# Disk health - "ERROR"



## white_tigress (Apr 6, 2011)

My computer has gotten extremely slow during downloads. It took me an entire day to download a 1/2 hour program and then I was unable to open it. I did a virus scan and found nothing. I ran CCleaner but found no change after.

I then ran Defraggler and next to Disk Health, it said 'ERROR'.

Please help me.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 3054 Mb
Graphics Card: NVIDIA Quadro NVS 140M, 128 Mb
Hard Drives: C: Total - 95293 MB, Free - 57849 MB;
Motherboard: LENOVO, 6457W7X
Antivirus: Trend Micro Titanium Internet Security 2012, Updated: Yes, On-Demand Scanner: Enabled

GMER 2.1.18952 - http://www.gmer.net
Rootkit scan 2013-02-18 13:39:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9100821AS rev.3.CME 93.16GB
Running: rov5s9g1.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2124] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32076 4 bytes [24, D9, B9, 68]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2124] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37283 4 bytes [74, 4C, 09, 66]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2124] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab751a6 4 bytes [20, EF, B9, 68]
.text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076441465 2 bytes [44, 76]
.text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000764414bb 2 bytes [44, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007747f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007747f99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007747fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007747fa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007747fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007747fb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007747fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007747fbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007747fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007747fc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007747fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007747fc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007747fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007747fc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007747fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007747fc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007747fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007747fcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007747fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007747fd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007747fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007747fd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007747fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007747fdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007747fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007747fe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007747ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007747ff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077480099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000774800a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077480781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007748078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077480ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077481007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007748105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15  0000000077481067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774810a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000774810af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007748111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077481127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077481321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007748132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007634103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076341072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076a7119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076a711cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075fe4de0 5 bytes JMP 00000001001603b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075fe4f70 5 bytes JMP 00000001001605f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000075fe51a2 5 bytes JMP 00000001001608f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000075fe522d 5 bytes JMP 0000000100160a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075fe5689 5 bytes JMP 00000001001601b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075fe58b3 5 bytes JMP 0000000100160170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075fe6bad 5 bytes JMP 0000000100160370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075fe6e05 5 bytes JMP 0000000100160570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075fe6ead 5 bytes JMP 0000000100160530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075fe7180 5 bytes JMP 00000001001606b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075fe7435 5 bytes JMP 0000000100160770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075fe7bcc 5 bytes JMP 00000001001600b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075fe7dc4 5 bytes JMP 00000001001603f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075fe7fd5 5 bytes JMP 0000000100160d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000075fe82b2 5 bytes JMP 0000000100160e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075fe8401 5 bytes JMP 00000001001609f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000075fe879f 5 bytes JMP 00000001001602f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075fe8916 5 bytes JMP 00000001001605b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075fe8b7a 5 bytes JMP 0000000100160970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075fe8ee6 5 bytes JMP 0000000100160470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075fe9875 5 bytes JMP 0000000100160c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075fe9936 5 bytes JMP 0000000100160d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000075fea53a 5 bytes JMP 00000001001609b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000075feaf9f 5 bytes JMP 0000000100160330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!LineTo 0000000075feb9e5 5 bytes JMP 0000000100160430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000075febd55 5 bytes JMP 0000000100160db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000075fec040 5 bytes JMP 0000000100160130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000075fec107 5 bytes JMP 0000000100160670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000075fec269 5 bytes JMP 00000001001606f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000075fed1f1 5 bytes JMP 0000000100160df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000075fed349 5 bytes JMP 0000000100160630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000075fedce4 5 bytes JMP 0000000100160930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075fee743 5 bytes JMP 00000001001600f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000075ff03b7 5 bytes JMP 00000001001602b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!Escape 0000000075ff1bda 5 bytes JMP 0000000100160270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000075ff1e89 5 bytes JMP 0000000100160cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000075ff4843 5 bytes JMP 0000000100160b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000075ff5690 5 bytes JMP 0000000100160b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!EndPage 0000000075ff6bde 5 bytes JMP 0000000100160230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000075ffe2db 5 bytes JMP 0000000100160ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007600940d 5 bytes JMP 0000000100160cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007600c621 5 bytes JMP 0000000100160bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007600d2b2 5 bytes JMP 0000000100160bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007600d919 5 bytes JMP 0000000100160c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076013adc 5 bytes JMP 0000000100160030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076013f29 5 bytes JMP 00000001001601f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StartPage 000000007601401a 5 bytes JMP 0000000100160730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076014c51 5 bytes JMP 00000001001607f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000760153fd 5 bytes JMP 0000000100160830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076015454 5 bytes JMP 0000000100160af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000760154af 5 bytes JMP 0000000100160070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076015506 5 bytes JMP 0000000100160a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007601573f 5 bytes JMP 00000001001607b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!FillPath 00000000760157d2 5 bytes JMP 0000000100160870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076015c44 5 bytes JMP 00000001001604f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076015cd5 5 bytes JMP 00000001001604b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076015d87 5 bytes JMP 00000001001608b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076698c40 5 bytes JMP 0000000100170570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076699ebd 5 bytes JMP 00000001001702b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000766a0afa 5 bytes JMP 00000001001702f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000766a0c62 7 bytes JMP 00000001001705b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetParent 00000000766a0f68 7 bytes JMP 00000001001706f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000766a112d 7 bytes JMP 00000001001706b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766a12a5 5 bytes JMP 00000001001705f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000766a227d 7 bytes JMP 0000000100170670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000766a3150 7 bytes JMP 0000000100170630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetCursor 00000000766a41f6 5 bytes JMP 0000000100170530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000766a68ef 5 bytes JMP 0000000100170270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000766a77fa 5 bytes JMP 0000000100170230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000766a7887 7 bytes JMP 0000000100170730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000766a8676 5 bytes JMP 00000001001700f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000766a8696 5 bytes JMP 0000000100170330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000766a8e8d 5 bytes JMP 00000001001700b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000766a8ecb 5 bytes JMP 0000000100170070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000766ac17b 5 bytes JMP 0000000100170430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000766ac449 5 bytes JMP 00000001001701b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000766ac468 5 bytes JMP 00000001001703f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000766ac486 5 bytes JMP 00000001001701f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000766ac4b6 5 bytes JMP 00000001001704b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000766ad6c0 5 bytes JMP 00000001001704f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000766ae360 5 bytes JMP 0000000100170370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000766d8e57 5 bytes JMP 0000000100170170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000766d9cfd 5 bytes JMP 0000000100170770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000766d9f1d 5 bytes JMP 0000000100170030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000766f7cb9 5 bytes JMP 0000000100170130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000766f8111 5 bytes JMP 0000000100170470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000766f832f 5 bytes JMP 00000001001703b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000764b0045 5 bytes JMP 0000000100190030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000764b36b2 5 bytes JMP 0000000100190070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000764dfdcd 5 bytes JMP 00000001001900b0
? C:\Windows\system32\mssprxy.dll [3352] entry point in ".rdata" section 000000006c3571e6
.text C:\Users\Owner\Downloads\HijackThis.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076441465 2 bytes [44, 76]
.text C:\Users\Owner\Downloads\HijackThis.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764414bb 2 bytes [44, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [940:404] 000007fefc30f2f4
Thread C:\Windows\System32\svchost.exe [940:352] 000007fefc056204
Thread C:\Windows\System32\svchost.exe [940:1164] 000007fefb142070
Thread C:\Windows\System32\svchost.exe [940:1188] 000007fefb045428
Thread C:\Windows\System32\svchost.exe [940:780] 000007fefdbfc608
Thread C:\Windows\System32\svchost.exe [940:6044] 000007fef5b36b8c
Thread C:\Windows\System32\svchost.exe [940:6048] 000007fef5b31d88
Thread C:\Windows\System32\svchost.exe [940:4668] 000007fef9ca5fd0
Thread C:\Windows\System32\svchost.exe [940:1136] 000007fefb043118
Thread C:\Windows\system32\svchost.exe [1320:3512] 000007fef3615f1c
Thread C:\Windows\system32\svchost.exe [1320:5708] 000007fef29d8470
Thread C:\Windows\system32\svchost.exe [1320:5712] 000007fef29e2418
Thread C:\Windows\system32\svchost.exe [1320:5844] 000007fef0bcf130
Thread C:\Windows\system32\svchost.exe [1320:5280] 000007fef0bc4734
Thread C:\Windows\system32\svchost.exe [1320:4732] 000007fef0bc4734
Thread C:\Windows\System32\svchost.exe [4280:5492] 000007fef4555170
Thread C:\Windows\System32\svchost.exe [4280:5180] 000007fef7b99874

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dee4856 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dee4856 (not active ControlSet)

---- EOF - GMER 2.1 ----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:21:16 PM, on 2/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\Owner\AppData\Local\Workspace\wben.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe"
O4 - HKCU\..\Run: [wben] "C:\Users\Owner\AppData\Local\Workspace\wben.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files (x86)\Workspace\offSyncService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10784 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.5.1
Run by Owner at 13:47:47 on 2013-02-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.1522 [GMT -8:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\Owner\AppData\Local\Workspace\wben.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe"
uRun: [wben] "C:\Users\Owner\AppData\Local\Workspace\wben.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
TCP: NameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140} : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}\836464142364 : DHCPNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [nwiz] nwiz.exe /install
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=
FF - prefs.js: browser.search.selectedEngine - Speedbit Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]\plugins\npLMI64.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-5-18 77184]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-18 275912]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-10-5 1181408]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-5-18 72216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-9-13 103472]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-5-18 578264]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2006-12-21 300032]
R3 LenovoRd;LenovoRd;C:\Windows\System32\drivers\LenovoRd.sys [2009-5-11 118016]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2012-5-18 67344]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2012-5-18 210704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-8-10 155320]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
.
=============== Created Last 30 ================
.
2013-02-18 06:16:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16:20 -------- d-----w- C:\Program Files (x86)\Common Files\PC Utility Kit
2013-02-18 06:16:18 -------- d-----w- C:\ProgramData\PC Utility Kit
2013-02-18 06:16:18 -------- d-----w- C:\Program Files (x86)\PC Utility Kit
2013-02-17 01:47:20 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-02-16 21:34:40 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2013-02-16 16:28:02 -------- d-----w- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
2013-02-16 16:27:07 -------- d-----w- C:\ProgramData\SpeedBit
2013-02-16 16:27:03 -------- d-----w- C:\Program Files (x86)\DAP
2013-02-16 16:26:14 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2013-02-16 06:23:24 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22:58 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22:47 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22:39 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-15 06:54:50 -------- d-----w- C:\Program Files (x86)\MediaCrawler
2013-02-15 06:48:58 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 06:48:58 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 07:07:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\GoforFiles
2013-02-14 05:29:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-02-14 05:29:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-02-14 05:29:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-02-14 05:29:56 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-02-13 00:55:42 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 00:55:41 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:55:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 00:55:27 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 00:55:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 00:55:24 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 00:55:23 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 00:55:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 00:55:23 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 00:55:21 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 00:55:17 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 00:55:17 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-12 11:06:52 91264 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2013-02-18 20:02:38 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2013-02-16 22:30:57 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2013-02-07 23:25:13 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 23:25:13 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-12 11:30:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 13:48:12.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2012 5:30:19 PM
System Uptime: 2/18/2013 2:12:06 AM (11 hours ago)
.
Motherboard: LENOVO | | 6457W7X
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | None | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 56.484 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 2/16/2013 10:19:47 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon MG6200 series MP Drivers
Canon MG6200 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner
Defraggler
Java 7 Update 11
Java 7 Update 7 (64-bit)
Java Auto Updater
JavaFX 2.1.1
LogMeIn
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaCrawler (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Drivers
Outlook Setup Tool
Pandora Service
PC Utility Kit
PhotoPad Image Editor
PhotoStage Slideshow Producer
Pixillion Image Converter
PVSonyDll
QuickTime
SAMSUNG Intelli-studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Sony Ericsson Update Engine
Sony PC Companion 2.10.136
StudioTax 2011
The KMPlayer (remove only)
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
Trend Micro Titanium
Trend Micro Titanium Internet Security 2012
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Watchtower Library 2012 - English
WinWatermark Photo Edition version v12.11.28
Workspace Desktop
.
==== Event Viewer Messages From Past Week ========
.
2/16/2013 9:21:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/16/2013 8:29:57 AM, Error: Service Control Manager [7030] - The VideoAcceleratorService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/16/2013 1:38:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/16/2013 1:37:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/16/2013 1:37:54 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2799494).
2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2790655).
2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2778344).
2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2797052).
.
==== End Of File ===========================


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Welcome to TSG.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*


----------



## white_tigress (Apr 6, 2011)

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

2/19/2013 10:03:59 AM
mbam-log-2013-02-19 (10-03-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225292
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\Downloads\Super_Callanetics_-_4._Csipogyakorlatok.rar.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Bit to do in this post.

Download *RogueKiller* to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.


Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run *RogueKiller.exe*
Wait until Prescan has finished...
Click on *Scan*










Wait for the scan to finish.
The report is created on your desktop.
Click on the *Delete* button










The report is created on your desktop.
Next click on the *ShortcutsFix* button.










If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Please post the contents of all the *RKreport.txt* files from your desktop in your next Reply.

*Next*

Please download AdwCleaner from here to your desktop

Click on the green downward facing arrow on the right to commence download.
Run AdwCleaner and select Delete










Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

*Finally in this post*


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.


----------



## white_tigress (Apr 6, 2011)

I apologize for the late response but my computer friend took my laptop and checked it out...he found nothing. I still have all the same problems so I'm coming back to you. Thank you so much for your help.

RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/10/2013 21:09:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9100821AS ATA Device +++++
--- User ---
[MBR] c3adc58aca47cc408af11e5fe4d973b6
[BSP] f763384531b3da4ec5b64d6abb1c58af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 95294 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03102013_02d2109.txt >>
RKreport[1]_S_03102013_02d2109.txt

RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 03/10/2013 21:11:06
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9100821AS ATA Device +++++
--- User ---
[MBR] c3adc58aca47cc408af11e5fe4d973b6
[BSP] f763384531b3da4ec5b64d6abb1c58af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 95294 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_03102013_02d2111.txt >>
RKreport[1]_S_03102013_02d2109.txt ; RKreport[2]_D_03102013_02d2111.txt

RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/10/2013 21:14:00
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 16 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 99 / Fail 0
My documents: Success 3 / Fail 3
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 85 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_03102013_02d2114.txt >>
RKreport[1]_S_03102013_02d2109.txt ; RKreport[2]_D_03102013_02d2111.txt ; RKreport[3]_SC_03102013_02d2114.txt

# AdwCleaner v2.114 - Logfile created 03/10/2013 at 21:21:31
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\searchplugins\speedbit.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\ProgramData\Tarma Installer
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\prefs.js
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "Speedbit Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=");
Deleted : user_pref("browser.search.order.1", "Speedbit Search");
Deleted : user_pref("browser.search.selectedEngine", "Speedbit Search");
Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://search.speedbit.com/?s=D2Gb");
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7Bada4b710-8346-4b82-8199[...]
Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://h.results.ask.com/home/index.[...]
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "89f07903-1761-42a2-b27a-37ce3a655281");
Deleted : user_pref("keyword.URL", "hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=");
*************************
AdwCleaner[S1].txt - [4597 octets] - [10/03/2013 21:21:31]
########## EOF - C:\AdwCleaner[S1].txt - [4657 octets] ##########

OTL logfile created on: 3/10/2013 9:33:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.27% Memory free
5.96 Gb Paging File | 2.45 Gb Available in Paging File | 41.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 51.05 Gb Free Space | 54.86% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:*64bit:* - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:*64bit:* - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:*64bit:* - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:*64bit:* - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:*64bit:* - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:*64bit:* - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo)
DRV:*64bit:* - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGm...21819&st=sb&n=77ee8adb&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E B2 75 B7 8D 34 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGm...21819&st=sb&n=77ee8adb&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension

[2012/11/12 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/11/12 22:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/03/07 00:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions
[2012/11/15 19:39:11 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/10/06 08:03:45 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/02/07 14:30:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2012/12/19 11:49:34 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2012/09/09 21:11:30 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2013/03/07 00:17:49 | 000,021,489 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2013/02/13 23:28:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/12 22:46:55 | 000,000,000 | ---D | M] (Workspace Email Zoom) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2012/09/13 12:20:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:*64bit:* - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:*64bit:* - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:*64bit:* - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.17 64.59.150.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}: DhcpNameServer = 64.59.144.17 64.59.150.133
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell - "" = AutoRun
O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell - "" = AutoRun
O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 21:08:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2013/03/10 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Backup
[2013/03/10 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
[2013/03/10 09:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOMP Software
[2013/03/10 09:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
[2013/03/09 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\SyncFolder
[2013/03/09 23:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
[2013/03/05 10:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/03/04 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Usenet.nl
[2013/03/04 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate_files
[2013/03/04 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/26 11:07:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 11:07:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 11:07:38 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 11:07:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 11:07:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:28 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 11:07:28 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 11:07:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 11:07:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 11:07:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 11:07:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 11:07:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 11:07:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 11:07:26 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 11:07:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 11:07:26 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/26 11:07:26 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 11:00:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/26 11:00:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/26 11:00:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/02/26 11:00:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/26 11:00:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/26 11:00:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/26 11:00:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/26 11:00:28 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/26 11:00:28 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/26 11:00:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/26 11:00:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/26 11:00:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/26 11:00:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/26 11:00:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/26 11:00:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/26 11:00:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/26 11:00:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/26 11:00:27 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/26 11:00:27 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/26 10:55:58 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
[2013/02/26 10:54:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/26 10:54:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/26 10:54:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/25 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/25 16:19:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2013/02/25 16:19:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2013/02/25 10:44:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/19 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/02/19 11:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/19 11:02:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
[2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2013/02/17 23:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/02/16 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2013/02/16 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
[2013/02/16 09:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/16 09:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
[2013/02/14 23:59:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Facial_Exercise
[2013/02/14 23:54:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCrawler
[2013/02/14 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCrawler
[2013/02/14 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GoforFiles
[2013/02/13 22:30:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/13 22:30:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/13 22:30:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/13 22:30:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/13 22:30:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/13 22:30:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/13 22:30:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/13 22:30:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/13 22:30:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 22:30:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/13 22:30:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/13 22:30:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 22:30:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 22:30:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 22:30:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/12 17:55:42 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 17:55:41 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 17:55:40 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 17:55:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 17:55:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 17:55:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 17:55:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 17:55:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 17:55:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/12 17:55:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/11 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\3D
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/10 21:37:14 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 21:37:14 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 21:25:36 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/03/10 21:25:34 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/03/10 21:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 21:25:17 | 2401,996,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/10 21:07:34 | 000,000,231 | ---- | M] () -- C:\Users\Owner\Desktop\Disk health - ERROR - Tech Support Guy Forums.url
[2013/03/10 20:43:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 20:43:03 | 000,741,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 20:43:03 | 000,635,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 20:43:03 | 000,110,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 09:25:46 | 000,320,075 | ---- | M] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/10 09:02:51 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\BackUp Maker.lnk
[2013/03/10 00:56:45 | 396,695,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/09 23:32:14 | 000,000,071 | R-S- | M] () -- C:\ProgramData\3002.xml
[2013/03/08 23:40:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/08 23:17:26 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/08 14:55:32 | 000,147,456 | ---- | M] () -- C:\Users\Owner\Desktop\liberte.pdf
[2013/03/07 23:55:45 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/06 20:05:36 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2013/03/05 10:28:21 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/03/04 21:16:43 | 000,062,940 | ---- | M] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/26 20:25:13 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/26 20:25:13 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 18:17:23 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/02/26 18:17:08 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/02/16 14:34:42 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/15 22:50:13 | 000,001,340 | ---- | M] () -- C:\Users\Owner\Desktop\Watchtower Library 2012 - English.lnk
[2013/02/15 22:27:08 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/14 23:54:53 | 000,001,059 | ---- | M] () -- C:\Users\Owner\Desktop\MediaCrawler.lnk
[2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/10 21:07:33 | 000,000,231 | ---- | C] () -- C:\Users\Owner\Desktop\Disk health - ERROR - Tech Support Guy Forums.url
[2013/03/10 09:25:44 | 000,320,075 | ---- | C] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/10 09:02:51 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\BackUp Maker.lnk
[2013/03/10 00:56:45 | 396,695,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/08 23:40:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/08 14:54:53 | 000,147,456 | ---- | C] () -- C:\Users\Owner\Desktop\liberte.pdf
[2013/03/05 10:28:21 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/03/05 10:28:21 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/03/04 21:16:41 | 000,062,940 | ---- | C] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/16 14:34:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/15 22:50:13 | 000,001,340 | ---- | C] () -- C:\Users\Owner\Desktop\Watchtower Library 2012 - English.lnk
[2013/02/14 23:54:53 | 000,001,059 | ---- | C] () -- C:\Users\Owner\Desktop\MediaCrawler.lnk
[2013/02/12 04:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/12/20 00:01:21 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.sys.ini
[2012/08/23 23:10:35 | 000,000,071 | R-S- | C] () -- C:\ProgramData\3002.xml
[2012/06/06 01:32:02 | 000,011,904 | R-S- | C] () -- C:\ProgramData\3002.abs
[2012/05/18 10:29:11 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/17 17:48:18 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2012/05/17 17:48:18 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2012/05/17 17:24:51 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/05/17 17:23:58 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

========== ZeroAccess Check ==========

[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/10 09:03:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
[2012/07/03 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2013/02/17 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2013/02/16 09:28:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
[2013/02/14 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GoforFiles
[2013/02/17 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
[2012/05/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Watchtower
[2012/12/20 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinWatermark

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56E2E879
< End of report >

OTL Extras logfile created on: 3/10/2013 9:33:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.27% Memory free
5.96 Gb Paging File | 2.45 Gb Available in Paging File | 41.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 51.05 Gb Free Space | 54.86% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068F697-1F6D-477F-8165-EC4902F061B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1DE6629C-4245-436F-8E40-55CD72BEDF82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2039B9F2-B7EA-4789-A401-9D41C3D01D52}" = rport=445 | protocol=6 | dir=out | app=system | 
"{24880FB7-FAD8-4F12-B2DA-B9ABE108EDE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32481833-0A08-45F3-A2A9-4A0E2B87C423}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3BC55205-3421-4A8B-88D5-02A8D5386FDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{58BFF370-F08F-4AE8-9DEC-7CB64B93D57C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59ED4C1A-C979-4813-9581-4E830A691288}" = lport=137 | protocol=17 | dir=in | app=system | 
"{60C16DB5-E9F9-4207-BA12-030B44B0E747}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6BD3B785-7A12-4746-BD97-60C2A718BB58}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70F8D121-2C2F-4D3B-9C73-7154DBEC4AC7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{74486334-0BFE-45AD-9AEE-FC9B5836056C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{81B5CB4E-6839-45BB-969D-0889D4AC651F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{86D620DB-D1FC-40C6-834F-9E4EFA46E915}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{950A17F9-667D-44E3-9FC4-14785087E765}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9F4EE2E7-A7ED-4486-A400-CA722AF68CDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF0F0B39-291A-4969-9520-EAB6F4310AE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CB9914AB-9D09-4606-9C72-5DD0ADCED7BA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CF040E1D-B457-45A9-87A1-913D19EE8FB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CFE3A26C-0575-45E3-8FB8-1BC39C72DE20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{D0965798-B6C7-445F-8F51-1D4FFFA87859}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC00B931-B6C9-4B65-AEDB-FD26747AE9FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA56E5D6-00CB-46A2-8CA5-287FBC8A684F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FEDD7667-117F-4613-8B89-4EE1A4227D0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01463756-5E93-4441-A16D-1717614D16B9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1973A64C-C5DC-4182-9753-50B71E5E83E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D374C05-2E8F-4188-8E0F-21F81E831CD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{202F9D7B-63BC-4BDA-9363-081C4FA7D868}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{21F85D81-F50C-4FBC-82B6-B61BB788CF0A}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{28F45FE8-4E61-4333-A782-585CAFF0F8B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{35923AF9-6273-4202-82C6-1D98D5A14232}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{447033C6-60FE-42DA-8160-0AB2888EBD93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4D648C8B-C8B0-4D55-97C6-82C7AFEC7DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5124D4D7-7168-4FFE-AD56-58FB789C6970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52ADD9F3-D0C7-462A-AE43-F554AD8BBDC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56130748-C7AA-4230-A695-313F2D09EE27}" = protocol=1 | dir=out | [email protected],-28544 | 
"{5B8D4318-8714-4AE1-B808-E59781ADC090}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6040DF2F-1370-4691-BEF3-651D8DEB88CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{61A5F57E-4021-4044-A2A2-C17953746A60}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6485024A-5785-4F85-8563-F97DE8C360C9}" = protocol=1 | dir=in | [email protected],-28543 | 
"{8AAAC348-A21E-4B15-A297-57DAC6B534AC}" = protocol=6 | dir=out | app=system | 
"{91BB3225-D7F0-4404-83CE-9DE1B598C644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF1CBBF3-C273-4B9E-A377-C6938F1E8B62}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B484E5A4-D930-4430-AD4F-C684DB081B64}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1CF7B14-84A5-4188-B719-175CCCF07DB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB63DC7D-48A3-4B9E-98B1-305F1BF929E0}" = protocol=58 | dir=in | [email protected],-28545 | 
"{D4BED26E-319C-48A2-8153-5E8552E97EB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D94941CD-A3EE-4793-8B21-69B3F571972C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0769B21-00A0-487A-AEF6-85EAE60B5DC3}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{F93AC200-A434-4947-9D17-377B752DF901}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{3E0D9788-5BFF-4D16-9808-4110CABB35C1}C:\program files (x86)\mediacrawler\mediacrawler.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediacrawler\mediacrawler.exe | 
"TCP Query User{5D9CA340-5D9B-43FB-94F7-5E066B7B903C}C:\program files (x86)\winwatermark photo edition\winwatermark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winwatermark photo edition\winwatermark.exe | 
"TCP Query User{94A4012D-6942-4B67-86E1-13CFA8126CA0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{094F9BDD-6DCC-4918-B42B-2DC870F0BF49}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{1828CCFB-1D67-4B6D-8AB7-5BD81D5E762C}C:\program files (x86)\mediacrawler\mediacrawler.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediacrawler\mediacrawler.exe | 
"UDP Query User{70FB1289-F259-4738-85CE-7B2FE48772A9}C:\program files (x86)\winwatermark photo edition\winwatermark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winwatermark photo edition\winwatermark.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5E4ADF05-F045-4F82-9E98-422B2FCB944C}" = StudioTax 2011
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Power Management Driver" = Lenovo Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}" = Watchtower Library 2012 - English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{2D348C22-692B-4933-82DE-E4FEB5A7A591}_is1" = WinWatermark Photo Edition version v12.11.28
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BackUp Maker_is1" = BackUp Maker
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"Intelli-studio" = SAMSUNG Intelli-studio
"MediaCrawler" = MediaCrawler (remove only)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"outlookset" = Outlook Setup Tool
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Pixillion" = Pixillion Image Converter
"PROR" = Microsoft Office Professional 2007
"The KMPlayer" = The KMPlayer (remove only)
"Update Engine" = Sony Ericsson Update Engine

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"workspacedesktop" = Workspace Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2013 4:06:18 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33618

Error - 3/10/2013 4:06:18 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33618

Error - 3/10/2013 4:06:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2013 4:06:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 49467

Error - 3/10/2013 4:06:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 49467

Error - 3/10/2013 4:06:50 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2013 4:06:50 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 65068

Error - 3/10/2013 4:06:50 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 65068

Error - 3/10/2013 11:58:24 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bac Start
Time: 01ce1da688c5fcde Termination Time: 3500 Application Path: C:\Program Files 
(x86)\Internet Explorer\iexplore.exe Report Id:

Error - 3/11/2013 12:27:05 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/25/2013 8:53:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 8:56:45 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 2/25/2013 8:58:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 8:58:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 8:58:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 9:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 9:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 9:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/25/2013 9:02:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error 
%%-1073473535.

Error - 2/25/2013 9:02:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

< End of report >


----------



## white_tigress (Apr 6, 2011)

Forgot to add that my computer freezes regularly whether I'm using Firefox or Explorer. I made a fresh post the other day describing all my problems and what I've done. Since my computer is acting up it would be easier if you looked up that post instead of me trying to rewrite as my puter will prob freeze again soon.


----------



## emeraldnzl (Nov 3, 2007)

Hello again white_tigress,

I see Spybot Search and Destroy items there. Please uninstall it as it will likely get in the way of our tools. You can reinstall it later if you want. I also see some items related to AVG although I don't see it running. Please also uninstall any AVG items you have until we are finished.

*Now*

Please run OTL.exe


Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about_:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about_:SecurityRisk
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E B2 75 B7 8D 34 CD 01  [binary data]
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
[2013/03/07 00:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions
[2012/11/15 19:39:11 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/10/06 08:03:45 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/02/07 14:30:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2012/12/19 11:49:34 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2012/09/09 21:11:30 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2013/03/07 00:17:49 | 000,021,489 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2013/02/13 23:28:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/12 22:46:55 | 000,000,000 | ---D | M] (Workspace Email Zoom) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2012/09/13 12:20:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell - "" = AutoRun
O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell - "" = AutoRun
O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
[2013/03/09 23:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
[2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

:Files
c:\program files (x86)\mediacrawler
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
*After that*

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*










Put a checkmark beside *loaded modules*.










A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on *Change parameters* in TDSSKiller.
Check all boxes then click OK.










Click the *Start Scan* button.










The scan should take no longer than 2 minutes.
If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.










 If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*










*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.
*When you return please post
OTL fix txt
log.txt from TDSSKiller
*


----------



## white_tigress (Apr 6, 2011)

I tried to find any AVG and Spybot items left but I couldn't. I deleted them and can't find them now. When I tried to run the OTL as told, it kept freezing and not responding. Should I try doing the rest of the tasks and leave OTL for now? My computer is fixable, right?


----------



## emeraldnzl (Nov 3, 2007)

> When I tried to run the OTL as told, it kept freezing and not responding.


Try running it in Safe Mode. If that doesn't work, move on to the next actions.

*How to boot into Safe Mode:*

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


----------



## white_tigress (Apr 6, 2011)

Ok, computer wouldn't allow anything to happen in safe mode. OTL wouldn't work and it took forever but I got your report from TDSSKILLER.

16:17:09.0536 1268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:17:10.0799 1268 ============================================================
16:17:10.0799 1268 Current date / time: 2013/03/11 16:17:10.0799
16:17:10.0799 1268 SystemInfo:
16:17:10.0799 1268 
16:17:10.0799 1268 OS Version: 6.1.7601 ServicePack: 1.0
16:17:10.0799 1268 Product type: Workstation
16:17:10.0799 1268 ComputerName: OWNER-PC
16:17:10.0799 1268 UserName: Owner
16:17:10.0799 1268 Windows directory: C:\Windows
16:17:10.0799 1268 System windows directory: C:\Windows
16:17:10.0799 1268 Running under WOW64
16:17:10.0799 1268 Processor architecture: Intel x64
16:17:10.0799 1268 Number of processors: 2
16:17:10.0799 1268 Page size: 0x1000
16:17:10.0799 1268 Boot type: Normal boot
16:17:10.0799 1268 ============================================================
16:17:19.0332 1268 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:17:19.0379 1268 ============================================================
16:17:19.0379 1268 \Device\Harddisk0\DR0:
16:17:19.0379 1268 MBR partitions:
16:17:19.0379 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:17:19.0379 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBA1F000
16:17:19.0379 1268 ============================================================
16:17:19.0442 1268 C: <-> \Device\Harddisk0\DR0\Partition2
16:17:19.0520 1268 ============================================================
16:17:19.0520 1268 Initialize success
16:17:19.0520 1268 ============================================================
16:17:55.0119 3936 Deinitialize success


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Please download ComboFix from one of this location:

*Link*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*

*Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.*


Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal.

ComboFix may reboot your machine. This is normal too. 

***Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall***

When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## white_tigress (Apr 6, 2011)

I'm getting a message about security and shut down now too. I didn't write it down and don't remember what it said, sorry. Computer is still in really bad shape but I have faith in you!

ComboFix 13-03-12.02 - Owner 03/12/2013 18:23:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.358 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\3002.abs
c:\programdata\3002.xml
c:\users\Owner\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))
.
.
2013-03-13 01:33 . 2013-03-13 01:33 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-13 01:33 . 2013-03-13 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-13 00:32 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 00:32 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
2013-03-13 00:15 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDD4B7FD-EFBF-4CED-934D-52BBC56AD64A}\mpengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:18 . 2013-03-12 00:19 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:45 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5135F7-C770-4DB7-913E-C50B2130A305}\gapaengine.dll
2013-03-11 23:39 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 23:07 . 2013-03-11 23:07 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-03-11 22:16 . 2013-03-11 22:16 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-10 06:46 . 2013-03-10 16:29 -------- d-----w- c:\program files (x86)\JustCloud
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16 . 2013-02-19 01:51 -------- d-----w- c:\programdata\PC Utility Kit
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 16:28 . 2013-02-16 16:28 -------- d-----w- c:\users\Owner\AppData\Roaming\EQATEC Analytics
2013-02-16 16:27 . 2013-02-16 21:36 -------- d-----w- c:\program files (x86)\DAP
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-15 06:54 . 2013-02-15 06:54 -------- d-----w- c:\program files (x86)\MediaCrawler
2013-02-14 07:07 . 2013-02-14 07:08 -------- d-----w- c:\users\Owner\AppData\Roaming\GoforFiles
2013-02-13 00:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 00:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 00:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 00:55 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 00:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 00:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 00:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 00:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 00:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 00:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 00:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 00:08 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-12 00:24 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-27 01:17 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-02-27 01:17 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-02-14 05:37 . 2012-05-18 10:03 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-12 11:30 . 2013-01-16 22:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-05 155824]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-35808286.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-12 18:37:35
ComboFix-quarantined-files.txt 2013-03-13 01:37
.
Pre-Run: 53,010,624,512 bytes free
Post-Run: 52,776,267,776 bytes free
.
- - End Of File - - 4B98AB6166D09C43830859349D510E71


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Do you use the File Backup Service of Starfield Technologies or Just Cloud? Tell me when you return.

*For now*

Please run OTL.exe


Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}

[2013/03/07 00:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions
[2013/03/07 00:17:49 | 000,021,489 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
[2013/02/13 23:28:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/13 12:20:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell - "" = AutoRun
O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell - "" = AutoRun
O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
[2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

:Files
c:\program files (x86)\mediacrawler
ipconfig /flushdns /c

:Commands
[emptytemp]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.


