-12-20 05:55 - 2013-12-21 00:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 05:55 - 2013-12-21 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\PopCap Games
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\Penny Dreadfuls Sweeney Todd
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\OurBabyMaker_27EI
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\OurBabyMaker_27
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\OpenAL
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\Nuance
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\MSSOAP
2013-12-20 05:55 - 2011-12-20 15:13 - 00000000 ____D C:\Program Files\MySpace
2013-12-20 05:55 - 2011-12-17 05:36 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-20 05:53 - 2013-12-20 05:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-20 05:53 - 2013-12-20 05:53 - 00000000 ____D C:\Program Files\Java
2013-12-20 05:53 - 2011-10-21 21:59 - 00000000 ____D C:\Program Files\JP274
2013-12-20 05:52 - 2013-12-20 05:53 - 00000000 ____D C:\Program Files\iTunes
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Islamasoft Solutions
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\iPod
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Intel
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Happyneuron
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\GUMD0D2.tmp
2013-12-20 05:50 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Grim Tales - The Bride
2013-12-20 05:50 - 2012-02-07 20:06 - 00000000 ____D C:\Program Files\Graboid
2013-12-20 05:49 - 2013-12-21 09:58 - 00000000 ____D C:\Program Files\Google
2013-12-20 05:49 - 2013-12-21 09:29 - 00000000 ____D C:\Program Files\Dell
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\Feeding Frenzy 2 Shipwreck Showdown
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\ESET
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\DivX
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\Dell Inc
2013-12-20 05:48 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\CyberLink
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Criminal Minds
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Broken Sword
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Bonjour
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\bfgclient
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\AVG
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\Amazon
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\Adobe Download Assistant
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\Adobe
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\AC3Filter
2013-12-20 05:47 - 2013-08-28 13:07 - 00003715 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Week 10
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\SopCast
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\RK_Quarantine
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Old Firefox Data
2013-12-20 05:43 - 2013-12-17 14:29 - 00001878 _____ C:\Users\DawudandSaarah86\Desktop\SystemLook.txt
2013-12-20 05:43 - 2013-11-23 10:48 - 00489472 _____ C:\Users\DawudandSaarah86\Desktop\comparatives_er_est.ppt
2013-12-20 05:43 - 2013-11-16 17:15 - 02146451 _____ C:\Users\DawudandSaarah86\Desktop\English Term 1 Week 9.rar
2013-12-20 05:43 - 2013-11-13 14:00 - 00360775 _____ (Farbar) C:\Users\DawudandSaarah86\Desktop\FSS.exe
2013-12-20 05:43 - 2013-11-12 09:47 - 00039658 _____ C:\Users\DawudandSaarah86\Desktop\Service repair.zip
2013-12-20 05:43 - 2013-10-24 18:42 - 01088113 _____ (Farbar) C:\Users\DawudandSaarah86\Desktop\FRST.exe
2013-12-20 05:43 - 2013-10-18 23:43 - 00008718 _____ C:\Users\DawudandSaarah86\Desktop\attach.txt
2013-12-20 05:43 - 2013-09-29 16:45 - 01042066 _____ C:\Users\DawudandSaarah86\Desktop\AdwCleaner.exe
2013-12-20 05:43 - 2013-09-12 12:52 - 00377856 _____ C:\Users\DawudandSaarah86\Desktop\d4u74i0b.exe
2013-12-20 05:43 - 2013-09-12 12:48 - 00688992 ____R (Swearware) C:\Users\DawudandSaarah86\Desktop\dds.scr
2013-12-20 05:43 - 2013-09-12 12:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\DawudandSaarah86\Desktop\HijackThis.exe
2013-12-20 05:43 - 2013-02-07 11:39 - 00001560 _____ C:\Users\DawudandSaarah86\Desktop\DivX Movies.lnk
2013-12-20 05:43 - 2011-04-16 22:01 - 00000951 _____ C:\Users\DawudandSaarah86\Desktop\SopCast.lnk
2013-12-20 05:43 - 2011-04-16 22:00 - 05283249 _____ C:\Users\DawudandSaarah86\Desktop\SopCast.zip
2013-12-20 05:43 - 2009-05-21 00:32 - 00000172 ____R C:\Users\DawudandSaarah86\Desktop\Router Login.url
2013-12-20 05:40 - 2013-12-21 00:25 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\games
2013-12-20 05:40 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\New folder
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Maths
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Grammar worksheets
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\English Week 9
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\32bit
2013-12-20 05:39 - 2013-12-20 12:38 - 00001856 _____ C:\Users\DawudandSaarah86\Desktop\Windows Compatibility Report.htm
2013-12-20 05:39 - 2013-11-10 22:04 - 14545288 _____ (Trend Micro Inc. ) C:\Users\DawudandSaarah86\Desktop\Ti_70_win_global_en_Uninstall_hfb0001.exe
2013-12-20 05:39 - 2011-06-12 05:21 - 00001131 _____ C:\Users\DawudandSaarah86\Desktop\The Hadith Software.lnk
2013-12-20 04:26 - 2013-12-27 03:41 - 00000000 ____D C:\Windows\Minidump
2013-12-20 04:26 - 2013-12-27 03:40 - 202419950 _____ C:\Windows\MEMORY.DMP
2013-12-20 04:26 - 2013-12-20 04:26 - 00152072 _____ C:\Windows\Minidump\122013-23743-01.dmp
2013-12-20 03:44 - 2013-09-14 03:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-20 03:44 - 2013-09-08 05:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-20 03:44 - 2013-09-08 05:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-20 03:44 - 2013-07-09 07:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-20 03:44 - 2013-07-09 07:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-20 03:44 - 2013-07-04 14:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-20 03:44 - 2013-07-03 06:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-20 03:44 - 2013-07-03 06:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-20 03:44 - 2013-04-12 16:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-20 03:44 - 2012-11-22 07:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-20 03:44 - 2012-08-22 20:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-20 03:44 - 2012-07-04 22:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-20 03:43 - 2013-10-04 04:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-20 03:43 - 2013-10-04 04:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-20 03:43 - 2013-10-04 04:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-20 03:43 - 2013-02-12 06:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-20 03:43 - 2011-04-29 05:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-12-20 03:43 - 2011-04-29 05:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-12-20 03:43 - 2011-04-29 05:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-12-20 03:42 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-20 03:42 - 2012-11-02 08:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-20 03:42 - 2011-06-16 07:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-12-20 03:42 - 2011-02-18 08:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-12-20 03:41 - 2013-10-19 04:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-20 03:41 - 2013-09-25 05:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-20 03:41 - 2013-09-25 05:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-20 03:41 - 2013-09-25 04:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-20 03:41 - 2013-09-25 04:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-20 03:41 - 2013-09-25 04:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-20 03:41 - 2013-09-25 04:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-20 03:41 - 2013-09-25 04:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-20 03:41 - 2013-09-25 03:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-20 03:41 - 2013-09-25 03:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-20 03:41 - 2013-07-04 15:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-20 03:41 - 2013-01-24 07:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-20 03:41 - 2011-03-03 08:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-12-20 03:41 - 2011-03-03 08:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-12-20 03:41 - 2011-03-03 08:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-12-20 03:40 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-20 03:40 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-20 03:40 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-20 03:40 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-20 03:40 - 2013-08-01 14:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-20 03:40 - 2013-04-10 08:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-12-20 03:40 - 2013-03-19 07:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-20 03:40 - 2013-03-19 06:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-20 03:40 - 2012-08-21 23:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-12-20 03:40 - 2012-06-06 08:05 - 01236992 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-12-20 03:40 - 2012-04-28 06:17 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-12-20 03:40 - 2011-12-30 08:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-12-20 03:40 - 2011-08-27 07:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-20 03:40 - 2011-08-27 07:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-12-20 03:40 - 2011-08-17 07:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-12-20 03:40 - 2011-08-17 07:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-12-20 03:40 - 2011-07-09 05:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-12-20 03:40 - 2011-05-24 13:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-12-20 03:40 - 2011-04-27 05:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-12-20 03:40 - 2011-04-27 05:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-12-20 03:40 - 2010-06-26 06:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-12-20 03:39 - 2013-11-12 05:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-20 03:39 - 2013-08-29 04:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-20 03:39 - 2013-08-29 04:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-20 03:39 - 2013-08-29 04:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-20 03:39 - 2013-08-29 04:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-20 03:39 - 2013-08-29 04:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-20 03:39 - 2013-08-28 03:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-20 03:39 - 2013-07-20 13:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-20 03:39 - 2013-06-06 07:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-12-20 03:39 - 2013-06-06 07:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-20 03:39 - 2013-06-06 07:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-20 03:39 - 2013-06-06 06:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-20 03:39 - 2013-06-06 06:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-20 03:39 - 2013-05-10 06:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-20 03:39 - 2013-04-26 07:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-20 03:39 - 2013-03-19 07:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-20 03:39 - 2013-03-19 05:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-20 03:39 - 2013-02-15 07:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-20 03:39 - 2013-02-15 07:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-20 03:39 - 2013-02-15 06:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-20 03:39 - 2012-11-01 07:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-20 03:39 - 2011-05-03 07:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-12-20 03:38 - 2013-05-13 06:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-20 03:38 - 2013-05-13 06:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-20 03:38 - 2012-10-03 19:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-20 03:38 - 2012-10-03 19:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-20 03:38 - 2012-10-03 19:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-20 03:38 - 2012-10-03 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-20 03:38 - 2012-10-03 19:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-20 03:38 - 2012-10-03 19:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-20 03:38 - 2012-10-03 18:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-20 03:38 - 2011-11-19 17:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-12-20 03:37 - 2013-10-04 04:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-20 03:37 - 2013-10-04 04:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-20 03:37 - 2013-07-25 11:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-20 03:37 - 2013-06-04 07:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-20 03:37 - 2013-01-03 08:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-20 03:37 - 2012-11-30 02:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-20 03:37 - 2012-08-22 20:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-12-20 03:37 - 2012-07-05 00:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-20 03:37 - 2012-07-05 00:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-12-20 03:37 - 2012-07-05 00:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-12-20 03:37 - 2012-06-06 08:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-12-20 03:37 - 2012-05-05 10:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-20 03:37 - 2011-10-15 08:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-12-20 03:37 - 2011-05-04 07:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-12-20 03:37 - 2011-05-04 07:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-12-20 03:37 - 2011-05-04 07:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-12-20 03:37 - 2011-05-04 07:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-12-20 03:37 - 2011-05-04 07:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-12-20 03:37 - 2011-05-04 07:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-12-20 03:37 - 2011-05-04 07:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-12-20 03:37 - 2011-05-04 07:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-12-20 03:37 - 2011-05-04 07:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-12-20 03:37 - 2011-02-12 08:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2013-12-20 03:37 - 2010-12-23 08:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-12-20 03:37 - 2010-12-23 08:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2013-12-20 03:37 - 2010-12-23 08:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-12-20 03:36 - 2013-10-30 04:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-20 03:36 - 2012-12-07 15:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-20 03:36 - 2012-12-07 13:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-20 03:36 - 2012-12-07 13:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-20 03:36 - 2012-08-11 02:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-20 03:36 - 2012-04-07 14:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-12-20 03:36 - 2011-10-26 07:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-12-20 03:36 - 2011-10-26 07:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-12-20 03:35 - 2013-10-03 04:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-20 03:35 - 2013-07-04 14:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-20 03:35 - 2013-07-04 14:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-20 03:35 - 2013-07-04 12:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-20 03:35 - 2012-12-07 15:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-20 03:35 - 2012-12-07 13:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-20 03:35 - 2012-12-07 13:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-20 03:35 - 2012-12-07 13:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-20 03:35 - 2012-12-07 13:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-20 03:35 - 2011-11-17 08:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-12-20 03:35 - 2011-06-15 11:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2013-12-20 03:35 - 2011-06-15 11:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2013-12-20 03:35 - 2011-06-15 11:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2013-12-20 03:35 - 2011-06-15 11:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2013-12-20 03:35 - 2011-06-15 11:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2013-12-20 03:34 - 2013-10-12 05:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-20 03:34 - 2013-10-12 05:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-20 03:34 - 2013-10-12 05:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-20 03:34 - 2013-08-05 04:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-20 03:34 - 2013-07-26 04:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-20 03:34 - 2013-07-26 04:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-20 03:34 - 2012-09-26 01:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-20 03:34 - 2012-05-14 07:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-20 03:34 - 2012-05-01 07:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-12-20 03:34 - 2012-04-26 07:45 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-12-20 03:34 - 2012-04-26 07:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-12-20 03:34 - 2012-04-26 07:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-12-20 03:34 - 2012-03-17 10:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-12-20 03:34 - 2012-01-04 11:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-12-20 03:34 - 2011-12-16 10:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-12-20 03:33 - 2013-10-05 22:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-20 03:33 - 2013-08-02 04:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-20 03:33 - 2013-08-02 04:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-20 03:33 - 2013-08-02 04:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 03:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-20 03:33 - 2013-08-02 03:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 03:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 03:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-20 03:33 - 2013-08-02 03:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-20 03:33 - 2013-07-12 13:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-20 03:33 - 2013-07-09 07:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-20 03:33 - 2013-07-09 07:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-20 03:33 - 2013-06-26 01:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-20 03:33 - 2013-06-15 06:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-20 03:33 - 2012-11-29 01:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-20 03:33 - 2012-11-29 01:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-20 03:33 - 2012-11-29 01:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-12-20 03:33 - 2012-10-09 20:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-12-20 03:33 - 2012-10-09 20:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-12-20 03:33 - 2011-04-22 22:14 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-12-20 03:33 - 2011-04-09 08:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-12-20 03:33 - 2011-03-11 08:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-12-20 03:33 - 2011-03-11 08:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-12-20 03:33 - 2011-02-23 07:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-12-20 03:08 - 2013-02-27 08:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-20 03:08 - 2013-02-27 07:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-20 02:07 - 2012-02-17 08:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-12-20 02:07 - 2012-02-17 07:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-12-20 02:01 - 2012-06-03 01:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-20 02:01 - 2012-06-03 01:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-20 02:01 - 2012-06-03 01:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-12-20 02:01 - 2012-06-03 01:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-20 02:00 - 2012-06-03 01:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-20 02:00 - 2012-06-03 01:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-12-20 02:00 - 2012-06-03 01:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-20 02:00 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-20 02:00 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-20 01:56 - 2013-12-27 12:34 - 00000000 ____D C:\Users\DawudandSaarah86