----------



## white_tigress (Apr 6, 2011)

OTL keeps not responding. I started Task Manager and closed all unnecessary programs that were running. Weird, but that TDSKiller (I know I got it wrong) was still running. Anyways, OTL still won't respond. I don't know who makes my backup program but it's called Backup Maker. Google isn't loading either. Is my computer getting worse? I have Logmein, do you fix computers that way? Please don't give up on me. I have no way of getting another laptop and I need this one badly for work, which is obviously not getting done now.


----------



## emeraldnzl (Nov 3, 2007)

> TDSKiller (I know I got it wrong) was still running


Please reboot you computer to stop that. You may need to pull the power plug and restart. That likely would have got in the way of the OTL fix but we will revisit that later.



> I don't know who makes my backup program but it's called Backup Maker.


I do see Backup Maker there and I also see File Backup Service of Starfield Technologies and Just Cloud. These programs have caused problems on some computers. Starfield technologies should be okay but I have seen some complaints about it too.

What would be good would be to see if removing Backup Maker (it may not be related to Starfield Technologies and Just Cloud... we will see) helps fix your machines problems.

Firstly, see if you can uninstall Backup Maker, you can always reinstall it later if you want to.

Also there is a program called mediacrawler showing on your machine. In some quarters that is seen as foistware. I have included it below for removal, if you don't want it removed tell me, otherwise go ahead with the instruction.

*Now*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
KillAll::

Folder::
c:\program files (x86)\mediacrawler
C:\Program Files (x86)\JustCloud

Reboot::
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at *C:\ComboFix.txt*. Please post that here for further review.


----------



## white_tigress (Apr 6, 2011)

My computer was completely non-functioning earlier so I switched back to Firefox and then everything seemed to be working again although I'm sure it still has problems. I removed the Backup program myself but wanted to keep the MediaCrawler as I used that to download a video I couldn't find anywhere else.

Thanks for not giving up on me. I'll keep faithfully following your directions.

ComboFix 13-03-13.02 - Owner 03/13/2013 18:10:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.486 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\JustCloud
c:\program files (x86)\JustCloud\DEL_AWSSDK.dll
c:\program files (x86)\JustCloud\DEL_LogicNP.EZShellExtensions.dll
c:\program files (x86)\JustCloud\DEL_MPCBIconOverlays.dll
c:\program files (x86)\JustCloud\DEL_UnRegisterExtensions.exe
c:\program files (x86)\JustCloud\x86\System.Data.SQLite.dll
c:\programdata\3002.abs
c:\programdata\3002.xml
.
.
((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-14 01:28 . 2013-03-14 01:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-14 01:28 . 2013-03-14 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-14 00:42 . 2013-03-14 00:42 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-14 00:35 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9E2990F-A74C-4C29-998A-936395F036BF}\mpengine.dll
2013-03-13 01:50 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:18 . 2013-03-12 00:19 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 23:07 . 2013-03-11 23:07 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-03-11 22:16 . 2013-03-11 22:16 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16 . 2013-02-19 01:51 -------- d-----w- c:\programdata\PC Utility Kit
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 16:28 . 2013-02-16 16:28 -------- d-----w- c:\users\Owner\AppData\Roaming\EQATEC Analytics
2013-02-16 16:27 . 2013-02-16 21:36 -------- d-----w- c:\program files (x86)\DAP
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-15 06:54 . 2013-02-15 06:54 -------- d-----w- c:\program files (x86)\MediaCrawler
2013-02-14 07:07 . 2013-02-14 07:08 -------- d-----w- c:\users\Owner\AppData\Roaming\GoforFiles
2013-02-13 00:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 00:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 00:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 00:55 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 00:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 00:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 00:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 00:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 00:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 00:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 00:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 01:31 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-14 01:31 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-27 01:17 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-02-27 01:17 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-12 11:30 . 2013-01-16 22:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-05 155824]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Completion time: 2013-03-13 18:37:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-14 01:37
ComboFix2.txt 2013-03-13 01:37
.
Pre-Run: 52,701,491,200 bytes free
Post-Run: 52,172,955,648 bytes free
.
- - End Of File - - FAD9434F1C80250E06A1BD52FB4F96CD


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,


Close all windows and open *OTL* again. 
Click *Run Scan* and let the program run uninterrupted
It will produce a log for you. Post the log here.
*Note*: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

*After that*

Please run DDS again and post the log.

*So when you return please post
OTL scan .txt
DDS report
*


----------



## white_tigress (Apr 6, 2011)

OTL logfile created on: 3/13/2013 9:58:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.41% Memory free
5.96 Gb Paging File | 4.67 Gb Available in Paging File | 78.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 47.34 Gb Free Space | 50.87% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:*64bit:* - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:*64bit:* - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:*64bit:* - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:*64bit:* - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:*64bit:* - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:*64bit:* - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo)
DRV:*64bit:* - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/13 17:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/13 17:59:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/12 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/03/13 17:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/13 17:59:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/15 17:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/15 17:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/13 18:31:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:*64bit:* - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:*64bit:* - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.17 64.59.150.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}: DhcpNameServer = 64.59.144.17 64.59.150.133
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/13 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Telus Mobility
[2013/03/13 18:38:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/13 18:31:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/13 18:07:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/03/13 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/13 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/12 18:20:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/12 18:20:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/12 18:20:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/12 18:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/12 18:17:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/12 18:16:34 | 005,038,936 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/03/12 18:14:16 | 005,037,887 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe.d2sii3j.partial
[2013/03/11 17:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/03/11 17:10:53 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/11 17:10:49 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/11 17:10:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/11 17:10:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/11 17:10:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/11 17:10:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/11 17:10:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/11 17:10:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/11 17:10:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/11 17:10:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:10:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/11 17:10:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/11 17:10:35 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/11 17:10:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/11 17:10:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/11 17:10:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/11 17:10:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/11 17:10:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/11 17:10:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/11 17:10:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/11 17:10:31 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/11 17:10:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/11 17:10:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/11 17:10:24 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/11 17:10:24 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/11 17:10:24 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/11 17:10:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/11 17:10:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/11 17:10:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/11 17:10:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/11 17:10:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/11 17:10:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/11 17:10:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/11 17:10:13 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/11 17:10:12 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/11 17:10:12 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/11 17:10:11 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/11 17:10:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/11 17:10:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/11 17:10:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/11 17:10:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/11 17:10:09 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/11 17:10:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/11 17:10:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/11 17:10:08 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/11 17:10:07 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/11 17:10:07 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/11 17:10:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/11 17:10:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/11 17:10:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/11 17:10:05 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/11 17:10:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/11 17:10:04 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/11 17:09:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/11 17:09:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/11 17:09:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/11 17:09:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/11 17:09:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/11 17:09:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/11 17:09:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/11 17:09:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/11 17:09:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/11 17:09:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/11 17:09:55 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/11 17:09:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/11 17:09:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/11 17:09:54 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/11 17:09:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/11 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/11 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/11 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2013/03/11 15:16:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
[2013/03/10 09:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
[2013/03/09 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\SyncFolder
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
[2013/03/05 10:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/03/04 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Usenet.nl
[2013/03/04 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate_files
[2013/02/26 11:07:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 11:07:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 11:07:38 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 11:07:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 11:07:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:28 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 11:07:28 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 11:07:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 11:07:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 11:07:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 11:07:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 11:07:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 11:07:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 11:07:26 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 11:07:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 11:07:26 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/26 11:07:26 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 11:00:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/26 11:00:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/26 11:00:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/02/26 11:00:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/26 11:00:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/26 11:00:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/26 11:00:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/26 11:00:28 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/26 11:00:28 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/26 11:00:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/26 11:00:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/26 11:00:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/26 11:00:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/26 11:00:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/26 11:00:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/26 11:00:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/26 11:00:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/26 11:00:27 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/26 11:00:27 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/26 10:55:58 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
[2013/02/26 10:54:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/26 10:54:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/26 10:54:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/25 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/25 16:19:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2013/02/25 16:19:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2013/02/19 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/02/19 11:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/19 11:02:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
[2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2013/02/17 23:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/02/16 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2013/02/16 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
[2013/02/16 09:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/16 09:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
[2013/02/14 23:59:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Facial_Exercise
[2013/02/14 23:54:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCrawler
[2013/02/14 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCrawler
[2013/02/14 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GoforFiles
[2013/02/12 17:55:42 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 17:55:41 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 17:55:40 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 17:55:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 17:55:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 17:55:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 17:55:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 17:55:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 17:55:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/12 17:55:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/13 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/13 18:39:11 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 18:39:11 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 18:31:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/13 18:31:28 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/03/13 18:31:26 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/03/13 18:31:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/13 18:30:59 | 2401,996,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/13 18:06:09 | 005,038,936 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/03/13 17:42:52 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/12 18:15:37 | 005,037,887 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe.d2sii3j.partial
[2013/03/12 17:26:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 17:26:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/11 17:10:54 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/11 17:10:50 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/11 17:10:49 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/11 17:10:49 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/11 17:10:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/11 17:10:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/11 17:10:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/11 17:10:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/11 17:10:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/11 17:10:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:10:41 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/11 17:10:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/11 17:10:35 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/11 17:10:35 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/11 17:10:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/11 17:10:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/11 17:10:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/11 17:10:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/11 17:10:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/11 17:10:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/11 17:10:31 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/11 17:10:26 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/11 17:10:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/11 17:10:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/11 17:10:24 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/11 17:10:24 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/11 17:10:23 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/11 17:10:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/11 17:10:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/11 17:10:21 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/11 17:10:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/11 17:10:20 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/11 17:10:15 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/11 17:10:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/11 17:10:13 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/11 17:10:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/11 17:10:12 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/11 17:10:12 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/11 17:10:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/11 17:10:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/11 17:10:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/11 17:10:10 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/11 17:10:10 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/11 17:10:09 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/11 17:10:09 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/11 17:10:09 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/11 17:10:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/11 17:10:08 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/11 17:10:07 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/11 17:10:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/11 17:10:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/11 17:10:05 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/11 17:10:05 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/11 17:10:05 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/11 17:10:04 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/11 17:09:59 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/11 17:09:58 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/11 17:09:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/11 17:09:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/11 17:09:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/11 17:09:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/11 17:09:57 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/11 17:09:57 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/11 17:09:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/11 17:09:56 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/11 17:09:56 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/11 17:09:55 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/11 17:09:55 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/11 17:09:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/11 17:09:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/11 16:45:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/10 20:43:03 | 000,741,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 20:43:03 | 000,635,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 20:43:03 | 000,110,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 09:25:46 | 000,320,075 | ---- | M] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/10 00:56:45 | 396,695,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/08 23:40:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/08 23:17:26 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/08 14:55:32 | 000,147,456 | ---- | M] () -- C:\Users\Owner\Desktop\liberte.pdf
[2013/03/07 23:55:45 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/06 20:05:36 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2013/03/05 10:28:21 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/03/04 21:16:43 | 000,062,940 | ---- | M] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/26 18:17:23 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/02/26 18:17:08 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/02/17 01:40:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/02/16 14:34:42 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/15 22:50:13 | 000,001,340 | ---- | M] () -- C:\Users\Owner\Desktop\Watchtower Library 2012 - English.lnk
[2013/02/15 22:27:08 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/14 23:54:53 | 000,001,059 | ---- | M] () -- C:\Users\Owner\Desktop\MediaCrawler.lnk
[2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/13 17:42:52 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/13 17:42:51 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/12 18:20:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/12 18:20:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/12 18:20:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/12 18:20:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/12 18:20:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/11 17:10:20 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/11 17:10:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/11 16:45:49 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/11 16:38:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/10 09:25:44 | 000,320,075 | ---- | C] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/10 00:56:45 | 396,695,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/08 23:40:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/08 14:54:53 | 000,147,456 | ---- | C] () -- C:\Users\Owner\Desktop\liberte.pdf
[2013/03/05 10:28:21 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/03/05 10:28:21 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/03/04 21:16:41 | 000,062,940 | ---- | C] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/16 14:34:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/15 22:50:13 | 000,001,340 | ---- | C] () -- C:\Users\Owner\Desktop\Watchtower Library 2012 - English.lnk
[2013/02/14 23:54:53 | 000,001,059 | ---- | C] () -- C:\Users\Owner\Desktop\MediaCrawler.lnk
[2013/02/12 04:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/12/20 00:01:21 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.sys.ini
[2012/05/18 10:29:11 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/17 17:48:18 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2012/05/17 17:48:18 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2012/05/17 17:24:51 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/05/17 17:23:58 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 
Run by Owner at 22:05:31.90 on Wed 03/13/2013
Internet Explorer: 9.10.9200.16521 BrowserJavaVersion: 10.5.1
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.1622 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Documents\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - 
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [nwiz] nwiz.exe /install
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-10-5 1181408]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-5-18 72216]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2006-12-21 300032]
R3 LenovoRd;LenovoRd;C:\Windows\System32\drivers\LenovoRd.sys [2009-5-11 118016]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-18 253656]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-9-14 14448]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-3-13 115608]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-8-11 155824]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
.
=============== Created Last 30 ================
.
2013-03-14 01:31:43 -------- d-----w- C:\$RECYCLE.BIN
2013-03-14 01:07:19 -------- d-----w- C:\ComboFix
2013-03-14 00:42:47 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-14 00:35:17 9162192 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F9E2990F-A74C-4C29-998A-936395F036BF}\mpengine.dll
2013-03-13 01:50:28 9162192 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 01:20:10 98816 ----a-w- C:\Windows\sed.exe
2013-03-13 01:20:10 518144 ----a-w- C:\Windows\SWREG.exe
2013-03-13 01:20:10 256000 ----a-w- C:\Windows\PEV.exe
2013-03-13 01:20:10 208896 ----a-w- C:\Windows\MBR.exe
2013-03-13 00:32:31 972264 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 00:32:22 972264 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
2013-03-12 00:18:46 -------- d--h--w- C:\Windows\msdownld.tmp
2013-03-12 00:09:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-11 23:37:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-03-11 23:37:38 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-03-11 23:07:53 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-03-11 22:16:06 -------- d-----w- C:\_OTL
2013-03-10 16:03:02 -------- d-----w- C:\Users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02:50 -------- d-----w- C:\Program Files (x86)\ASCOMP Software
2013-03-10 06:47:54 -------- d-----w- C:\Users\Owner\SyncFolder
2013-03-08 21:22:50 9162192 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05:25 -------- d-----w- C:\Users\Owner\AppData\Local\MFAData
2013-03-08 07:05:25 -------- d-----w- C:\Users\Owner\AppData\Local\Avg2013
2013-03-08 07:05:25 -------- d-----w- C:\PROGRA~3\MFAData
2013-03-08 07:05:25 -------- d-----w- C:\PROGRA~3\Common Files
2013-02-26 18:00:34 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55:58 385024 ----a-w- C:\Windows\System32\CNMLMAU.DLL
2013-02-26 17:54:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-02-26 17:54:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-02-26 17:54:21 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-02-26 17:54:21 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-02-26 17:54:21 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-02-26 17:54:21 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-26 17:54:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-02-26 17:54:21 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-02-26 17:54:21 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-02-25 23:19:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2013-02-25 23:19:19 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19:19 20952 ----a-w- C:\Windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03:16 -------- d-----w- C:\PROGRA~3\Malwarebytes
2013-02-19 18:02:51 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2013-02-18 06:16:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16:18 -------- d-----w- C:\PROGRA~3\PC Utility Kit
2013-02-16 21:34:40 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2013-02-16 16:28:02 -------- d-----w- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
2013-02-16 16:27:03 -------- d-----w- C:\Program Files (x86)\DAP
2013-02-16 06:23:24 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22:58 2876528 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22:47 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22:39 539984 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-15 06:54:50 -------- d-----w- C:\Program Files (x86)\MediaCrawler
2013-02-14 07:07:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\GoforFiles
2013-02-13 00:55:42 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 00:55:41 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:55:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 00:55:27 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 00:55:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 00:55:24 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 00:55:23 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 00:55:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 00:55:23 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 00:55:21 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 00:55:17 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 00:55:17 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-12 11:06:52 91264 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
.
==================== Find3M ====================
.
2013-03-14 01:31:28 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2013-03-14 01:31:26 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2013-03-13 00:26:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26:31 73432  ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 00:09:59 173568 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-03-12 00:09:58 51200 ----a-w- C:\Windows\System32\imgutil.dll
2013-03-12 00:09:58 13824 ----a-w- C:\Windows\System32\mshta.exe
2013-03-12 00:09:57 135680 ----a-w- C:\Windows\System32\IEAdvpack.dll
2013-03-12 00:09:56 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-03-12 00:09:56 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-03-12 00:09:55 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2013-03-12 00:09:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-03-12 00:09:49 77312 ----a-w- C:\Windows\System32\tdc.ocx
2013-03-07 03:05:36 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2013-02-27 01:17:23 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2013-02-27 01:17:08 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 22:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 22:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-12 11:30:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 22:05:53.96 ===============


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Please download *Security Check* by screen317 from *here* .


 Save it to your Desktop.
 Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
 A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## white_tigress (Apr 6, 2011)

Results of screen317's Security Check version 0.99.61 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
(On Access scanning *disabled*!) 
Error obtaining update status for antivirus! 
*`````````Anti-malware/Other Utilities Check:`````````* 
JavaFX 2.1.1 
Java 7 Update 11 
*Java version out of Date!* 
Adobe Flash Player 11.6.602.180 
Adobe Reader 10.1.5 *Adobe Reader out of Date!* 
Mozilla Firefox (19.0.2) 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Please download Farbar Service Scanner and run.