2013-12-20 01:56 - 2013-12-20 01:56 - 00001415 _____ C:\Users\DawudandSaarah86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-20 01:56 - 2013-12-20 01:56 - 00000020 ___SH C:\Users\DawudandSaarah86\ntuser.ini
2013-12-20 01:56 - 2013-12-20 01:56 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\VirtualStore
2013-12-20 01:56 - 2009-07-14 07:42 - 00000000 ___RD C:\Users\DawudandSaarah86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-20 01:56 - 2009-07-14 07:37 - 00000000 ___RD C:\Users\DawudandSaarah86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-20 01:54 - 2013-12-20 01:54 - 00000000 __SHD C:\Recovery
2013-12-16 18:37 - 2013-12-16 18:37 - 00011080 _____ C:\ComboFix.txt
2013-12-10 19:03 - 2013-12-10 19:03 - 00032422 _____ C:\Users\DawudandSaarah86\Downloads\FRST.txt
2013-12-05 23:08 - 2013-12-05 23:08 - 00000000 ____D C:\Users\DawudandSaarah86\Documents\Broken Sword 5
2013-12-02 15:27 - 2013-12-13 12:38 - 00000000 ____D C:\Users\DawudandSaarah86\Documents\Wedding Pics. & Others (Dawud Only)
==================== One Month Modified Files and Folders =======
2013-12-27 12:38 - 2013-12-20 07:59 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Skype
2013-12-27 12:34 - 2013-12-21 00:52 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 12:34 - 2013-12-20 01:56 - 00000000 ____D C:\Users\DawudandSaarah86
2013-12-27 12:05 - 2013-12-21 00:52 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 11:57 - 2013-12-21 00:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 11:43 - 2009-07-14 07:34 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 11:43 - 2009-07-14 07:34 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 11:06 - 2013-12-21 00:14 - 01170665 _____ C:\Windows\WindowsUpdate.log
2013-12-27 03:52 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 03:51 - 2009-07-14 07:53 - 00010866 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-27 03:41 - 2013-12-27 03:41 - 00145888 _____ C:\Windows\Minidump\122713-19936-01.dmp
2013-12-27 03:41 - 2013-12-20 04:26 - 00000000 ____D C:\Windows\Minidump
2013-12-27 03:41 - 2009-07-14 07:39 - 00030407 _____ C:\Windows\setupact.log
2013-12-27 03:40 - 2013-12-20 04:26 - 202419950 _____ C:\Windows\MEMORY.DMP
2013-12-27 03:31 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:30 - 2013-12-27 03:30 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2013-12-27 03:29 - 2013-12-27 03:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-12-27 03:29 - 2013-12-27 03:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-12-27 03:29 - 2010-11-21 00:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 03:03 - 2013-12-27 03:02 - 00152064 _____ C:\Windows\Minidump\122713-32573-01.dmp
2013-12-26 18:30 - 2013-12-26 18:30 - 01510128 _____ C:\Windows\Minidump\122613-29109-01.dmp
2013-12-26 18:30 - 2010-11-21 00:48 - 00006862 _____ C:\Windows\PFRO.log
2013-12-26 18:30 - 2009-07-14 07:33 - 00421592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-26 15:00 - 2013-12-26 15:00 - 00002693 _____ C:\Users\DawudandSaarah86\Desktop\Microsoft Office Word 2007.lnk
2013-12-26 14:40 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Microsoft Works
2013-12-26 14:40 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2013-12-26 14:40 - 2013-12-26 14:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-26 14:40 - 2013-12-25 00:29 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-26 14:40 - 2011-04-12 05:24 - 00000000 ____D C:\Windows\ShellNew
2013-12-26 14:40 - 2009-07-14 07:52 - 00000000 ____D C:\Program Files\MSBuild
2013-12-26 14:40 - 2009-07-14 05:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-12-26 14:37 - 2013-12-26 14:37 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Microsoft Help
2013-12-26 14:37 - 2013-12-26 14:37 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-12-26 14:37 - 2009-07-14 05:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-26 14:37 - 2009-07-14 05:04 - 00000478 _____ C:\Windows\win.ini
2013-12-26 07:41 - 2013-12-26 07:41 - 00152072 _____ C:\Windows\Minidump\122613-11793-01.dmp
2013-12-26 06:26 - 2013-12-21 00:52 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Google
2013-12-26 06:24 - 2013-12-26 06:24 - 00152064 _____ C:\Windows\Minidump\122613-9625-01.dmp
2013-12-25 20:52 - 2013-12-25 20:52 - 00152064 _____ C:\Windows\Minidump\122513-13868-01.dmp
2013-12-25 17:12 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-25 16:47 - 2013-12-20 08:24 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\vlc
2013-12-24 23:57 - 2013-12-21 10:36 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-24 23:57 - 2013-12-21 10:36 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-24 23:43 - 2013-12-24 23:42 - 00000000 ____D C:\2fbf2bc0febb86bb6fdda2771ba8c114
2013-12-24 23:24 - 2013-12-24 23:24 - 00152072 _____ C:\Windows\Minidump\122413-10483-01.dmp
2013-12-24 16:59 - 2013-12-21 10:10 - 00074752 _____ C:\Users\DawudandSaarah86\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 16:55 - 2013-12-24 16:55 - 00152064 _____ C:\Windows\Minidump\122413-14710-01.dmp
2013-12-24 16:10 - 2013-12-24 16:10 - 00152064 _____ C:\Windows\Minidump\122413-16894-01.dmp
2013-12-24 08:45 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache
2013-12-24 07:26 - 2013-12-24 07:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-23 12:52 - 2013-12-23 12:52 - 00152072 _____ C:\Windows\Minidump\122313-17238-01.dmp
2013-12-23 12:24 - 2013-12-23 12:24 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-23 12:17 - 2013-12-23 12:15 - 00000000 ____D C:\Windows\system32\MRT
2013-12-21 11:40 - 2013-12-20 11:12 - 00024714 _____ C:\Windows\IE11_main.log
2013-12-21 11:38 - 2013-12-21 11:38 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-21 11:38 - 2013-12-21 11:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-21 11:38 - 2013-12-21 11:38 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-21 11:38 - 2013-12-21 11:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-21 11:38 - 2013-12-21 11:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-21 11:27 - 2013-12-21 10:36 - 00001926 _____ C:\Users\Public\Desktop\Broken Sword 5 - the Serpent's Curse - Episode 1.lnk
2013-12-21 10:32 - 2013-12-21 10:32 - 00000000 ____D C:\GOG Games
2013-12-21 10:31 - 2013-12-20 07:37 - 00000000 ____D C:\Broken Sword 5
2013-12-21 10:27 - 2013-12-21 10:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-21 10:10 - 2013-12-21 10:10 - 00000000 _____ C:\Users\DawudandSaarah86\AppData\Roaming\wklnhst.dat
2013-12-21 09:58 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\Google
2013-12-21 09:29 - 2013-12-21 09:29 - 00000000 ____D C:\Windows\system32\vmm32
2013-12-21 09:29 - 2013-12-21 00:56 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 09:29 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\Dell
2013-12-21 04:52 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Google
2013-12-21 04:33 - 2011-04-12 05:24 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-21 04:32 - 2009-07-14 07:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-12-21 04:31 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-21 03:11 - 2013-12-20 11:05 - 00024465 _____ C:\Windows\IE10_main.log
2013-12-21 03:06 - 2013-12-21 03:06 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-21 03:06 - 2013-12-21 03:06 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-21 02:34 - 2013-12-21 02:34 - 00152080 _____ C:\Windows\Minidump\122113-15444-01.dmp
2013-12-21 01:18 - 2013-12-21 01:18 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Macromedia
2013-12-21 01:18 - 2013-12-21 01:18 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Adobe
2013-12-21 01:18 - 2013-12-21 00:46 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Adobe
2013-12-21 00:51 - 2013-12-21 00:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-21 00:51 - 2013-12-21 00:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-21 00:51 - 2013-12-21 00:51 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-21 00:42 - 2013-12-21 00:42 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 00:42 - 2013-12-21 00:42 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\Mozilla
2013-12-21 00:42 - 2013-12-21 00:42 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\Mozilla
2013-12-21 00:42 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 00:42 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-21 00:36 - 2013-12-21 00:36 - 00282992 _____ (Mozilla) C:\Users\DawudandSaarah86\Downloads\Firefox Setup Stub 26.0.exe
2013-12-21 00:25 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\games
2013-12-21 00:15 - 2013-12-21 00:11 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-21 00:11 - 2011-04-12 05:24 - 00000000 ____D C:\Windows\CSC
2013-12-21 00:11 - 2009-07-14 07:34 - 00002790 _____ C:\Windows\DtcInstall.log
2013-12-21 00:09 - 2009-07-14 07:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-12-21 00:09 - 2009-07-14 07:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-12-20 13:13 - 2009-07-14 07:39 - 00000270 _____ C:\Windows\setuperr.log
2013-12-20 13:11 - 2009-07-14 07:52 - 00000000 ____D C:\Windows\system32\restore
2013-12-20 12:38 - 2013-12-20 05:39 - 00001856 _____ C:\Users\DawudandSaarah86\Desktop\Windows Compatibility Report.htm