Make sure the following options are checked:


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Other Services


Press *Scan*
A log (FSS.txt) will be created in the same directory the tool is run.
Copy and paste the log back here.


----------



## white_tigress (Apr 6, 2011)

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 15-03-2013 at 17:53:46
Running from "C:\Users\Owner\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

All looking good there.

*Moving on*

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

*Kaspersky works with Internet Explorer and Firefox .*

Go to *Kaspersky website* and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.


Click on Kaspersky Security Scan *Download* button.
Click *Run*
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. 
Once complete a window will open Click *Next*.
Read through the requirements and privacy statement and check *Accept*.
Click *Install* and *Yes* to allow installation
When installation is complete click *Finish*
After a short wait a window will appear click below the statement "Start FREE Scan" Now on the button for a *Full Scan*
When the scan is complete a list of problems found will appear click the button *Details* beside the heading "Problems found"
Copy and paste the contents to notepad and save for reference. Then copy and paste back here.
Click the radio button near the top *FIX NOW*
Exit


----------



## white_tigress (Apr 6, 2011)

Detailed report
Problems found
Scanning date:

Database update date:


Product version: 03/15/2013 08:09 PM

03/15/2013 01:33 PM


12.0.1.117 (a.b)

Computer protection (1)

Information about anti-virus software and firewalls installed on the computer.
Kaspersky recommends
Anti-virus is disabled.

Malware (1)

Information about malware detected on the computer.
Kaspersky recommends

HEUR:Trojan-Downloader.Win32.Generic
UPX 
C:\Documents and Settings\Owner\Downloads\concenturio.exe//data0012/

Vulnerabilities (1)

Information about applications and operating system components in which vulnerabilities have been detected.

C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

Other issues (10)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Microsoft Internet Explorer: clear history of typed URLs"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Microsoft Internet Explorer: start page reset"


----------



## emeraldnzl (Nov 3, 2007)

How is your machine now?


----------



## white_tigress (Apr 6, 2011)

It seems to be working fine. Is it fixed? If so, please tell me what the problem was and how to avoid it in the future. 

Also, my antivirus program just expired. I'm completely broke so what would you recommend for the best free one to download? 

And, lastly, I don't know how to open a video I downloaded and which program(s) will do it for me. There is a BIN, CUE, Video Image and MDS file in a Media file folder, all of which won't open for me. Please help, I've searched the net and can't find any help.


----------



## emeraldnzl (Nov 3, 2007)

> Also, my antivirus program just expired.


Well Microsoft Security Essentials is showing on your computer with Windows Firewall. You should be able to see a green or blue castle icon for it somewhere. A little green one down on the right hand side of your screen in "Show hidden icons" and a blue one somewhere on your desktop. If you add another anti-virus you will get conflict. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Could have been part of your problem in the first place.

By the way Microsoft Security Essentials is free to the personal user. If for some reason you can't find it, try reinstalling it. To do that download *Microsoft Security Essentials*, unistall the existing Microsoft Security Essentials from your computer and install the new one. You must uninstall the old one first.



> If so, please tell me what the problem was and how to avoid it in the future.


Well we did remove some malware but I think you had conflict going on there as well. As I mentioned earlier that Back Up program you had does cause problems on some machines and also running more than one anti-virus will cause conflict too.



> I don't know how to open a video I downloaded


I use Windows Meda Player. If you don't already have it on your computer (it may be there but not set to your default player - go to* All Programs* and look for *Windows Media Player*) you can download it from here. Otherwise, open a topic in the technical section for Win 7 here and I am sure someone can help you.



> It seems to be working fine. Is it fixed?


Your logs look clean to me.

We have a couple of last steps to perform and then you're all set.

*Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.*


Go to Start > Programs > Accessories and click on Run
 Copy and paste the the bolded text below in the box then hit OK

*Combofix /Uninstall*









*Step 2*

Double-click *OTL.exe* to run it. (Vista users, please right click on *OTL.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose *Yes.*

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

*A reminder:* Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

*Here are some things that I think are worth having a look at if you don't already know about them:*

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.


Download Java for Windows

Reboot your computer. 
You also need to unininstall older versions of Java.

 Click *Start* > *Control Panel* > *Add or Remove Programs*
 Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click *Start > Control Panel > System and Security > Windows Update*
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click *OK*.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

*Quiz - getsafeonline*

Have a safe and happy computing day!


----------



## white_tigress (Apr 6, 2011)

My computer couldn't find Combofix /Uninstall and I looked under programs and in Control Panel but couldn't find it either. 

As soon as OTL rebooted my laptop, it was really slow again and the laptop fan was working overtime. Then I got kicked out of my windows and the Google sign up page came on for about 4 minutes but was frozen. I hit Ctrl+Alt+Delete and the Task Manager came on, after a 1 minute lag, at the same time as my windows all popped back up. Does this mean there's still something wrong?

I didn't know to uninstall previous versions of Java so I did that. I thought Java would take care of that for me so, good to know.


----------



## emeraldnzl (Nov 3, 2007)

> My computer couldn't find Combofix /Uninstall and I looked under programs and in Control Panel but couldn't find it either.


Try this: *Start > run* and type *cmd > ok*. Type cd Desktop at the command prompt >* Enter*. The prompt will show you are on at your Desktop folder. 
Type *combofix /Uninstall *and then press Enter key. Remember the space between the x and the / is needed.



> Does this mean there's still something wrong?


Hmm... could be any number of reasons. It's possible, if the ComboFix uninstall didn't go through it won't have reset System Restore which may have some left over infection in it which could have come back but let's see whether you can run the ComboFix uninstall outlined above before we move on. See how your computer is after that.


----------



## white_tigress (Apr 6, 2011)

When I followed your instructions I got: "'combofix' is not recognized as an internal or external command, operable program or batch file."

Then the computer froze again, "Mozilla Firefox not responding" and then I got: "A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete." Every time I would click on "continue waiting" (or something like that), it would pop back up. This happened several times until I just clicked on the X and closed it.

Script: resource://gre/modules/XPCOMUtils.jsm:329


----------



## emeraldnzl (Nov 3, 2007)

> When I followed your instructions I got: "'combofix' is not recognized as an internal or external command, operable program or batch file."


Did you have ComboFix saved to your desktop as instructed? If not, we may have to uninstall it manually.

Try restarting your computer and checking where you saved ComboFix at and see if it is still there.



> Then the computer froze again, "Mozilla Firefox not responding" and then I got: "A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete." Every time I would click on "continue waiting" (or something like that), it would pop back up. This happened several times until I just clicked on the X and closed it.


That relates to an issue with Firefox. Try restarting Firefox and see if it resolves. If not, try downloading and installing the latest version. Go to Firefox > Help > Help and you can download from there.


----------



## white_tigress (Apr 6, 2011)

Ok, how do I check where I stored ComboFix once I restart?


----------



## emeraldnzl (Nov 3, 2007)

Go to Start > Search programs and files and type in Combofix. 

It should show you a list of references to ComboFix . To find where it is located your best bet may be to right click on it and click properties. It should show a file path to where it is. 

I have to step out now so it might be a while before I can check in here. Might be tomorrow, my time, before I get back but I will check in then.


----------



## white_tigress (Apr 6, 2011)

No combofix was found


----------



## emeraldnzl (Nov 3, 2007)

> No combofix was found


I guess we can assume it is gone then.

Turning to your machine, is it still causing problems?

Has the Firefox problem fixed itself?

Also, you could also check for overheating possibilities.

Go to the link below for some information about symptoms of overheating.

http://www.ehow.com/list_6389404_processor-overheating-symptoms.html

Go to the link below for some actions you can take to reduce overheating

http://www.ehow.com/how_2063011_fix-overheating-computers.html


----------



## white_tigress (Apr 6, 2011)

I still need your help badly. My computer has frozen many times today. 

I ended up doing a System Restore back to before I updated Java.Then I made sure that I removed the previous Java versions. I then downloaded the 64 bit version of Firefox and deleted the previous version. I'm so sorry, but I'm getting stupid and desperate. I also did a defrag with Defraggler and ran CCleaner. Defraggler says my disk health is still "ERROR".

Then I did some...um...drunk computing and for some unknown reason I downloaded McAfee Security Plus and some weird browser. I have removed both of those but everything was still screwed up so I did another System Restore. I think I've screwed this poor thing up again! Aaargh! 


I've just had some exciting financial opportunities demonstrated to me but I need a functioning laptop for this. Please help!


I am your beck and call girl...lol,

Just help, please!


----------



## emeraldnzl (Nov 3, 2007)

> Then I did some...um...drunk computing and for some unknown reason I downloaded McAfee Security Plus and some weird browser. I have removed both of those but everything was still screwed up so I did another System Restore. I think I've screwed this poor thing up again! Aaargh!


One can only help so far. If you insist on reinfecting your computer there is not much I can do.



> I've just had some exciting financial opportunities demonstrated to me but I need a functioning laptop for this. Please help!


I hope it's not one of the scams going around that come via the internet.



> Defraggler says my disk health is still "ERROR".


What error does it report?

*And*

Let's have another look at an OTL scan.


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.


----------



## white_tigress (Apr 6, 2011)

OTL logfile created on: 3/18/2013 11:13:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 0.24 Gb Available Physical Memory | 8.21% Memory free
5.96 Gb Paging File | 2.16 Gb Available in Paging File | 36.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 50.58 Gb Free Space | 54.35% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()
PRC - C:\Users\Owner\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)

========== Modules (No Company Name) ==========

MOD - C:\Users\Owner\AppData\Local\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:*64bit:* - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:*64bit:* - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:*64bit:* - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:*64bit:* - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:*64bit:* - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:*64bit:* - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo)
DRV:*64bit:* - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...M=2&UP=SPB5F0D64D-3B70-45E6-8E4A-4D595B1FE845
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3287802.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN25928115871154326"
FF - prefs.js..browser.search.selectedEngine: "VisualBee V.3 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: speedtestanalysis%40SpeedAnalysis.com:1.0.0.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN25928115871154326&UM=UM_ID&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Users\Owner\AppData\Local\Mozilla Firefox\components [2013/03/18 05:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Users\Owner\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Users\Owner\AppData\Local\Mozilla Firefox\components [2013/03/18 05:35:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Users\Owner\AppData\Local\Mozilla Firefox\plugins

[2012/11/12 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/03/11 15:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/03/17 23:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\Extensions
[2013/03/17 12:50:58 | 000,000,000 | ---D | M] (Speed Test Analysis) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\Extensions\[email protected]
[2013/03/17 13:10:47 | 000,000,985 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\searchplugins\conduit.xml

O1 HOSTS File: ([2013/03/13 18:31:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Speed Test Analysis) - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:*64bit:* - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:*64bit:* - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.17 64.59.150.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}: DhcpNameServer = 64.59.144.17 64.59.150.133
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\tmbp - No CLSID value found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 23:08:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL(1).exe
[2013/03/18 08:15:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ReferenceUSA - Search Results_files
[2013/03/17 23:44:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\.config
[2013/03/17 23:42:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Performersoft
[2013/03/17 23:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/03/17 23:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/03/17 23:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/03/17 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/17 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/03/17 23:15:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla Firefox
[2013/03/17 12:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/03/17 12:53:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conduit
[2013/03/17 12:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/03/17 12:51:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SearchProtect
[2013/03/17 12:51:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VisualBeeClient
[2013/03/17 12:51:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VisualBeeExe
[2013/03/17 12:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013/03/17 12:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013/03/17 12:50:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedTestAnalysis
[2013/03/17 12:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speed Test Analysis
[2013/03/17 12:41:24 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/17 12:41:11 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/17 12:41:11 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/17 12:41:11 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/17 12:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/16 21:40:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TELUS mobility _ Contact Us_files
[2013/03/15 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013/03/15 19:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/03/15 19:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/03/13 18:38:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/13 18:31:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/13 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/13 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/12 18:20:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/12 18:20:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/12 18:20:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/12 18:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/12 18:17:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/11 17:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/03/11 17:10:53 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/11 17:10:49 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/11 17:10:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/11 17:10:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/11 17:10:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/11 17:10:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/11 17:10:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/11 17:10:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/11 17:10:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/11 17:10:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:10:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/11 17:10:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/11 17:10:35 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/11 17:10:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/11 17:10:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/11 17:10:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/11 17:10:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/11 17:10:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/11 17:10:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/11 17:10:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/11 17:10:31 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/11 17:10:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/11 17:10:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/11 17:10:24 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/11 17:10:24 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/11 17:10:24 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/11 17:10:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/11 17:10:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/11 17:10:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/11 17:10:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/11 17:10:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/11 17:10:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/11 17:10:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/11 17:10:13 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/11 17:10:12 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/11 17:10:12 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/11 17:10:11 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/11 17:10:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/11 17:10:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/11 17:10:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/11 17:10:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/11 17:10:09 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/11 17:10:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/11 17:10:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/11 17:10:08 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/11 17:10:07 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/11 17:10:07 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/11 17:10:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/11 17:10:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/11 17:10:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/11 17:10:05 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/11 17:10:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/11 17:10:04 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/11 17:09:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/11 17:09:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/11 17:09:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/11 17:09:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/11 17:09:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/11 17:09:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/11 17:09:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/11 17:09:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/11 17:09:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/11 17:09:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/11 17:09:55 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/11 17:09:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/11 17:09:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/11 17:09:54 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/11 17:09:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/11 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/11 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/11 15:16:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
[2013/03/10 09:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
[2013/03/09 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\SyncFolder
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
[2013/03/05 10:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/03/04 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Usenet.nl
[2013/03/04 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate_files
[2013/02/26 11:07:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 11:07:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 11:07:38 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 11:07:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 11:07:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:28 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 11:07:28 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 11:07:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 11:07:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 11:07:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 11:07:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 11:07:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 11:07:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 11:07:26 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 11:07:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 11:07:26 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/26 11:07:26 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 11:00:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/26 11:00:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/26 11:00:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/02/26 11:00:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/26 11:00:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/26 11:00:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/26 11:00:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/26 11:00:28 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/26 11:00:28 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/26 11:00:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/26 11:00:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/26 11:00:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/26 11:00:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/26 11:00:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/26 11:00:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/26 11:00:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/26 11:00:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/26 11:00:27 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/26 11:00:27 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/26 10:55:58 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
[2013/02/26 10:54:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/26 10:54:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/26 10:54:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/25 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/25 16:19:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2013/02/25 16:19:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2013/02/19 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/02/19 11:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/19 11:02:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
[2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2013/02/17 23:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 23:09:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL(1).exe
[2013/03/18 22:59:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/18 22:55:09 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/03/18 22:54:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/18 08:16:16 | 000,047,923 | ---- | M] () -- C:\Users\Owner\Desktop\ReferenceUSA - Search Results.htm
[2013/03/18 07:38:29 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 07:38:29 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 07:26:50 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/03/18 07:25:48 | 2401,996,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 05:37:33 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/03/18 05:36:34 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/03/17 23:43:33 | 000,000,149 | RHS- | M] () -- C:\ProgramData\3002.xml
[2013/03/17 23:43:02 | 000,002,158 | ---- | M] () -- C:\Users\Owner\Desktop\YouTube.lnk
[2013/03/17 23:30:00 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/17 23:30:00 | 000,002,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/17 23:29:40 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/17 14:46:00 | 000,001,137 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/03/17 13:11:32 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/17 12:41:06 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/17 12:41:03 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/17 12:41:03 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/17 12:41:03 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/17 12:41:02 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/17 12:41:02 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/03/16 19:22:32 | 000,011,904 | RHS- | M] () -- C:\ProgramData\3002.abs
[2013/03/16 19:09:35 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/16 19:09:35 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/16 12:28:02 | 002,057,600 | ---- | M] () -- C:\Users\Owner\Desktop\Deborah_Crowley-FlexEffect_Third_Edition_Training_Log.pdf
[2013/03/16 12:26:52 | 030,573,678 | ---- | M] () -- C:\Users\Owner\Desktop\Carol_Maggio-Facercise.pdf
[2013/03/15 19:10:33 | 000,001,077 | ---- | M] () -- C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
[2013/03/14 22:12:25 | 000,838,853 | ---- | M] () -- C:\Users\Owner\Desktop\Guide to Book Publishing.pdf
[2013/03/13 18:31:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/12 17:26:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 17:26:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/11 17:10:54 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/11 17:10:50 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/11 17:10:49 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/11 17:10:49 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/11 17:10:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/11 17:10:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/11 17:10:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/11 17:10:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/11 17:10:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/11 17:10:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:10:41 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/11 17:10:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/11 17:10:35 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/11 17:10:35 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/11 17:10:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/11 17:10:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/11 17:10:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/11 17:10:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/11 17:10:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/11 17:10:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/11 17:10:31 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/11 17:10:26 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/11 17:10:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/11 17:10:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/11 17:10:24 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/11 17:10:24 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/11 17:10:23 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/11 17:10:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/11 17:10:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/11 17:10:21 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/11 17:10:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/11 17:10:20 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/11 17:10:15 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/11 17:10:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/11 17:10:13 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/11 17:10:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/11 17:10:12 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/11 17:10:12 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/11 17:10:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/11 17:10:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/11 17:10:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/11 17:10:10 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/11 17:10:10 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/11 17:10:09 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/11 17:10:09 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/11 17:10:09 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/11 17:10:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/11 17:10:08 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/11 17:10:07 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/11 17:10:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/11 17:10:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/11 17:10:05 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/11 17:10:05 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/11 17:10:05 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/11 17:10:04 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/11 17:09:59 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/11 17:09:58 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/11 17:09:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/11 17:09:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/11 17:09:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/11 17:09:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/11 17:09:57 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/11 17:09:57 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/11 17:09:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/11 17:09:56 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/11 17:09:56 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/11 17:09:55 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/11 17:09:55 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/11 17:09:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/11 17:09:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/11 16:45:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/10 20:43:03 | 000,741,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 20:43:03 | 000,635,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 20:43:03 | 000,110,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 09:25:46 | 000,320,075 | ---- | M] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/08 23:40:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/08 23:17:26 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/07 23:55:45 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/06 20:05:36 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2013/03/05 10:28:21 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/03/04 21:16:43 | 000,062,940 | ---- | M] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/17 01:40:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/18 08:15:32 | 000,047,923 | ---- | C] () -- C:\Users\Owner\Desktop\ReferenceUSA - Search Results.htm
[2013/03/17 23:43:02 | 000,002,158 | ---- | C] () -- C:\Users\Owner\Desktop\YouTube.lnk
[2013/03/17 23:30:00 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/17 23:30:00 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/17 23:29:40 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/17 23:29:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/17 14:46:00 | 000,001,137 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/03/17 12:51:14 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/17 12:50:52 | 000,001,136 | ---- | C] () -- C:\Users\Owner\Desktop\SpeedAnalysis.lnk
[2013/03/17 12:48:55 | 000,609,528 | ---- | C] () -- C:\Users\Owner\Desktop\sa_setup.exe
[2013/03/16 21:40:59 | 000,010,091 | ---- | C] () -- C:\Users\Owner\Desktop\TELUS mobility _ Contact Us.htm
[2013/03/16 19:22:35 | 000,000,149 | RHS- | C] () -- C:\ProgramData\3002.xml
[2013/03/16 19:22:32 | 000,011,904 | RHS- | C] () -- C:\ProgramData\3002.abs
[2013/03/16 12:28:02 | 002,057,600 | ---- | C] () -- C:\Users\Owner\Desktop\Deborah_Crowley-FlexEffect_Third_Edition_Training_Log.pdf
[2013/03/16 12:26:51 | 030,573,678 | ---- | C] () -- C:\Users\Owner\Desktop\Carol_Maggio-Facercise.pdf
[2013/03/15 19:10:42 | 000,001,077 | ---- | C] () -- C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
[2013/03/14 22:12:25 | 000,838,853 | ---- | C] () -- C:\Users\Owner\Desktop\Guide to Book Publishing.pdf
[2013/03/13 17:42:51 | 000,001,244 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/12 18:20:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/12 18:20:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/12 18:20:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/12 18:20:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/12 18:20:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/11 17:10:20 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/11 17:10:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/11 16:45:49 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/11 16:38:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/10 09:25:44 | 000,320,075 | ---- | C] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/08 23:40:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/05 10:28:21 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/03/05 10:28:21 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/03/04 21:16:41 | 000,062,940 | ---- | C] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/16 14:34:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/12 04:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/12/20 00:01:21 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.sys.ini
[2012/05/18 10:29:11 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/17 17:48:18 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2012/05/17 17:48:18 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2012/05/17 17:24:51 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/05/17 17:23:58 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/10 09:03:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
[2012/07/03 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2013/02/17 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2013/02/16 09:28:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
[2013/02/14 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GoforFiles
[2013/02/17 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit

I am so sorry that I screwed things up again. This isn't like me but I drank a little too much wine and stupidity took over.

I have posted the OTL.txt but the Extras.txt didn't show up.

[2013/03/17 13:16:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SearchProtect
[2013/03/17 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpeedTestAnalysis
[2012/05/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Watchtower
[2012/12/20 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinWatermark

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Okay, so we have gone back almost to where we were.

I will do my best to help you with this but you should understand that after that you will be on your own.

There are other people waiting who genuinely need assistance.

I would be irresponsible if I left them and spent all my time helping people who constantly reinfect their machines.

*Now*

Please download ComboFix from one of this location:

*Link*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*

*Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.*


Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal.

ComboFix may reboot your machine. This is normal too. 

***Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall***

When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## white_tigress (Apr 6, 2011)

Again, I apologize. This is not at all like me. Personal problems have me behaving strangely. I appreciate your help very much and understand your position. No, I am not getting involved in any scams, I'm starting to work for a friend but I really need my laptop for this.

ComboFix 13-03-19.01 - Owner 03/19/2013 15:19:01.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.850 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
c:\programdata\3002.xml
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 22:26 . 2013-03-19 22:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-19 22:26 . 2013-03-19 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 06:09 . 2013-03-19 06:09 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADC6E163-FFDC-4596-9BF0-C784945541F0}\offreg.dll
2013-03-18 12:50 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADC6E163-FFDC-4596-9BF0-C784945541F0}\mpengine.dll
2013-03-18 12:36 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-18 06:44 . 2013-03-18 06:44 -------- d-----w- c:\users\Owner\.config
2013-03-18 06:42 . 2013-03-18 12:51 -------- d-----w- c:\users\Owner\AppData\Local\Performersoft
2013-03-18 06:29 . 2013-03-18 06:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-18 06:15 . 2013-03-18 12:35 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla Firefox
2013-03-17 19:53 . 2013-03-17 19:53 -------- d-----w- c:\program files (x86)\Conduit
2013-03-17 19:53 . 2013-03-18 06:36 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
2013-03-17 19:52 . 2013-03-17 19:52 -------- d-----w- c:\program files (x86)\SearchProtect
2013-03-17 19:51 . 2013-03-17 20:16 -------- d-----w- c:\users\Owner\AppData\Roaming\SearchProtect
2013-03-17 19:51 . 2013-03-17 19:51 -------- d-----w- c:\users\Owner\AppData\Local\VisualBeeClient
2013-03-17 19:51 . 2013-03-17 19:51 -------- d-----w- c:\users\Owner\AppData\Local\VisualBeeExe
2013-03-17 19:51 . 2013-03-17 19:51 -------- d-----w- c:\programdata\VisualBee
2013-03-17 19:51 . 2013-03-18 06:41 -------- d-----w- c:\programdata\IBUpdaterService
2013-03-17 19:50 . 2013-03-18 06:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedTestAnalysis
2013-03-17 19:41 . 2013-03-17 19:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-17 19:41 . 2013-03-17 19:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-17 19:41 . 2013-03-17 19:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-17 19:41 . 2013-03-17 19:41 188320 ----a-w- c:\windows\system32\java.exe
2013-03-17 19:41 . 2013-03-17 19:41 -------- d-----w- c:\program files\Java
2013-03-14 00:42 . 2013-03-18 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:18 . 2013-03-12 00:19 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 22:16 . 2013-03-17 05:41 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16 . 2013-02-19 01:51 -------- d-----w- c:\programdata\PC Utility Kit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 22:08 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-19 22:08 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-18 12:37 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-18 12:36 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-17 19:41 . 2012-09-01 06:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-17 19:41 . 2012-09-01 06:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 00:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 00:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 00:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 00:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 00:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 00:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 00:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 00:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 00:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 00:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 00:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 00:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="c:\users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-03-06 2731296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-03-06 2731296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-05 155824]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-03-06 93984]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2013-03-18 644856]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3287802&octid=CT3287802&SearchSource=61&CUI=UN25921853526020106&UM=2&UP=SPB5F0D64D-3B70-45E6-8E4A-4D595B1FE845
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN25928115871154326
FF - prefs.js: browser.search.selectedEngine - VisualBee V.3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN25928115871154326&UM=UM_ID&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{1EB98921-3AD1-4A7A-BED2-B4054E9CFA8E}_is1 - c:\users\Owner\AppData\Local\Performersoft\Application\24.0.1293.0\Installer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 15:30:04
ComboFix-quarantined-files.txt 2013-03-19 22:30
.
Pre-Run: 54,302,969,856 bytes free
Post-Run: 53,665,656,832 bytes free
.
- - End Of File - - 8CA5210ED09AB459C60FFD1BD5313AE8


----------



## emeraldnzl (Nov 3, 2007)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
KillAll::

Driver::
CltMngSvc

File::
c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe

Folder::
c:\program files (x86)\SearchProtect
c:\program files (x86)\Conduit
c:\users\Owner\AppData\Local\Conduit
c:\users\Owner\AppData\Roaming\SearchProtect
c:\users\Owner\AppData\Local\Avg2013
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files (x86)\McAfee Security Scan

Reboot::
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at *C:\ComboFix.txt*. Please post that here for further review.


----------



## white_tigress (Apr 6, 2011)

I had alot of trouble getting ComboFix to take CFScript...such a simple thing but this computer is really being stubborn...but here's the log.

ComboFix 13-03-19.01 - Owner 03/19/2013 16:31:22.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.901 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 23:39 . 2013-03-19 23:39 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-19 23:39 . 2013-03-19 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 06:09 . 2013-03-19 06:09 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADC6E163-FFDC-4596-9BF0-C784945541F0}\offreg.dll
2013-03-18 12:50 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADC6E163-FFDC-4596-9BF0-C784945541F0}\mpengine.dll
2013-03-18 12:36 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-18 06:44 . 2013-03-18 06:44 -------- d-----w- c:\users\Owner\.config
2013-03-18 06:42 . 2013-03-18 12:51 -------- d-----w- c:\users\Owner\AppData\Local\Performersoft
2013-03-18 06:29 . 2013-03-18 06:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-18 06:15 . 2013-03-18 12:35 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla Firefox
2013-03-17 19:53 . 2013-03-17 19:53 -------- d-----w- c:\program files (x86)\Conduit
2013-03-14 00:42 . 2013-03-18 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:18 . 2013-03-12 00:19 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 22:16 . 2013-03-17 05:41 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16 . 2013-02-19 01:51 -------- d-----w- c:\programdata\PC Utility Kit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 23:17 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-19 23:17 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-18 12:37 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-18 12:36 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-17 19:41 . 2012-09-01 06:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-17 19:41 . 2012-09-01 06:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 00:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 00:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 00:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 00:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 00:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 00:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 00:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 00:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 00:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 00:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 00:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 00:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="c:\users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-03-06 2731296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-03-06 2731296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-05 155824]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-03-06 93984]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2013-03-18 644856]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3287802&octid=CT3287802&SearchSource=61&CUI=UN25921853526020106&UM=2&UP=SPB5F0D64D-3B70-45E6-8E4A-4D595B1FE845
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN25928115871154326
FF - prefs.js: browser.search.selectedEngine - VisualBee V.3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN25928115871154326&UM=UM_ID&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{1EB98921-3AD1-4A7A-BED2-B4054E9CFA8E}_is1 - c:\users\Owner\AppData\Local\Performersoft\Application\24.0.1293.0\Installer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 16:43:48
ComboFix-quarantined-files.txt 2013-03-19 23:43
ComboFix2.txt 2013-03-19 22:30
.
Pre-Run: 53,880,741,888 bytes free
Post-Run: 53,808,451,584 bytes free
.
- - End Of File - - F10679956F8BB0E5663E1449F4ABA816


----------



## emeraldnzl (Nov 3, 2007)

Hello again white_tigress,

The fix didn't work.

Let's try a different way.

Close any open browsers.










Then drag CFScript.txt into ComboFix.exe

This will start ComboFix.

When finished, it will produce a log for you at *C:\ComboFix.txt*. Please post that here for further review.

Note: _This script was written specifically for this infection on this person's computer. It should *NOT* to be used on another computer, as it may cause serious damage possibly rendering the machine unusable._


----------



## white_tigress (Apr 6, 2011)

That's how I did it the first time. Do you want me to repeat the process?


----------



## emeraldnzl (Nov 3, 2007)

Yes but this time use the attachment I provided. See it under the blue Attached Files

Just double click and you should be able to save it to you desktop. From there just drag it into ComboFix.

Tell me if how you get on.


----------



## white_tigress (Apr 6, 2011)

ComboFix 13-03-19.01 - Owner 03/19/2013 18:09:43.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.2300 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.tx.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\bin\ChromeModule.dll
c:\program files (x86)\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\bin\FirefoxModule.dll
c:\program files (x86)\SearchProtect\bin\InternetExplorerModule.dll
c:\program files (x86)\SearchProtect\bin\msvcp100.dll
c:\program files (x86)\SearchProtect\bin\msvcr100.dll
c:\program files (x86)\SearchProtect\bin\SPHook32.dll
c:\program files (x86)\SearchProtect\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Dialogs\dialogsApi.js
c:\program files (x86)\SearchProtect\Dialogs\lib\jquery.min.js
c:\program files (x86)\SearchProtect\Dialogs\lib\json2.js
c:\program files (x86)\SearchProtect\Dialogs\spbd\bubble.css
c:\program files (x86)\SearchProtect\Dialogs\spbd\bubble.js
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\information.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\main.html
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\warning.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\main.html
c:\program files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\program files (x86)\SearchProtect\Dialogs\spsd\settings.js
c:\program files (x86)\SearchProtect\ffprotect\abstraction.js
c:\program files (x86)\SearchProtect\ffprotect\application.js
c:\users\Owner\AppData\Local\Avg2013
c:\users\Owner\AppData\Local\Conduit
c:\users\Owner\AppData\Roaming\SearchProtect
c:\users\Owner\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
c:\users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe
c:\users\Owner\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
c:\users\Owner\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
c:\users\Owner\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
c:\users\Owner\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\Owner\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\Owner\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\Owner\AppData\Roaming\SearchProtect\bin\SPHook32.dll
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\Owner\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\Owner\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-20 01:22 . 2013-03-20 01:22 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-20 01:22 . 2013-03-20 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 06:09 . 2013-03-19 06:09 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADC6E163-FFDC-4596-9BF0-C784945541F0}\offreg.dll
2013-03-18 12:50 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADC6E163-FFDC-4596-9BF0-C784945541F0}\mpengine.dll
2013-03-18 12:36 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-18 06:44 . 2013-03-18 06:44 -------- d-----w- c:\users\Owner\.config
2013-03-18 06:42 . 2013-03-18 12:51 -------- d-----w- c:\users\Owner\AppData\Local\Performersoft
2013-03-18 06:29 . 2013-03-18 06:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-18 06:15 . 2013-03-18 12:35 -------- d-----w-  c:\users\Owner\AppData\Local\Mozilla Firefox
2013-03-17 19:51 . 2013-03-19 23:28 -------- d-----w- c:\users\Owner\AppData\Local\VisualBeeExe
2013-03-17 19:51 . 2013-03-17 19:51 -------- d-----w- c:\programdata\VisualBee
2013-03-17 19:51 . 2013-03-18 06:41 -------- d-----w- c:\programdata\IBUpdaterService
2013-03-17 19:50 . 2013-03-18 06:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedTestAnalysis
2013-03-17 19:41 . 2013-03-17 19:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-17 19:41 . 2013-03-17 19:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-17 19:41 . 2013-03-17 19:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-17 19:41 . 2013-03-17 19:41 188320 ----a-w- c:\windows\system32\java.exe
2013-03-17 19:41 . 2013-03-17 19:41 -------- d-----w- c:\program files\Java
2013-03-14 00:42 . 2013-03-18 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:18 . 2013-03-12 00:19 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 22:16 . 2013-03-17 05:41 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2013-02-18 06:16 . 2013-02-19 01:51 -------- d-----w- c:\programdata\PC Utility Kit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 01:26 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-20 01:26 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-18 12:37 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-18 12:36 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-17 19:41 . 2012-09-01 06:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-17 19:41 . 2012-09-01 06:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 00:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 00:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 00:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 00:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 00:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 00:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 00:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 00:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 00:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 00:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 00:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 00:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-05 155824]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2013-03-18 644856]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3287802&octid=CT3287802&SearchSource=61&CUI=UN25921853526020106&UM=2&UP=SPB5F0D64D-3B70-45E6-8E4A-4D595B1FE845
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN25928115871154326
FF - prefs.js: browser.search.selectedEngine - VisualBee V.3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN25928115871154326&UM=UM_ID&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SearchProtect - c:\users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe
Wow6432Node-HKLM-Run-SearchProtectAll - c:\program files (x86)\SearchProtect\bin\cltmng.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
AddRemove-{1EB98921-3AD1-4A7A-BED2-B4054E9CFA8E}_is1 - c:\users\Owner\AppData\Local\Performersoft\Application\24.0.1293.0\Installer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rpcnet.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2013-03-19 18:33:26 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-20 01:33
ComboFix2.txt 2013-03-19 23:43
ComboFix3.txt 2013-03-19 22:30
.
Pre-Run: 53,861,249,024 bytes free
Post-Run: 53,412,220,928 bytes free
.
- - End Of File - - 797B24F7B231016433B254E6D789A9D1


----------



## emeraldnzl (Nov 3, 2007)

Well done.

*Now*

Download and run Junkware removal Tool by thisisu

When the scan completes a log will be produced please post it back here.

*After that*

Please use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:
To do this, click *Start*, click *All Programs*, click *Accessories*, right-click *Command Prompt*, and then click *Run as administrator*.
If you are prompted for an administrator password or for a confirmation, type the password, or click *Allow*.
Type the following command, and then press ENTER: 
*sfc /scannow* _Please note that there is a single space between sfc and /scannow_.
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

*Next*

Go to *Start* > *Computer* and right click on *C drive* > *Properties* > *Tools tab* 

Click on the radio button *Check Now* beside "This option to check the volume for errors"
check both boxes " Automatically fix file system errors" and "Scan for and attempt to recovery of bad sectors"
Click the *Start* button
Click *Yes* to run at next restart
Restart you computer and allow to run. Patience... it can take a long time.
*So when you return please post

Junkware log
and tell me how System File Checker and chkdsk went
*


----------



## white_tigress (Apr 6, 2011)

I keep getting this message:

Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.


----------



## emeraldnzl (Nov 3, 2007)

I am not quite sure what you mean.

I take it you are referring to a problem accessing this site and yet you are able to post your reply.

I wonder, is it when you try to post the junkware log?


----------



## white_tigress (Apr 6, 2011)

Yes, it's when I'm trying to post the logs. I even tried to add them as attachments and got the same message.


----------



## white_tigress (Apr 6, 2011)

Here's the JRT file. The other won't send


----------



## emeraldnzl (Nov 3, 2007)

> The other won't send


It was only the JRT one I asked for.

Per my request at the end of the post I made I would like you to tell me how the other scans went.

Was there a message from either of them or did they complete their task without difficulty?


----------



## white_tigress (Apr 6, 2011)

I'm sorry I screwed that up. The others didn't leave any messages but one of them, I think it was CBS left a log that I was trying to send you but couldn't.


----------



## emeraldnzl (Nov 3, 2007)

> The others didn't leave any messages


Sounds like they ran okay and fixed any thing they found. Sometimes if they run into corruption they will refer back and not complete.

*Moving on*

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*


----------



## white_tigress (Apr 6, 2011)

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.20.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Owner :: OWNER-PC [administrator]

3/20/2013 5:00:31 PM
mbam-log-2013-03-20 (17-00-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233383
Time elapsed: 16 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,


Close all windows and open *OTL* again. 
Click *Run Scan* and let the program run uninterrupted
It will produce a log for you. Post the log here.
*Note*: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

*C:\_OTL\MovedFiles*


----------



## white_tigress (Apr 6, 2011)

OTL logfile created on: 3/20/2013 5:41:53 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.98% Memory free
5.96 Gb Paging File | 4.76 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 50.42 Gb Free Space | 54.18% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\Owner\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:*64bit:* - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:*64bit:* - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:*64bit:* - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:*64bit:* - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:*64bit:* - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:*64bit:* - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:*64bit:* - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:*64bit:* - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo)
DRV:*64bit:* - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:*64bit:* - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3287802.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN25928115871154326"
FF - prefs.js..browser.search.selectedEngine: "VisualBee V.3 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: speedtestanalysis%40SpeedAnalysis.com:1.0.0.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN25928115871154326&UM=UM_ID&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Users\Owner\AppData\Local\Mozilla Firefox\components [2013/03/18 05:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Users\Owner\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Users\Owner\AppData\Local\Mozilla Firefox\components [2013/03/18 05:35:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Users\Owner\AppData\Local\Mozilla Firefox\plugins

[2012/11/12 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/03/20 17:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\Extensions
[2013/03/17 12:50:58 | 000,000,000 | ---D | M] (Speed Test Analysis) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\Extensions\[email protected]
[2013/03/17 13:10:47 | 000,000,985 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\searchplugins\conduit.xml

O1 HOSTS File: ([2013/03/19 18:26:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:*64bit:* - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:*64bit:* - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.17 64.59.150.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}: DhcpNameServer = 64.59.144.17 64.59.150.133
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmbp - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\C
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/20 16:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/20 16:58:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/20 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/19 19:52:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/19 19:50:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/19 18:33:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/19 18:26:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/19 18:08:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/03/19 15:10:51 | 005,041,561 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/03/18 23:08:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL(1).exe
[2013/03/18 08:15:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ReferenceUSA - Search Results_files
[2013/03/17 23:44:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\.config
[2013/03/17 23:42:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Performersoft
[2013/03/17 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/17 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/03/17 23:15:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla Firefox
[2013/03/17 12:50:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedTestAnalysis
[2013/03/17 12:41:24 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/17 12:41:11 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/17 12:41:11 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/17 12:41:11 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/17 12:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/13 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/13 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/12 18:20:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/12 18:20:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/12 18:20:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/12 18:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/12 18:17:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/11 17:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/03/11 17:10:53 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/11 17:10:49 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/11 17:10:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/11 17:10:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/11 17:10:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/11 17:10:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/11 17:10:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/11 17:10:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/11 17:10:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/11 17:10:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:10:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/11 17:10:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/11 17:10:35 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/11 17:10:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/11 17:10:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/11 17:10:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/11 17:10:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/11 17:10:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/11 17:10:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/11 17:10:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/11 17:10:31 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/11 17:10:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/11 17:10:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/11 17:10:24 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/11 17:10:24 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/11 17:10:24 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/11 17:10:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/11 17:10:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/11 17:10:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/11 17:10:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/11 17:10:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/11 17:10:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/11 17:10:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/11 17:10:13 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/11 17:10:12 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/11 17:10:12 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/11 17:10:11 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/11 17:10:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/11 17:10:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/11 17:10:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/11 17:10:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/11 17:10:09 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/11 17:10:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/11 17:10:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/11 17:10:08 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/11 17:10:07 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/11 17:10:07 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/11 17:10:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/11 17:10:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/11 17:10:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/11 17:10:05 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/11 17:10:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/11 17:10:04 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/11 17:09:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/11 17:09:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/11 17:09:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/11 17:09:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/11 17:09:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/11 17:09:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/11 17:09:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/11 17:09:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/11 17:09:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/11 17:09:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/11 17:09:55 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/11 17:09:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/11 17:09:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/11 17:09:54 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/11 17:09:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/11 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/11 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/11 15:16:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
[2013/03/10 09:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
[2013/03/09 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\SyncFolder
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/03/05 10:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/03/04 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Usenet.nl
[2013/03/04 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate_files
[2013/02/26 11:07:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 11:07:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 11:07:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 11:07:38 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 11:07:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 11:07:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 11:07:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 11:07:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 11:07:28 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 11:07:28 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 11:07:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 11:07:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 11:07:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 11:07:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 11:07:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 11:07:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 11:07:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 11:07:26 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 11:07:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 11:07:26 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/26 11:07:26 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 11:00:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/26 11:00:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/26 11:00:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/02/26 11:00:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/26 11:00:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/26 11:00:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/26 11:00:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/26 11:00:28 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/26 11:00:28 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/26 11:00:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/26 11:00:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/26 11:00:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/26 11:00:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/26 11:00:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/26 11:00:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/26 11:00:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/26 11:00:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/26 11:00:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/26 11:00:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/26 11:00:27 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/26 11:00:27 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/26 10:55:58 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
[2013/02/26 10:54:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/26 10:54:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/26 10:54:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/25 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/25 16:19:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2013/02/25 16:19:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2013/02/19 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/02/19 11:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/19 11:02:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/20 17:25:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 16:58:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/20 16:53:28 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/03/20 16:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 20:51:25 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 20:51:25 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 20:43:13 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/03/19 20:42:52 | 2401,996,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 18:26:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/19 15:10:59 | 005,041,561 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/03/18 23:09:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL(1).exe
[2013/03/18 08:16:16 | 000,047,923 | ---- | M] () -- C:\Users\Owner\Desktop\ReferenceUSA - Search Results.htm
[2013/03/18 05:37:33 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/03/18 05:36:34 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/03/17 23:43:02 | 000,002,158 | ---- | M] () -- C:\Users\Owner\Desktop\YouTube.lnk
[2013/03/17 23:29:40 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/17 14:46:00 | 000,001,137 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/03/17 13:11:32 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/17 12:41:06 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/17 12:41:03 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/17 12:41:03 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/17 12:41:03 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/17 12:41:02 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/17 12:41:02 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/03/16 19:09:35 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/16 19:09:35 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/16 12:28:02 | 002,057,600 | ---- | M] () -- C:\Users\Owner\Desktop\Deborah_Crowley-FlexEffect_Third_Edition_Training_Log.pdf
[2013/03/16 12:26:52 | 030,573,678 | ---- | M] () -- C:\Users\Owner\Desktop\Carol_Maggio-Facercise.pdf
[2013/03/14 22:12:25 | 000,838,853 | ---- | M] () -- C:\Users\Owner\Desktop\Guide to Book Publishing.pdf
[2013/03/12 17:26:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 17:26:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/11 17:10:54 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/11 17:10:50 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/11 17:10:49 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/11 17:10:49 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/11 17:10:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/11 17:10:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/11 17:10:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/11 17:10:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/11 17:10:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/11 17:10:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:10:41 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/11 17:10:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/11 17:10:35 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/11 17:10:35 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/11 17:10:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/11 17:10:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/11 17:10:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/11 17:10:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/11 17:10:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/11 17:10:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/11 17:10:31 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/11 17:10:26 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/11 17:10:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/11 17:10:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/11 17:10:24 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/11 17:10:24 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/11 17:10:23 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/11 17:10:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/11 17:10:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/11 17:10:21 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/11 17:10:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/11 17:10:20 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/11 17:10:15 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/11 17:10:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/11 17:10:13 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/11 17:10:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/11 17:10:12 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/11 17:10:12 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/11 17:10:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/11 17:10:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/11 17:10:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/11 17:10:10 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/11 17:10:10 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/11 17:10:09 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/11 17:10:09 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/11 17:10:09 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/11 17:10:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/11 17:10:08 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/11 17:10:07 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/11 17:10:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/11 17:10:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/11 17:10:05 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/11 17:10:05 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/11 17:10:05 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/11 17:10:04 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/11 17:09:59 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/11 17:09:58 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/11 17:09:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/11 17:09:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/11 17:09:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/11 17:09:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/11 17:09:57 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/11 17:09:57 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/11 17:09:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/11 17:09:56 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/11 17:09:56 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/11 17:09:55 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/11 17:09:55 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/11 17:09:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/11 17:09:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/11 16:45:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/10 20:43:03 | 000,741,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 20:43:03 | 000,635,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 20:43:03 | 000,110,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 09:25:46 | 000,320,075 | ---- | M] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/08 23:40:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/07 23:55:45 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/06 20:05:36 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2013/03/04 21:16:43 | 000,062,940 | ---- | M] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/20 16:58:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/18 08:15:32 | 000,047,923 | ---- | C] () -- C:\Users\Owner\Desktop\ReferenceUSA - Search Results.htm
[2013/03/17 23:43:02 | 000,002,158 | ---- | C] () -- C:\Users\Owner\Desktop\YouTube.lnk
[2013/03/17 23:29:40 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/17 23:29:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/17 14:46:00 | 000,001,137 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/03/17 12:51:14 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/16 12:28:02 | 002,057,600 | ---- | C] () -- C:\Users\Owner\Desktop\Deborah_Crowley-FlexEffect_Third_Edition_Training_Log.pdf
[2013/03/16 12:26:51 | 030,573,678 | ---- | C] () -- C:\Users\Owner\Desktop\Carol_Maggio-Facercise.pdf
[2013/03/14 22:12:25 | 000,838,853 | ---- | C] () -- C:\Users\Owner\Desktop\Guide to Book Publishing.pdf
[2013/03/13 17:42:51 | 000,001,244 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/12 18:20:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/12 18:20:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/12 18:20:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/12 18:20:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/12 18:20:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/11 17:10:20 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/11 17:10:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/11 16:45:49 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/11 16:38:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/10 09:25:44 | 000,320,075 | ---- | C] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
[2013/03/08 23:40:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/03/08 23:40:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/03/05 10:28:21 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/03/04 21:16:41 | 000,062,940 | ---- | C] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
[2013/02/16 14:34:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/12 04:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/12/20 00:01:21 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.sys.ini
[2012/05/18 10:29:11 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/17 17:48:18 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2012/05/17 17:48:18 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2012/05/17 17:24:51 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/05/17 17:23:58 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Hello white_tigress,

Question: Just curious here - are you reinstalling VisualBee and/or other Conduit Toolbars? Might be Malware generated but I just want to check.

*Now*

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following

Drag and drop the attached Fix.txt to the OTL









Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Navigate to the *C:\_OTL\MovedFiles* folder, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.
Note: _This script was written specifically for this infection on this person's computer. It should *NOT* to be used on another computer, as it may cause serious damage possibly rendering the machine unusable._


----------



## white_tigress (Apr 6, 2011)

No, I'm not reinstalling any toolbars. That VisualBee is annoyingly still on here, even after I just did the fix. It's at the top of my screen "VisualBee V.3 Customized Web Search".

I tried to drag and drop but OTL wouldn't allow it so I opened up your commands in Notebook and then copied and pasted them into OTL.

All processes killed
========== OTL ==========
Prefs.js: "true" removed from CT3287802.browser.search.defaultthis.engineName
Prefs.js: "VisualBee V.3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN2592811 5871154326" removed from browser.search.defaulturl
Prefs.js: "VisualBee V.3 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "false" removed from browser.search.useDBForOrder
Prefs.js: "https://mail.google.com/mail/u/0/?shva=1#inbox" removed from browser.startup.homepage
Prefs.js: speedtestanalysis%40SpeedAnalysis.com:1.0.0.0 removed from extensions.enabledAddons
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN25928115871154326&UM=UM _ID&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38783831-6098-4faa-A9C9-1EE1E343F4D2}\ not found.
File C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension not found.
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\Ex tensions\ not found.
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\Ex tensions\[email protected]\ not found.
File C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\se archplugins\conduit.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 97301827 bytes
->Temporary Internet Files folder emptied: 6794480 bytes
->Java cache emptied: 3833096 bytes
->FireFox cache emptied: 154777676 bytes
->Flash cache emptied: 1568 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23971 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36031264 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 285.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03202013_185207

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## emeraldnzl (Nov 3, 2007)

> It's at the top of my screen "VisualBee V.3 Customized Web Search".


Hmm... still missing it somehow.

*Let's do this*

Please download AdwCleaner from here to your desktop

Click on the green downward facing arrow on the right to commence download.
Run AdwCleaner and select Delete










Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

*After that we will have another look*


Close all windows and open *OTL* again. 
Click *Run Scan* and let the program run uninterrupted
It will produce a log for you. Post the log here.
*Note*: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

C:\_OTL\MovedFiles

*So when you return please post
AdwCleaner log
OTL log
*


----------



## white_tigress (Apr 6, 2011)

Did you find it this time?


----------



## emeraldnzl (Nov 3, 2007)

Hi white_tigress,

Is VisualBee gone now?


----------



## white_tigress (Apr 6, 2011)

Yes! Thanks for pointing that out!


----------



## emeraldnzl (Nov 3, 2007)

*Just one more scan*

Please run a free online scan with the *ESET Online Scanner*

*Vista / Win7 users: *Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select *Run as Administrator*.

*Note: This scan works with Internet Explorer or Mozilla FireFox.*

If using* Mozilla Firefox* you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.


Click the green ESET Online Scanner box
Tick the box next to *YES, I accept the Terms of Use*
then click on: *Start*
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
 Make sure that the option *Scan archives *is checked.
 Now click on *Advanced Settings* and select the following:
*Scan for potentially unwanted applications*
* Scan for potentially unsafe applications*
* Enable Anti-Stealth Technology*

 Click on *Start*
 The virus signature database will begin to download. *Be patient* this make take some time depending on the speed of your Internet Connection.
 When completed the *Online Scan* will begin automatically. The scan may take several hours.
 *Do not touch either the Mouse or keyboard* during the scan otherwise it may stall.
 When completed select *Uninstall application on close*, *make sure you copy the logfile first!*
 Then click on: *Finish*
 Use *notepad* to open the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt.*
 *Copy *and *paste* that log *as a reply* to this topic and tell me how your computer is now.


----------



## white_tigress (Apr 6, 2011)

The background on my laptop will still fade to a whitish colour and Firefox will still be "not responding" and lag or freeze. The screen still disappears and then reappears, sometimes just flickering and other times disappearing for several seconds before reappearing. 

Btw...I didn't delete the quarantined files as you didn't mention that but it feels like I should have.

C:\Users\Owner\Documents\Downloads\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\Deborah_Crowley_Flex_Effect_Facial_Resistance_Training_Third_Edition_2010.rar_downloader_98878(1).exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\Deborah_Crowley_Flex_Effect_Facial_Resistance_Training_Third_Edition_2010.rar_downloader_98878.exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\DriverPerformer-T2FIBDCO.exe a variant of Win32/InstallBrain application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\FinalTorrent2011Setup.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flexeffect_deborah_crowley_downloader_ca_98926.exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\JetBrowserSetup.exe a variant of Win32/InstallBrain.W application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\lostisland_setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\pearlharbor_setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\SoftonicDownloader_for_mozilla-firefox.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined


----------



## emeraldnzl (Nov 3, 2007)

> Btw...I didn't delete the quarantined files as you didn't mention that but it feels like I should have.


Up to you. They can't hurt anything where they are and sometimes we like to see what they are and if necessary restore a false positive. There is nothing there essential for the running of your machine though so go ahead and delete them if you wish.



> The background on my laptop will still fade to a whitish colour and Firefox will still be "not responding" and lag or freeze. The screen still disappears and then reappears, sometimes just flickering and other times disappearing for several seconds before reappearing.


There are many reasons why your computer might be experiencing those problems.

You have used so many different programs to try and fix problems any one of which could have messed things up. Also you have had so much adware/foistware and some outright malware all of which can leave behind corrupted files that it's not surprising that things don't work quite right.

On top of that you appear to have used a number of proprietory programs.... downloaders, registry cleaners (CCleaner has a registry cleaner utility) and you have used a system booster. Registry cleaners and boosters mess with the computers register and can leave you with broken programs and other problems down the line.