2013-12-20 12:00 - 2013-12-20 12:00 - 00152072 _____ C:\Windows\Minidump\122013-16333-01.dmp
2013-12-20 11:27 - 2013-12-20 11:24 - 00003604 _____ C:\Windows\IE9_main.log
2013-12-20 11:08 - 2013-12-20 11:08 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-20 11:05 - 2013-12-20 11:05 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-20 10:31 - 2013-12-20 10:31 - 00152080 _____ C:\Windows\Minidump\122013-20748-01.dmp
2013-12-20 08:24 - 2013-12-20 08:24 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-20 07:59 - 2013-12-20 07:59 - 00002503 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-20 07:59 - 2013-12-20 07:59 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-12-20 07:59 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Skype
2013-12-20 07:59 - 2013-12-20 05:56 - 00000000 ___RD C:\Program Files\Skype
2013-12-20 07:21 - 2013-12-20 07:21 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Roaming\WinRAR
2013-12-20 07:08 - 2013-12-20 07:08 - 00000000 ____D C:\ProgramData\Trymedia
2013-12-20 06:54 - 2013-12-20 23:57 - 00000000 ____D C:\Windows.old
2013-12-20 06:50 - 2013-12-20 06:50 - 01681800 _____ (ESET) C:\Users\DawudandSaarah86\Desktop\eset_nod32_antivirus_live_installer_.exe
2013-12-20 06:18 - 2011-04-12 05:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-20 06:18 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Public
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ___HD C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Zylom
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\WRData
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Wincert
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Uninstall
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Trusteer
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Trend Micro
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Transparent
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\The Game Equation
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\T1 Games
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Sun
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\SugarGames
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\SpinTop Games
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Sonic
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\ScanSoft
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Real
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\QuickTime
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\PopCap Games
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\PoBros
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\PlayFirst
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Particles
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Nuance
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Norton
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Nitro PDF
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\MythPeople
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\MumboJumbo
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\MFAData
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Merscom
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Meridian93
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\McAfee
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\LittleGamesCompany
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Intel
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Graboid Inc
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\GameHouse
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\fwlbdhwdxxmueef
2013-12-20 06:03 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Fugazo
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\FloodLightGames
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Flood Light Games
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\FarmFrenzy3_Madagascar
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Exorcist DS 3
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\ESET
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\DivX
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Dell
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Datamngr
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Colibri Games
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\BVRP Software
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Big Fish Games
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Big Finish
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\AVG
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Atheros
2013-12-20 06:02 - 2013-12-20 06:02 - 00000000 ____D C:\ProgramData\Arcade Lab
2013-12-20 06:02 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-20 06:01 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\Apple
2013-12-20 06:01 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\aliasworlds
2013-12-20 06:01 - 2013-12-20 06:01 - 00000000 ____D C:\ProgramData\Adobe
2013-12-20 05:59 - 2013-12-20 05:59 - 00000000 ____D C:\Program Files\WinRAR
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Windows Live
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Veoh Networks
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Veetle
2013-12-20 05:58 - 2013-12-20 05:58 - 00000000 ____D C:\Program Files\Transparent
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\THQ
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\SopCast
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\Roxio
2013-12-20 05:56 - 2013-12-20 05:56 - 00000000 ____D C:\Program Files\QuickTime
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\PopCap Games
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\Penny Dreadfuls Sweeney Todd
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\OurBabyMaker_27EI
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\OurBabyMaker_27
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\OpenAL
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\Nuance
2013-12-20 05:55 - 2013-12-20 05:55 - 00000000 ____D C:\Program Files\MSSOAP
2013-12-20 05:53 - 2013-12-20 05:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-20 05:53 - 2013-12-20 05:53 - 00000000 ____D C:\Program Files\Java
2013-12-20 05:53 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\iTunes
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Islamasoft Solutions
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\iPod
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Intel
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\Happyneuron
2013-12-20 05:52 - 2013-12-20 05:52 - 00000000 ____D C:\Program Files\GUMD0D2.tmp
2013-12-20 05:52 - 2013-12-20 05:50 - 00000000 ____D C:\Program Files\Grim Tales - The Bride
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\Feeding Frenzy 2 Shipwreck Showdown
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\ESET
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\DivX
2013-12-20 05:49 - 2013-12-20 05:49 - 00000000 ____D C:\Program Files\Dell Inc
2013-12-20 05:49 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\CyberLink
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Criminal Minds
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Broken Sword
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Bonjour
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\bfgclient
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\AVG
2013-12-20 05:48 - 2013-12-20 05:48 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\Amazon
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\Adobe Download Assistant
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\Adobe
2013-12-20 05:47 - 2013-12-20 05:47 - 00000000 ____D C:\Program Files\AC3Filter
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Week 10
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\SopCast
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\RK_Quarantine
2013-12-20 05:43 - 2013-12-20 05:43 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Old Firefox Data
2013-12-20 05:43 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\New folder
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Maths
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\Grammar worksheets
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\English Week 9
2013-12-20 05:40 - 2013-12-20 05:40 - 00000000 ____D C:\Users\DawudandSaarah86\Desktop\32bit
2013-12-20 04:26 - 2013-12-20 04:26 - 00152072 _____ C:\Windows\Minidump\122013-23743-01.dmp
2013-12-20 01:56 - 2013-12-20 01:56 - 00001415 _____ C:\Users\DawudandSaarah86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-20 01:56 - 2013-12-20 01:56 - 00000020 ___SH C:\Users\DawudandSaarah86\ntuser.ini
2013-12-20 01:56 - 2013-12-20 01:56 - 00000000 ____D C:\Users\DawudandSaarah86\AppData\Local\VirtualStore
2013-12-20 01:54 - 2013-12-21 00:09 - 00000000 ____D C:\Windows\Panther
2013-12-20 01:54 - 2013-12-20 01:54 - 00000000 __SHD C:\Recovery
2013-12-20 01:54 - 2010-11-20 23:57 - 00000000 ____D C:\Users\Administrator
2013-12-20 01:54 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\Recovery
2013-12-18 11:30 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Roxio
2013-12-17 14:29 - 2013-12-20 05:43 - 00001878 _____ C:\Users\DawudandSaarah86\Desktop\SystemLook.txt
2013-12-16 18:37 - 2013-12-16 18:37 - 00011080 _____ C:\ComboFix.txt
2013-12-16 15:32 - 2013-12-20 06:03 - 00000000 ____D C:\ProgramData\Symantec
2013-12-13 12:38 - 2013-12-02 15:27 - 00000000 ____D C:\Users\DawudandSaarah86\Documents\Wedding Pics. & Others (Dawud Only)
2013-12-10 19:03 - 2013-12-10 19:03 - 00032422 _____ C:\Users\DawudandSaarah86\Downloads\FRST.txt
2013-12-05 23:08 - 2013-12-05 23:08 - 00000000 ____D C:\Users\DawudandSaarah86\Documents\Broken Sword 5
2013-12-01 14:42 - 2013-12-23 12:15 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\DawudandSaarah86\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-20 02:51
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