Generally speaking there is no need for a registry cleaner... they just cause problems.

*Turning specifically to the fading problem*

I am not a techie so you may be better posting in another forum but:

First thing to do is check the colour display calibration see here and here. If that doesn't help, overheating can cause unusual symptoms - please refer to my earlier post referring to that - see post number 35. If you still have a problem then the cause may be your LCD monitor on your laptop... it may be beginning to fail.

Apart from the background fading is your computer working well otherwise?

If not, please run ComboFix again and post back the log. If it is generally working okay tell me any specific problems (apart from the fading mentioned above) and we will look at non malware solutions.


----------



## white_tigress (Apr 6, 2011)

While I was running ComboFix, the icon disappeared from my desktop. I did a search, found it and ran it. I also deleted any unnecessary programs I could find, as you mentioned, such as Defraggler, CCleaner, my old phone files.

I noticed that there are 2 versions of Firefox downloaded...version 9.0 and version 9.0.2. Which one should I delete?

Can you recommend how I can repair the damage I've done by my unnecessary downloading? I was told, wrongly I now find, that programs like Defraggler and CCleaner and various antivirus and anti-spyware programs were good for my laptop.

I still have the various scan programs on my desktop that you have had me download. Should I be deleting those now?

ComboFix 13-03-20.02 - Owner 03/21/2013 0:51.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.296 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
c:\programdata\3002.xml
.
Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected 
Restored copy from - c:\windows\erdnt\cache86\user32.dll 
.
.
((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-21 07:59 . 2013-03-21 07:59 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-21 07:59 . 2013-03-21 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-21 03:43 . 2013-03-21 03:43 -------- d-----w- c:\program files (x86)\ESET
2013-03-21 02:35 . 2013-03-21 02:35 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E87356F-F6AD-4668-9E86-C3AF15630E6D}\offreg.dll
2013-03-21 02:09 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DBA7717-7F85-4710-A4F7-03F2EF9BEE00}\gapaengine.dll
2013-03-21 02:08 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E87356F-F6AD-4668-9E86-C3AF15630E6D}\mpengine.dll
2013-03-20 23:58 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 23:58 . 2013-03-20 23:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-20 02:52 . 2013-03-20 02:52 -------- d-----w- c:\windows\ERUNT
2013-03-20 02:50 . 2013-03-20 02:50 -------- d-----w- C:\JRT
2013-03-18 06:44 . 2013-03-18 06:44 -------- d-----w- c:\users\Owner\.config
2013-03-18 06:29 . 2013-03-18 06:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-18 06:15 . 2013-03-18 12:35 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla Firefox
2013-03-17 19:50 . 2013-03-18 06:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedTestAnalysis
2013-03-17 19:41 . 2013-03-17 19:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-17 19:41 . 2013-03-17 19:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-17 19:41 . 2013-03-17 19:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-17 19:41 . 2013-03-17 19:41 188320 ----a-w- c:\windows\system32\java.exe
2013-03-17 19:41 . 2013-03-17 19:41 -------- d-----w- c:\program files\Java
2013-03-14 00:42 . 2013-03-18 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-13 00:32 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 22:16 . 2013-03-17 05:41 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 08:02 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-21 08:02 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-18 12:37 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-18 12:36 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-17 19:41 . 2012-09-01 06:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-17 19:41 . 2012-09-01 06:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 00:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 00:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 00:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 00:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 00:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 00:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 00:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 00:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 00:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 00:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 00:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 00:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.search.selectedEngine - 
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-03-21 01:06:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-21 08:06
ComboFix2.txt 2013-03-19 23:43
ComboFix3.txt 2013-03-19 22:30
.
Pre-Run: 54,248,611,840 bytes free
Post-Run: 53,928,710,144 bytes free
.
- - End Of File - - 04B7B60D0DB5B6D01FB8914DE1A2D816


----------



## emeraldnzl (Nov 3, 2007)

> I was told, wrongly I now find, that programs like Defraggler and CCleaner and various antivirus and anti-spyware programs were good for my laptop.


It's often not the tool itself (although sometimes it is) but what comes with it or the other utilities included in the program, for example CCleaner is fine on it's own but last time I looked it came with a Registry Cleaner and a uninstaller.

Registry cleaners are notorious for causing problems on peoples computers. Often the problem doesn't appear until well down the track. A small change to the registry can go unnoticed until one day you call on that function and find it won't work anymore or alternatively an associated utility doesn't work properly.

The uninstaller worked fine on my computer but when I uninstalled it I found that Windows Installer wouldn't work properly.

Further, many of these programs bring foistware with them. I am sure a lot of the stuff on your machine sourced from there.

While it is a little out of date this link tells you about what comes with some of the free programs you download.



> Can you recommend how I can repair the damage I've done by my unnecessary downloading?


We began to address this with System File Scanner and chkdsk a few posts back. If they ran okay it suggests they fixed things without difficulty. There are some other checks we can do after we are sure the malware has gone.

*Now*

A question before we move on:

Do you use the file backup system of Starfied Technologies? It might be called Workspace. If you don't please go to *Control Panel > Programs* and uninstall it if you see it in the uninstall list. The reason I say that is because while it is a legitimate program it can cause problems on some machines. If you don't see it in the uninstall list come back and tell me.


----------



## white_tigress (Apr 6, 2011)

I removed Workspace. I haven't used it but I was told I should be backing up my work and didn't know how. I found a couple of backup programs and downloaded them but never did use them.

My computer is still freezing, Firefox will be "not responding" almost all the time. The screen will go completely black often and then quickly back to what I was looking at before. It happens very quickly and often. I get that round blue loading? circle every time I want to do something.What could I possibly have done to this poor thing?

I must also mention that I am always unsure of when I'm supposed to have my security shut off and when to turn it back on so it's been off alot as I just won't remember until much later. I have run scans for you with security on unless you specifically tell me to turn it off.

One last thing, the programs you've had me download all have a little shield on them in the bottom right corner. Is that supposed to be there?


----------



## emeraldnzl (Nov 3, 2007)

> One last thing, the programs you've had me download all have a little shield on them in the bottom right corner. Is that supposed to be there?


Just means you need to run them as Administrator. I guess you know that to do that you right click and then run as Administrator.



> My computer is still freezing, Firefox will be "not responding" almost all the time. The screen will go completely black often and then quickly back to what I was looking at before. It happens very quickly and often. I get that round blue loading? circle every time I want to do something.What could I possibly have done to this poor thing?


Let's see if the next action helps with that:

*Now*

Close any open browsers.

Then drag CFScript.txt into ComboFix.exe










This will start ComboFix.

When finished, it will produce a log for you at *C:\ComboFix.txt*. Please post that here for further review.

Note: _This script was written specifically for this infection on this person's computer. It should *NOT* to be used on another computer, as it may cause serious damage possibly rendering the machine unusable._


----------



## white_tigress (Apr 6, 2011)

ComboFix 13-03-21.01 - Owner 03/21/2013 16:57:12.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.170 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Workspace\offSyncService.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Workspace
c:\program files (x86)\Workspace\_offsyncext64.dll_
c:\program files (x86)\Workspace\_offSyncService.exe_
.
.
((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))
.
.
2013-03-22 00:07 . 2013-03-22 00:07 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-22 00:07 . 2013-03-22 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-21 22:37 . 2013-03-21 22:37 -------- d-----w- c:\users\Owner\AppData\Local\offsync
2013-03-21 14:53 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D608DA83-757C-45E3-9E8A-384D95A7A251}\mpengine.dll
2013-03-21 03:43 . 2013-03-21 03:43 -------- d-----w- c:\program files (x86)\ESET
2013-03-21 02:09 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DBA7717-7F85-4710-A4F7-03F2EF9BEE00}\gapaengine.dll
2013-03-20 23:58 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 23:58 . 2013-03-20 23:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-20 20:19 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 04:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-20 02:52 . 2013-03-20 02:52 -------- d-----w- c:\windows\ERUNT
2013-03-20 02:50 . 2013-03-20 02:50 -------- d-----w- C:\JRT
2013-03-18 06:44 . 2013-03-18 06:44 -------- d-----w- c:\users\Owner\.config
2013-03-18 06:29 . 2013-03-18 06:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-18 06:15 . 2013-03-18 12:35 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla Firefox
2013-03-17 19:50 . 2013-03-18 06:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedTestAnalysis
2013-03-17 19:41 . 2013-03-17 19:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-17 19:41 . 2013-03-17 19:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-17 19:41 . 2013-03-17 19:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-17 19:41 . 2013-03-17 19:41 188320 ----a-w- c:\windows\system32\java.exe
2013-03-17 19:41 . 2013-03-17 19:41 -------- d-----w- c:\program files\Java
2013-03-14 00:42 . 2013-03-18 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-13 00:32 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 22:16 . 2013-03-17 05:41 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-22 00:10 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-22 00:10 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-18 12:37 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-18 12:36 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-17 19:41 . 2012-09-01 06:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-17 19:41 . 2012-09-01 06:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-17 02:09 . 2012-05-18 17:59 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 00:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 00:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 00:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 00:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 00:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 00:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 00:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 00:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 00:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 00:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 00:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 00:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} - c:\program files (x86)\Workspace\offsyncext64.dll
ShellIconOverlayIdentifiers-{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} - c:\program files (x86)\Workspace\offsyncext64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Completion time: 2013-03-21 17:17:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-22 00:17
ComboFix2.txt 2013-03-21 08:06
ComboFix3.txt 2013-03-19 23:43
ComboFix4.txt 2013-03-19 22:30
.
Pre-Run: 51,937,316,864 bytes free
Post-Run: 51,876,073,472 bytes free
.
- - End Of File - - 49452BD7BE23B541F04E7D60ADA65394


----------



## emeraldnzl (Nov 3, 2007)

> I must also mention that I am always unsure of when I'm supposed to have my security shut off and when to turn it back on so it's been off alot as I just won't remember until much later.


Your logs show that Microsoft Security Essentials (your Anti-virus) is running so not something to worry about I think.

Any change in Firefoxes behaviour now?


----------



## white_tigress (Apr 6, 2011)

emeraldnzl said:


> Your logs show that Microsoft Security Essentials (your Anti-virus) is running so not something to worry about I think.
> 
> Security was on when Combofix started but it told me to shut security down, so I did.
> 
> As for Firefox, it seems to be ok right now. Does that mean I'm all fixed up (she says very hopefully)?


----------



## emeraldnzl (Nov 3, 2007)

> Security was on when Combofix started but it told me to shut security down, so I did.


I assume it's back on now.



> As for Firefox, it seems to be ok right now. Does that mean I'm all fixed up (she says very hopefully)?


Well my thought is that the backup utility was constantly interrupting Firefox to backup hence the slow performance and black screens. Hopefully that is what it was and it is fixed.

Let's watch it for a bit and see if it stays like that. No more downloading of programs please 

Now let's run a scan to check that key services on your computer are running okay.

Please download Farbar Service Scanner and run.



Make sure the following options are checked:


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Other Services


Press *Scan*
A log (FSS.txt) will be created in the same directory the tool is run.
Copy and paste the log back here.


----------



## white_tigress (Apr 6, 2011)

"Let's watch it for a bit and see if it stays like that. No more downloading of programs please" 
Would I do that? LOL Funny you should mention that, I just went out and got some "wobbly pops" but I promise you I will not download a thing tonight! Just licking my wounds (poor me), just got dumped. 

That increasingly annoying little blue circle is still constantly on my screen telling me my computer is thinking. Several times since our last communication, the computer froze and the screen went black again. Something strange is living in my computer! 

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 21-03-2013 at 18:24:22
Running from "C:\Users\Owner\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## emeraldnzl (Nov 3, 2007)

> That increasingly annoying little blue circle is still constantly on my screen telling me my computer is thinking. Several times since our last communication, the computer froze and the screen went black again. Something strange is living in my computer!


Assuming this is Firefox that is freezing let's see what happens when you run Firefox in Safe Mode.

How to start Firefox in Safe Mode

Go to *Firefox* > *Help* > *Restart with Add-ons Disabled*.

Firefox will start with the Firefox Safe Mode dialog.

Note: You can also start Firefox in Safe Mode by clicking *Start*, selecting *Run* (or use the Start Search box in Windows 7 and Vista) and then entering the following in the text field: *firefox -safe-mode*

Come back and tell me if that makes a difference.


----------



## white_tigress (Apr 6, 2011)

It seems to be working fine. Does that mean it's all better now? Wobbly pop time yet? Heehee


----------



## emeraldnzl (Nov 3, 2007)

> Wobbly pop time yet?


Probably best to either do the things below first or have Wobbly pop time now and do the things below tomorrow lol.



> It seems to be working fine. Does that mean it's all better now?


It means that it's an Add-on or extension that is causing the problem. Unless you run in Safe Mode all the time you will still find it having the problems.

You can do this:

Open Firefox in normal mode and go to Tools > Options > General Tab

Click on the Manage Add-ons button and the Extensions tab at the top

In later versions go to Firefox at the top left and click on Add-ons and then disable one at a time as below.

Highlight and disable them one by one until you find the one/ones causing the problem

Do the same for the Plugins and Themes if you don't find the problem under Extensions

Once you have found the culprit make a note of the one it was and then uninstall it.

*Or you can do this...* I would probably do this one but it is a bit complicated and if you are in a hurry try the above and see whether it does the job.

Fully remove Firefox including profile settings and all personal data and then reinstall.

This way is a different approach with uninstalling an re-installing Firefox. We need to remove your Firefox profile data and settings. Before we do this we want to backup your bookmarks.

To back up your bookmarks:

In Firefox go to *History > Show all History > Import and Backup *(toolbar along the top) > Export HTML... and save it to your desktop.

Later when you re-install FF you can reverse the process and *Import HTML*... when the Wizard comes up just import the HTML file you had saved earlier.

*Now*

Go to the link below for instructions on how to remove Firefox:

http://kb.mozillazine.org/Uninstall_firefox

Look under the heading *On Windows*

Follow the instructions there _On Windows Vista _ and in particular follow this instruction - see the bolded part:

Starting in Firefox 3, the uninstaller includes the option, *"Remove my Firefox personal data and customizations"*. This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.).

If the uninstall fails, as it may in some cases, continue on with the rest of the uninstall instructions.

Once you have remove Firefox entirely then download a new copy and re-install. After that, follow the instruction above to import your bookmarks back.

Firefox may be downloaded from *Here*.

Tell me how you get on.


----------



## emeraldnzl (Nov 3, 2007)

Further to my last post:

Also do this:

Go to *Control Panel* > *Programs* and uninstall *Kaspersky* if it is in the list.


----------



## white_tigress (Apr 6, 2011)

I went to C:\Program Files(x64)\Mozilla Firefox and deleted. 

Then I went to C:\Users\Owner\AppData\Local\Virtual Store\Program Files\Mozilla Firefox folder BUT after I clicked on Virtual Store there was only Program Data, which I tried but there is no Mozilla Firefox folder to be found. 

I tried to delete both versions of Firefox from Control Panel like normal but they won't delete. The Maintenance package (forget the name) deleted but the other 2 just give me a flicker, the blue revolving circle and then nothing. 

I went back to the 2nd step and found Firefox under C:\ somewhere down the line and tried to delete it there but nothing happened.

What's happening?


----------



## emeraldnzl (Nov 3, 2007)

> I tried to delete both versions of Firefox from Control Panel like normal but they won't delete.


Do you have Firefox closed when you try to uninstall it, if not, close it and then try.

If that is not the problem, it may be your Windows Installer. Try this:

Please download Fixit for problems with Windows installer/unistaller

Tell me how you get on.


----------



## white_tigress (Apr 6, 2011)

emeraldnzl said:


> Do you have Firefox closed when you try to uninstall it, if not, close it and then try.
> 
> *I had all windows closed.*
> 
> ...


I got this message when trying to run Fixit. 
"Fix It troubleshooting cannot continue because an error occurred.
We're sorry, but the program encountered a runtime error. Please try again.
[Code 8007001F]


----------



## emeraldnzl (Nov 3, 2007)

Try rebooting and running it again. Might fix it.

If not try uninstalling it in Safe Mode. If necessary using Fixit.

*Boot into Safe Mode:*

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


----------



## white_tigress (Apr 6, 2011)

Ok, rebooted in safe mode and Fixit wasn't there. I'm now in normal mode, had to reinstall Fixit and Firefox wasn't listed so it wants the product code. What do I put in? OMG...what would I do without you? Seriously!


----------



## emeraldnzl (Nov 3, 2007)

Firefox doesn't have a product key.

So do you have Firefox still?

If not best thought is to reinstall it using the link I provide at post #78.

If you do have it try the Add-ons solution also post #78. The first one there.


----------



## white_tigress (Apr 6, 2011)

emeraldnzl said:


> Firefox doesn't have a product key.
> 
> So do you have Firefox still?
> 
> ...


*It seems to be getting more and more difficult to fix this thing. I disabled an add-on for my camera and updated my Java but where do I go from here? The other add-ons are all up to date.

My add-ons are as follows:
Adobe Acrobat 11.0.2.0
Java Deployment Toolkit 7.0.170.2 10.17.2.2
Quick-Time Plug-In 7.7.3 7.7.30
Shockwave Flash 11.6.602.180
Shockwave Flash 11.4.402.287
Shockwave Plug-In 5.1.20125.0

How would I know which to disable? 
*


----------



## white_tigress (Apr 6, 2011)

Btw...yes, I still have Firefox


----------



## emeraldnzl (Nov 3, 2007)

> I got this message when trying to run Fixit.
> "Fix It troubleshooting cannot continue because an error occurred.
> We're sorry, but the program encountered a runtime error. Please try again.
> [Code 8007001F]


Download Fixit for run time error in Internet Explorer

After that try the installation Fixit (post #81) again and see if it will help you uninstall Mozilla Firefox.