Not sure how you managed this, but FRST has been saved and run from your temporary internet files folder, it also shows to have been put on your Desktop and your Downloads folder on earlier dates, it should have been saved to the Desktop only. I expected it to produce two logs, but you only posted one, having it in the temp folder will not make it easy to find. We are going to run a temp file cleaner which will remove it. Please delete the other copies of the program in the Downloads folder and on the Desktop.

Please then download it again and make sure it goes to the desktop (if you need help doing that then please ask and tell me what browser you are using). When done run another scan with it and post the Addition.txt log. When the window opens put a check mark next to Addition.txt if there isn't already one there. You only need to post the Addition.txt log which will provide me with some additional information.

I can see files in the log above that were created before you ran the re-install, I'm not too clear why they are still there and your Windows.old folder is showing as empty, did you copy everything out of it back onto the system? I can see many files created on the 20th of December that show as empty.

Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name *TFC - Temp File Cleaner by Old Timer*.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

=================================================

There is another problem, your system has been restarting, as you mentioned in post 316. In the logs it shows quite a few crash dumps have been created, these will be due to a complete system crash taking place, they are logged for nearly everyday since 20th December (when you did the re-install) and yet you have not mentioned the problem until 7 days later .

If you could attach those crash dumps it will help to find the cause.

First locate your minidump files, open *Windows Explorer* and click on the *C:* drive in the left pane, in the right pane look down the list of folders and double click on *Windows* to view its contents._ *NOTE:* If your operating system is installed under a different drive letter then look there._ Scroll down the contents of the *Windows* folder and look for a folder called *minidump* and double click on it. You should now see the *minidump* files which will have a *.dmp* extension.

Zip up at least 6 of the most recent files into *one* zip folder (if there are less then just zip up what you have).

*NOTE:* To zip up the files in Windows (all versions). Right click the file, click on* Send To*, and then click
*Compressed (zipped) Folder*. That will create a zip folder containing a copy of the file, you should see it appear.

If there is more than one *.dmp* file click on the first one, hold down the shift key and then click on the last one. That should highlight all the files. Then right click in the highlighted area, click on *Send To*, and then click *Compressed (zipped) Folder*.




Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and click on it so it becomes highlighted and click on *Open.*
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the top of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## dawudbryant (Sep 12, 2013)

Hi, sorry I havent got back to u sooner. My inlaws are staying at my house and ive been away for a couple of days. When I got back my father in law who is in I.T told me he is redoing the restart with the dell discs and that should stop the crashing. So when its fully done Ill check if its ok then do the FRST scan as u said.


----------



## Mark1956 (May 7, 2011)

No problem with the delay. Another fresh install is probably a wise move as those logs seem to show quite a few old files, it almost looks like you had run an upgrade install which didn't wipe out some of the old files. Hopefully after it has been done again it will give you a clean start. Always handy to have someone like an IT expert, who knows their way around a PC, to help out.

If the system is working ok after that is done there won't be any need to run FRST again and we can move on to the laptop.


----------



## Mark1956 (May 7, 2011)

Happy New Year, it has been a while since I have heard from you, I do appreciate Christmas can be a busy time for a lot of us. How is it going with the desktop and are you ready to complete the clean up on the laptop. I've just found that nasty worm on another PC I am helping with, so we could well see more of them on the forum. Getting a sample of the virus from your FRST quarantine would be of great benefit to the guys that make our Malware tools, at present it is still only Eset that detects the infection.


----------



## dawudbryant (Sep 12, 2013)

Hi mark,
happy new year. Sorry for the delayed reply. My internet has been messed up. After my father in law re did the reset its still crashing alot. He reckons I need a new hard drive. What do u think?


----------



## Mark1956 (May 7, 2011)

No problem with the delay and a Happy New Year to you also.

Please follow the instructions below to run a quick check on the hard drive.

Could I ask you to now upload a sample of the infection from the laptop. If you have the time please go back and follow the instructions in post 235 to get the infection uploaded.

We will see the result of the disc check on the desktop PC and go from there, it certainly does sound as if it has some kind of hardware fault.

*Disk Check*


Click on *Start* then type *cmd* in the search box. A menu will pop up with *cmd* at the top, *right click* on it and select *Run as Administrator*. Another box will open, at the prompt type *chkdsk /r* and hit *Enter*._ *Note:* you must include a space between the *k* and the */*_
You will then see the following message:
*chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)*
Type *Y* for yes, and hit *Enter*. Then reboot the computer.
*chkdsk* will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (_The *chkdsk* process may take an hour or more to finish, if it appears to freeze this is normal so *do not* interrupt it. On drives above 500GB it can take several hours._)
When the Disk Check is done, it will finish loading Windows.

When back at the desktop, follow this to find the log.


Press the *Windows + R* keys to open the *Run* box, type *eventvwr.msc*, and hit the Enter key on your keyboard.
If prompted by the *User Account Control*, click on *Yes* (Windows 7/8) or *Continue* (Vista).
In the left pane of *Event Viewer*, double click on *Windows Logs* to expand it, then left click once on *Application* then right click on *Application* and select *Find*.
Type *wininit* into the *Find *box and click on *Find Next*.
When the search completes you should see the log displayed in the central pane, close the *Find* window.
In the right hand pane click on *Copy* and select *Copy details as text*.
Come back to this thread and right click in the message box and select *Paste*, the log should appear.
Add any other information asked for and submit the post.


----------



## etaf (Oct 2, 2003)

re-opened at OP request


----------



## Mark1956 (May 7, 2011)

Hi Dawudbryant, how can I help you?


----------



## dawudbryant (Sep 12, 2013)

Hi Mark, been a long time, hope you are well. I had given my laptop to my brother in law for him to use for his university work. Now I have it back I wanted to ask you for help as my pc is still not working properly, its still shutting down all the time. I have bought new memory for the pc as my father in law said that could be the problem, not sure. I dont know how to put it in, anyway, I just wondered if you could please help me sort the problem out.


----------



## Mark1956 (May 7, 2011)

Best to always test hardware before assuming it is faulty.

But first lets run a scan on it so I can see if there are any other errors that may be causing the problem. When the FRST window opens make sure you put a check mark next to Addition.txt so that it produces both logs required.

*SCAN 1*
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the*Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## dawudbryant (Sep 12, 2013)

ok, thanks mark, will do that asap


----------



## Mark1956 (May 7, 2011)

:up:


----------



## dawudbryant (Sep 12, 2013)

I was going to scan it but now it comes up saying this

WINDOWS DETECTED A HARD DISC PROBLEM
Back up your files immediately to prevent information loss, and then contact the computer manufacturer to determine if you need to repair or replace the disc.

Under the details it says this

The following hard discs are reporting failure
Disc name WDC WD5000AAKS-75V0A0 ATA Device
Volume: C:/

I will now do the scan


----------



## dawudbryant (Sep 12, 2013)

here are the scans

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by SaarahandDawud at 2014-03-26 11:04:58
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: AVG AntiVirus 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4259 - AVG Technologies)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
==================== Restore Points =========================

==================== Hosts content: ==========================
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {42B07961-2730-4C55-9AB5-439F12C7C4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21] (Adobe Systems Incorporated)
Task: {AB3D7F63-72B7-4168-81E5-789DF0893DD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {B0602793-B60F-4BC1-9192-A185C91A20A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-09-04 03:38 - 2009-09-04 03:38 - 00020594 _____ () C:\Windows\System32\DELS3L3.DLL
==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (03/26/2014 10:39:23 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\mfc110u.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program AVG User Interface because of this error.
Program: AVG User Interface
File: C:\Windows\System32\mfc110u.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (03/26/2014 10:39:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgui.exe, version: 14.0.0.4253, time stamp: 0x527c002e
Faulting module name: mfc110u.dll, version: 11.0.51106.1, time stamp: 0x5098ae3f
Exception code: 0xc0000006
Fault offset: 0x0028efec
Faulting process id: 0x6ac
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Error: (03/25/2014 05:04:05 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\rescache\rc0000\Segment0.cmf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Resource cache builder tool because of this error.
Program: Resource cache builder tool
File: C:\Windows\rescache\rc0000\Segment0.cmf
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (03/25/2014 05:04:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: mcbuilder.exe, version: 6.1.7601.17514, time stamp: 0x4ce789c1
Faulting module name: mcbuilder.exe, version: 6.1.7601.17514, time stamp: 0x4ce789c1
Exception code: 0xc0000006
Fault offset: 0x0003011f
Faulting process id: 0x51c
Faulting application start time: 0xmcbuilder.exe0
Faulting application path: mcbuilder.exe1
Faulting module path: mcbuilder.exe2
Report Id: mcbuilder.exe3
Error: (03/25/2014 04:57:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/23/2014 10:12:22 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\ieui.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.
Program: Internet Explorer
File: C:\Windows\System32\ieui.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (03/23/2014 10:12:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: IEUI.dll, version: 11.0.9600.16521, time stamp: 0x5311569d
Exception code: 0xc0000006
Fault offset: 0x0003273e
Faulting process id: 0x214
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (03/17/2014 03:17:06 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files\Common Files\microsoft shared\OFFICE12\1033\MSOINTL.DLL for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Office Word because of this error.
Program: Microsoft Office Word
File: C:\Program Files\Common Files\microsoft shared\OFFICE12\1033\MSOINTL.DLL
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (03/17/2014 03:17:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 12.0.4518.1014, time stamp: 0x45428028
Faulting module name: mso.dll, version: 12.0.4518.1014, time stamp: 0x4542867b
Exception code: 0xc0000006
Fault offset: 0x0001587a
Faulting process id: 0xc3c
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
Error: (02/28/2014 08:00:31 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\rescache\rc0000\Segment0.cmf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Resource cache builder tool because of this error.
Program: Resource cache builder tool
File: C:\Windows\rescache\rc0000\Segment0.cmf
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3

System errors:
=============
Error: (03/26/2014 10:37:43 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/26/2014 10:37:43 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/26/2014 10:37:43 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/26/2014 10:37:43 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/26/2014 10:27:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
Error: (03/25/2014 05:06:33 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (03/25/2014 05:06:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/25/2014 05:06:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/25/2014 05:06:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (03/25/2014 05:06:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Microsoft Office Sessions:
=========================
Error: (03/17/2014 03:16:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267 seconds with 180 seconds of active time. This session ended with a crash.

==================== Memory info =========================== 
Percentage of memory in use: 28%
Total physical RAM: 2012.99 MB
Available physical RAM: 1447.79 MB
Total Pagefile: 4025.98 MB
Available Pagefile: 3135.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.74 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:457.06 GB) (Free:84.95 GB) NTFS
Drive e: () (Removable) (Total:0.01 GB) (Free:0.01 GB) FAT
Drive f: () (Removable) (Total:14.9 GB) (Free:1.77 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 8 MB) (Disk ID: 28A19FD5)
Partition 1: (Not Active) - (Size=8 MB) - (Type=01)
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: B11D2C8F)
Partition: GPT Partition Type.
==================== End Of Log ============================

Log 2

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by SaarahandDawud (administrator) on SD_PC on 26-03-2014 11:04:39
Running from F:\
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\system32\DFDWiz.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgdiagex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgdiagex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-02] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39C714FCE903CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\Users\SaarahandDawud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
========================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-03-26 11:03 - 2014-03-26 11:03 - 00000584 _____ () C:\Users\SaarahandDawud\Desktop\FRST.exe - Shortcut.lnk
2014-03-17 15:19 - 2014-03-01 04:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-17 15:19 - 2014-03-01 04:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-17 15:19 - 2014-03-01 04:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-17 15:19 - 2014-03-01 03:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-17 15:19 - 2014-03-01 03:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-17 15:19 - 2014-03-01 03:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-17 15:19 - 2014-03-01 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-17 15:19 - 2014-03-01 03:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-17 15:19 - 2014-03-01 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-17 15:19 - 2014-03-01 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-17 15:19 - 2014-03-01 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-17 15:19 - 2014-03-01 03:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-17 15:19 - 2014-03-01 03:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-17 15:19 - 2014-03-01 03:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-17 15:19 - 2014-03-01 03:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-17 15:19 - 2014-03-01 03:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-17 15:19 - 2014-03-01 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-17 15:19 - 2014-03-01 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-17 15:19 - 2014-03-01 02:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-17 15:19 - 2014-03-01 02:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-17 15:19 - 2014-03-01 02:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-17 15:19 - 2014-03-01 02:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-17 15:19 - 2014-02-04 02:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-17 15:17 - 2014-02-07 01:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-17 15:17 - 2014-02-04 02:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-17 15:17 - 2014-01-29 02:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-17 15:17 - 2014-01-28 02:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 01506800 _____ () C:\Windows\Minidump\031714-30435-01.dmp
2014-03-08 14:00 - 2014-03-08 14:00 - 00219648 _____ () C:\Users\SaarahandDawud\Downloads\Newspaper front page.ppt
2014-03-08 13:56 - 2014-03-08 13:56 - 00655360 _____ () C:\Users\SaarahandDawud\Downloads\00249.ppt
2014-03-08 11:09 - 2014-03-08 13:55 - 00504848 _____ () C:\Users\SaarahandDawud\Desktop\Recounts Week 5. Lesson 5 and 6 .pptx
2014-03-08 10:05 - 2014-03-08 11:02 - 00504581 _____ () C:\Users\SaarahandDawud\Desktop\Recounts Week 5. Lesson 3 and 4 .pptx
2014-03-08 09:07 - 2014-03-08 10:04 - 00705675 _____ () C:\Users\SaarahandDawud\Desktop\Recounts Week 5. Lesson 1 and 2 .pptx
2014-03-08 08:57 - 2014-03-08 08:57 - 00152120 _____ () C:\Windows\Minidump\030814-54023-01.dmp
2014-03-07 09:19 - 2014-03-07 09:19 - 00000165 ____H () C:\Users\SaarahandDawud\Desktop\~$Recounts Week 5. Lesson 1 and 2.pptx
2014-03-07 09:13 - 2014-03-07 09:14 - 00000000 ____D () C:\Users\SaarahandDawud\Desktop\Displays
2014-03-07 09:13 - 2014-03-07 09:13 - 00000000 ____D () C:\Users\SaarahandDawud\Desktop\Week 4 English ppt
2014-03-01 06:43 - 2014-03-01 06:50 - 00000000 ____D () C:\Users\SaarahandDawud\Desktop\Saarah Al Maha Academy Backup
==================== One Month Modified Files and Folders =======
2014-03-26 11:04 - 2013-10-24 15:42 - 00000000 ____D () C:\FRST
2014-03-26 11:03 - 2014-03-26 11:03 - 00000584 _____ () C:\Users\SaarahandDawud\Desktop\FRST.exe - Shortcut.lnk
2014-03-26 10:39 - 2013-12-28 15:01 - 01322181 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 10:35 - 2013-12-29 00:19 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 10:35 - 2013-12-29 00:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 10:30 - 2013-12-28 16:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 10:29 - 2013-12-28 15:34 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 10:27 - 2009-07-14 04:39 - 00030657 _____ () C:\Windows\setupact.log
2014-03-25 02:43 - 2009-07-14 04:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 02:43 - 2009-07-14 04:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 02:40 - 2013-12-28 16:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-25 02:35 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 10:05 - 2013-12-29 00:19 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-21 10:30 - 2013-12-28 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-21 10:30 - 2013-12-28 16:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-21 09:58 - 2009-07-14 04:33 - 00412432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 15:11 - 2014-03-17 15:11 - 01506800 _____ () C:\Windows\Minidump\031714-30435-01.dmp
2014-03-17 15:11 - 2013-12-28 17:01 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 15:11 - 2013-12-28 17:00 - 240998009 _____ () C:\Windows\MEMORY.DMP
2014-03-08 14:00 - 2014-03-08 14:00 - 00219648 _____ () C:\Users\SaarahandDawud\Downloads\Newspaper front page.ppt
2014-03-08 13:56 - 2014-03-08 13:56 - 00655360 _____ () C:\Users\SaarahandDawud\Downloads\00249.ppt
2014-03-08 13:55 - 2014-03-08 11:09 - 00504848 _____ () C:\Users\SaarahandDawud\Desktop\Recounts Week 5. Lesson 5 and 6 .pptx
2014-03-08 11:02 - 2014-03-08 10:05 - 00504581 _____ () C:\Users\SaarahandDawud\Desktop\Recounts Week 5. Lesson 3 and 4 .pptx
2014-03-08 10:04 - 2014-03-08 09:07 - 00705675 _____ () C:\Users\SaarahandDawud\Desktop\Recounts Week 5. Lesson 1 and 2 .pptx
2014-03-08 08:57 - 2014-03-08 08:57 - 00152120 _____ () C:\Windows\Minidump\030814-54023-01.dmp
2014-03-07 09:19 - 2014-03-07 09:19 - 00000165 ____H () C:\Users\SaarahandDawud\Desktop\~$Recounts Week 5. Lesson 1 and 2.pptx
2014-03-07 09:14 - 2014-03-07 09:13 - 00000000 ____D () C:\Users\SaarahandDawud\Desktop\Displays
2014-03-07 09:13 - 2014-03-07 09:13 - 00000000 ____D () C:\Users\SaarahandDawud\Desktop\Week 4 English ppt
2014-03-01 06:50 - 2014-03-01 06:43 - 00000000 ____D () C:\Users\SaarahandDawud\Desktop\Saarah Al Maha Academy Backup
2014-03-01 04:30 - 2014-03-17 15:19 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 04:11 - 2014-03-17 15:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 04:10 - 2014-03-17 15:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 03:52 - 2014-03-17 15:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 03:51 - 2014-03-17 15:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 03:47 - 2014-03-17 15:19 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 03:43 - 2014-03-17 15:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 03:43 - 2014-03-17 15:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 03:40 - 2014-03-17 15:19 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 03:38 - 2014-03-17 15:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 03:38 - 2014-03-17 15:19 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 03:37 - 2014-03-17 15:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 03:31 - 2014-03-17 15:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:25 - 2014-03-17 15:19 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 03:16 - 2014-03-17 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 03:14 - 2014-03-17 15:19 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 03:03 - 2014-03-17 15:19 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 03:00 - 2014-03-17 15:19 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 02:57 - 2014-03-17 15:19 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 02:32 - 2014-03-17 15:19 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 02:27 - 2014-03-17 15:19 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 02:25 - 2014-03-17 15:19 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\SaarahandDawud\AppData\Local\Temp\lowproc.exe
C:\Users\SaarahandDawud\AppData\Local\Temp\ose00000.exe
C:\Users\SaarahandDawud\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-25 04:57
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

There certainly does appear to be a problem with the hard drive. Please run this scan below and post the report.

*Disk Check*


Click on *Start* then type *cmd* in the search box. A menu will pop up with *cmd* at the top, *right click* on it and select *Run as Administrator*. Another box will open, at the prompt type *chkdsk /r* and hit *Enter*._ *Note:* you must include a space between the *k* and the */*_
You will then see the following message:
*chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)*
Type *Y* for yes, and hit *Enter*. Then reboot the computer. 
*chkdsk* will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (_The *chkdsk* process may take an hour or more to finish, if it appears to freeze this is normal so *do not* interrupt it. On drives above 500GB it can take several hours._)
When the Disk Check is done, it will finish loading Windows.

When back at the desktop, follow this to find the log.


Press the *Windows + R* keys to open the *Run* box, type *eventvwr.msc*, and hit the Enter key on your keyboard.
If prompted by the *User Account Control*, click on *Yes* (Windows 7/8) or *Continue* (Vista).
In the left pane of *Event Viewer*, double click on *Windows Logs* to expand it, then left click once on *Application* then right click on *Application* and select *Find*.
Type *wininit* into the *Find *box and click on *Find Next*.
When the search completes you should see the log displayed in the central pane, close the *Find* window.
In the right hand pane click on *Copy* and select *Copy details as text*.
Come back to this thread and right click in the message box and select *Paste*, the log should appear.
Add any other information asked for and submit the post.


----------



## etaf (Oct 2, 2003)

As this is now quite old, you will probably need to restart with new logs, wait for further instructions from * Mark1956*


----------



## Mark1956 (May 7, 2011)

Welcome back. Have you made any progress since your last post here?

Please continue by following my last post as the logs clearly indicate a hard drive problem.


----------



## dawudbryant (Sep 12, 2013)

Hi Mark, 

I will be doing the scan asap then will post the results, Ive been finishing my degree, but I will be done in a couple of days, please bare with me

Thanks

D


----------



## Mark1956 (May 7, 2011)

That's fine, just post when you are ready.


----------



## dawudbryant (Sep 12, 2013)

hi mark, the pc is no longer starting up. I think I should just take it to a shop. Thanks for all your help and sorry for such long delays. ive been so busy finishing a degree, doing many courses and working as well.

Thanks again

Dawud


----------



## Mark1956 (May 7, 2011)

Sorry to hear things have got worse, may be the hard drive has failed. You can test it by following this guide.

You can create the Seatools disc on any fully functional PC with a CD burner or use any PC to create the Flash Drive.

Open Internet Explorer and click on this: Seatools

Save the download to your desktop.

In Windows 7 right click the ISO file, select *Open With*, then select* Windows Disc Image Burning Tool* then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn Install the program (make sure you uncheck any boxes that will install bundled software) and start the application. Select the top left hand option to *Write image file to disc* and then on the next window click on the small yellow folder icon and browse to the ISO file on your desktop. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

You will need a blank recordable CD or a re-recordable CD. If your PC has no CD/DVD drive or you would prefer to run Seatools from a Flash Drive follow this guide: How to run Seatools from a USB Flash Drive

When the CD has been burned boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence Bios Boot Order Guide. Insert the disk in the drive then reboot and the disc will load into DOS. Click on Basic Tests and select the Long Test. If using a Flash Drive you need to set USB to 1st in the boot order, if there is no USB available in the boot order you will have to run the test from a CD.

A full set of instructions can be found here: Seatools instructions

When the test completes it will show a Pass or Fail.


----------