If that doesn't work come back and tell me.


----------



## white_tigress (Apr 6, 2011)

Still not working. Mozilla Firefox is not budging! Does this mean that Firefox could be the problem and have a virus itself?


----------



## emeraldnzl (Nov 3, 2007)

Not necessarily Mozilla Firefox can be hard to remove sometimes. Having said that there could be something there because you seemed to be able to run fine in Safe Mode.

Let's see if we can move the folders with ComboFix and afterwards reinstall Firefox again.

If you want to keep your Bookmarks make sure you have them backed up before you start. You can use IE to download a new version of Firefox afterwards see link post #78.

*Now*

Close any open browsers.

Then drag CFScript.txt into ComboFix.exe










This will start ComboFix.

When finished, it will produce a log for you at *C:\ComboFix.txt*. Please post that here for further review.

Note: _This script was written specifically for this infection on this person's computer. It should *NOT* to be used on another computer, as it may cause serious damage possibly rendering the machine unusable._


----------



## white_tigress (Apr 6, 2011)

It took forever but it looks like Firefox is gone!

ComboFix 13-03-21.02 - Owner 03/22/2013 22:03:05.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.279 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript-2.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MFAData
c:\programdata\MFAData\mfaurlconf.ini
c:\programdata\MFAData\mkt\dty\res\install.css
c:\programdata\MFAData\mkt\dty\res\offer.css
c:\programdata\MFAData\mkt\dty\us\install-toolbar.png
c:\programdata\MFAData\mkt\dty\us\InstallTypeScreen.html
c:\programdata\MFAData\mkt\dty\us\toolbar.png
c:\programdata\MFAData\mkt\dty\us\ToolbarOfferScreen.html
c:\programdata\MFAData\mkt\res\OK.png
c:\programdata\MFAData\mkt\res\style-test.css
c:\programdata\MFAData\mkt\res\style.css
c:\programdata\MFAData\mkt\res\w7_active.png
c:\programdata\MFAData\mkt\res\w7_active_check.png
c:\programdata\MFAData\mkt\res\w7_check.png
c:\programdata\MFAData\mkt\res\w7_disable_check.png
c:\programdata\MFAData\mkt\res\w7_disable_uncheck.png
c:\programdata\MFAData\mkt\res\w7_hover.png
c:\programdata\MFAData\mkt\res\w7_hover_check.png
c:\programdata\MFAData\mkt\res\w7_uncheck.png
c:\programdata\MFAData\mkt\us\dm_marketing_message-en-us.html
c:\programdata\MFAData\msistorg.dat
c:\programdata\MFAData\msistorg.dat.bkp
c:\programdata\MFAData\pack\AntiRka.cab
c:\programdata\MFAData\pack\Antivira.cab
c:\programdata\MFAData\pack\avg13infoavi.ctf
c:\programdata\MFAData\pack\avg13infooi.ctf
c:\programdata\MFAData\pack\avg13infowin.ctf
c:\programdata\MFAData\pack\Avgx64.msi
c:\programdata\MFAData\pack\AVIsa.cab
c:\programdata\MFAData\pack\base2a.cab
c:\programdata\MFAData\pack\basea.cab
c:\programdata\MFAData\pack\bins\f13antirka2904cn.bin
c:\programdata\MFAData\pack\bins\f13antivira2904sv.bin
c:\programdata\MFAData\pack\bins\f13avga2904bn.bin
c:\programdata\MFAData\pack\bins\f13avisa2904gh.bin
c:\programdata\MFAData\pack\bins\f13basa2904dd.bin
c:\programdata\MFAData\pack\bins\f13base2a2904rx.bin
c:\programdata\MFAData\pack\bins\f13emailsa2904kp.bin
c:\programdata\MFAData\pack\bins\f13guia2904st.bin
c:\programdata\MFAData\pack\bins\f13idpa2904oz.bin
c:\programdata\MFAData\pack\bins\f13lng_esa2904hw.bin
c:\programdata\MFAData\pack\bins\f13lng_ita2904kt.bin
c:\programdata\MFAData\pack\bins\f13lng_spa2904cv.bin
c:\programdata\MFAData\pack\bins\f13lng_usa2904ri.bin
c:\programdata\MFAData\pack\bins\f13rdsta2904bs.bin
c:\programdata\MFAData\pack\bins\f13rdstx2904mh.bin
c:\programdata\MFAData\pack\bins\f13resshlda2904os.bin
c:\programdata\MFAData\pack\bins\f13srchsrfa2904ne.bin
c:\programdata\MFAData\pack\bins\f13sshttpba2904ks.bin
c:\programdata\MFAData\pack\bins\f13tdidrva2904ks.bin
c:\programdata\MFAData\pack\bins\f13tuneupa2904af.bin
c:\programdata\MFAData\pack\bins\f13update2a2904qe.bin
c:\programdata\MFAData\pack\bins\f13updatea2904vk.bin
c:\programdata\MFAData\pack\bins\f13xpla2904nv.bin
c:\programdata\MFAData\pack\bins\foi13cnet_dtc32si.bin
c:\programdata\MFAData\pack\bins\foi13cnet_lic8jz.bin
c:\programdata\MFAData\pack\bins\foi13cnet_mps14wz.bin
c:\programdata\MFAData\pack\bins\foi13default_dty32sz.bin
c:\programdata\MFAData\pack\bins\w13corea2641eh.bin
c:\programdata\MFAData\pack\cnet_dtc.mdf
c:\programdata\MFAData\pack\cnet_mps.mdf
c:\programdata\MFAData\pack\COREa.cab
c:\programdata\MFAData\pack\COREx64.msi
c:\programdata\MFAData\pack\crt_x64.msi
c:\programdata\MFAData\pack\default_dty.mdf
c:\programdata\MFAData\pack\Emailsa.cab
c:\programdata\MFAData\pack\GUIa.cab
c:\programdata\MFAData\pack\IDPa.cab
c:\programdata\MFAData\pack\lic.mdf
c:\programdata\MFAData\pack\lng_usa.cab
c:\programdata\MFAData\pack\ResShlda.cab
c:\programdata\MFAData\pack\SrchSrfa.cab
c:\programdata\MFAData\pack\SSHttpBa.cab
c:\programdata\MFAData\pack\TDIDrva.cab
c:\programdata\MFAData\pack\TuneUpa.cab
c:\programdata\MFAData\pack\Update2a.cab
c:\programdata\MFAData\pack\Updatea.cab
c:\programdata\MFAData\pack\vc_red.cab
c:\programdata\MFAData\pack\vc_red.msi
c:\programdata\MFAData\pack\xpla.cab
c:\programdata\MFAData\public_installation_log.xml
c:\programdata\MFAData\SelfUpd\avgmfapx.exe
c:\programdata\MFAData\SelfUpd\avgmfarx.dll
c:\programdata\MFAData\SelfUpd\avgntdumpx.exe
c:\programdata\MFAData\SelfUpd\avgrdtesta.exe
c:\programdata\MFAData\SelfUpd\avgrdtestx.exe
c:\programdata\MFAData\SelfUpd\avgrunasx.exe
c:\programdata\MFAData\SelfUpd\bins\f13mfa2904b2899fw.bin
c:\programdata\MFAData\SelfUpd\bins\f13upd2904b2899sv.bin
c:\programdata\MFAData\SelfUpd\compat.ini
c:\programdata\MFAData\SelfUpd\htmlayout.dll
c:\programdata\MFAData\SelfUpd\license_cz.htm
c:\programdata\MFAData\SelfUpd\license_da.htm
c:\programdata\MFAData\SelfUpd\license_es.htm
c:\programdata\MFAData\SelfUpd\license_fr.htm
c:\programdata\MFAData\SelfUpd\license_ge.htm
c:\programdata\MFAData\SelfUpd\license_hu.htm
c:\programdata\MFAData\SelfUpd\license_id.htm
c:\programdata\MFAData\SelfUpd\license_in.htm
c:\programdata\MFAData\SelfUpd\license_it.htm
c:\programdata\MFAData\SelfUpd\license_jp.htm
c:\programdata\MFAData\SelfUpd\license_ko.htm
c:\programdata\MFAData\SelfUpd\license_ms.htm
c:\programdata\MFAData\SelfUpd\license_nl.htm
c:\programdata\MFAData\SelfUpd\license_pb.htm
c:\programdata\MFAData\SelfUpd\license_pl.htm
c:\programdata\MFAData\SelfUpd\license_pt.htm
c:\programdata\MFAData\SelfUpd\license_ru.htm
c:\programdata\MFAData\SelfUpd\license_sc.htm
c:\programdata\MFAData\SelfUpd\license_sk.htm
c:\programdata\MFAData\SelfUpd\license_sp.htm
c:\programdata\MFAData\SelfUpd\license_tr.htm
c:\programdata\MFAData\SelfUpd\license_us.htm
c:\programdata\MFAData\SelfUpd\license_zh.htm
c:\programdata\MFAData\SelfUpd\license_zt.htm
c:\programdata\MFAData\SelfUpd\mfaconf.txt
c:\programdata\MFAData\SelfUpd\mfacz.lns
c:\programdata\MFAData\SelfUpd\mfada.lns
c:\programdata\MFAData\SelfUpd\mfaes.lns
c:\programdata\MFAData\SelfUpd\mfafr.lns
c:\programdata\MFAData\SelfUpd\mfage.lns
c:\programdata\MFAData\SelfUpd\mfahu.lns
c:\programdata\MFAData\SelfUpd\mfaid.lns
c:\programdata\MFAData\SelfUpd\mfain.lns
c:\programdata\MFAData\SelfUpd\mfait.lns
c:\programdata\MFAData\SelfUpd\mfajp.lns
c:\programdata\MFAData\SelfUpd\mfako.lns
c:\programdata\MFAData\SelfUpd\mfams.lns
c:\programdata\MFAData\SelfUpd\mfanl.lns
c:\programdata\MFAData\SelfUpd\mfapb.lns
c:\programdata\MFAData\SelfUpd\mfapl.lns
c:\programdata\MFAData\SelfUpd\mfapt.lns
c:\programdata\MFAData\SelfUpd\mfaru.lns
c:\programdata\MFAData\SelfUpd\mfasc.lns
c:\programdata\MFAData\SelfUpd\mfask.lns
c:\programdata\MFAData\SelfUpd\mfasp.lns
c:\programdata\MFAData\SelfUpd\mfatr.lns
c:\programdata\MFAData\SelfUpd\mfaus.lns
c:\programdata\MFAData\SelfUpd\mfavera.txt
c:\programdata\MFAData\SelfUpd\mfaverx.txt
c:\programdata\MFAData\SelfUpd\mfazh.lns
c:\programdata\MFAData\SelfUpd\mfazt.lns
c:\programdata\MFAData\SelfUpd\personalise_cz.htm
c:\programdata\MFAData\SelfUpd\personalise_da.htm
c:\programdata\MFAData\SelfUpd\personalise_es.htm
c:\programdata\MFAData\SelfUpd\personalise_fr.htm
c:\programdata\MFAData\SelfUpd\personalise_ge.htm
c:\programdata\MFAData\SelfUpd\personalise_hu.htm
c:\programdata\MFAData\SelfUpd\personalise_id.htm
c:\programdata\MFAData\SelfUpd\personalise_in.htm
c:\programdata\MFAData\SelfUpd\personalise_it.htm
c:\programdata\MFAData\SelfUpd\personalise_jp.htm
c:\programdata\MFAData\SelfUpd\personalise_ko.htm
c:\programdata\MFAData\SelfUpd\personalise_ms.htm
c:\programdata\MFAData\SelfUpd\personalise_nl.htm
c:\programdata\MFAData\SelfUpd\personalise_pb.htm
c:\programdata\MFAData\SelfUpd\personalise_pl.htm
c:\programdata\MFAData\SelfUpd\personalise_pt.htm
c:\programdata\MFAData\SelfUpd\personalise_ru.htm
c:\programdata\MFAData\SelfUpd\personalise_sc.htm
c:\programdata\MFAData\SelfUpd\personalise_sk.htm
c:\programdata\MFAData\SelfUpd\personalise_sp.htm
c:\programdata\MFAData\SelfUpd\personalise_tr.htm
c:\programdata\MFAData\SelfUpd\personalise_us.htm
c:\programdata\MFAData\SelfUpd\personalise_zh.htm
c:\programdata\MFAData\SelfUpd\personalise_zt.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_cz.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_da.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_es.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_fr.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_ge.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_hu.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_id.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_in.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_it.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_jp.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_ko.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_ms.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_nl.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_pb.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_pl.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_pt.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_ru.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_sc.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_sk.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_sp.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_tr.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_us.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_zh.htm
c:\programdata\MFAData\SelfUpd\privacy_policy_zt.htm
c:\programdata\MFAData\survey\cancel.htm
c:\users\Owner\AppData\Local\MFAData
c:\users\Owner\AppData\Local\MFAData\logs\mfa-20130308-070604.log
c:\users\Owner\AppData\Local\MFAData\logs\mfa-20130308-072251.log
c:\users\Owner\AppData\Local\MFAData\logs\mfa-20130308-072301.log
c:\users\Owner\AppData\Local\MFAData\logs\msi-20130308-070604.log
c:\users\Owner\AppData\Local\MFAData\logs\msi-20130308-072301.log
c:\users\Owner\AppData\Local\MFAData\logs\r64-20130308-072401.log
c:\users\Owner\AppData\Local\MFAData\logs\r86-20130308-071814.log
c:\users\Owner\AppData\Local\MFAData\logs\r86-20130308-072357.log
c:\users\Owner\AppData\Local\Mozilla Firefox
c:\users\Owner\AppData\Local\Mozilla Firefox\AccessibleMarshal.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\application.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\breakpadinjector.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\chrome.manifest
c:\users\Owner\AppData\Local\Mozilla Firefox\components\binary.manifest
c:\users\Owner\AppData\Local\Mozilla Firefox\components\browsercomps.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\components\sprotector.js
c:\users\Owner\AppData\Local\Mozilla Firefox\crashreporter-override.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\crashreporter.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\crashreporter.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\D3DCompiler_43.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\d3dx9_43.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\defaults\pref\channel-prefs.js
c:\users\Owner\AppData\Local\Mozilla Firefox\firefox.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\freebl3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\gkmedias.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\libEGL.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\libGLESv2.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\maintenanceservice.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\maintenanceservice_installer.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\mozalloc.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\mozglue.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\mozjs.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\mozsqlite3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\msvcp100.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\msvcr100.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\nspr4.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\nss3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\nssckbi.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\nssdbm3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\nssutil3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\omni.ja
c:\users\Owner\AppData\Local\Mozilla Firefox\platform.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\plc4.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\plds4.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\plugin-container.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\smime3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\softokn3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\ssl3.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\uninstall\helper.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\uninstall\shortcuts_log.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\update-settings.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\updater.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\updater.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\webapp-uninstaller.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\webapprt-stub.exe
c:\users\Owner\AppData\Local\Mozilla Firefox\webapprt\omni.ja
c:\users\Owner\AppData\Local\Mozilla Firefox\webapprt\webapprt.ini
c:\users\Owner\AppData\Local\Mozilla Firefox\xpcom.dll
c:\users\Owner\AppData\Local\Mozilla Firefox\xul.dll
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 
Restored copy from - c:\windows\erdnt\cache86\userinit.exe 
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-23 05:11 . 2013-03-23 05:11 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-03-23 05:11 . 2013-03-23 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-23 02:57 . 2013-03-23 02:57 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-03-22 05:32 . 2013-03-22 05:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-22 05:30 . 2013-03-22 05:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-22 04:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9EBA4071-E8CA-4288-9D00-C23A85F333B5}\mpengine.dll
2013-03-22 01:17 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 22:37 . 2013-03-21 22:37 -------- d-----w- c:\users\Owner\AppData\Local\offsync
2013-03-21 03:43 . 2013-03-21 03:43 -------- d-----w- c:\program files (x86)\ESET
2013-03-21 02:09 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DBA7717-7F85-4710-A4F7-03F2EF9BEE00}\gapaengine.dll
2013-03-20 23:58 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 23:58 . 2013-03-20 23:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-20 20:19 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 02:52 . 2013-03-20 02:52 -------- d-----w- c:\windows\ERUNT
2013-03-20 02:50 . 2013-03-20 02:50 -------- d-----w- C:\JRT
2013-03-18 06:44 . 2013-03-18 06:44 -------- d-----w- c:\users\Owner\.config
2013-03-18 06:29 . 2013-03-18 06:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-17 19:50 . 2013-03-18 06:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedTestAnalysis
2013-03-17 19:41 . 2013-03-17 19:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-17 19:41 . 2013-03-17 19:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-17 19:41 . 2013-03-17 19:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-17 19:41 . 2013-03-17 19:41 188320 ----a-w- c:\windows\system32\java.exe
2013-03-17 19:41 . 2013-03-17 19:41 -------- d-----w- c:\program files\Java
2013-03-13 00:32 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 22:16 . 2013-03-17 05:41 -------- d-----w- C:\_OTL
2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-23 05:15 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-23 05:15 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-03-22 05:30 . 2012-05-18 17:59 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-22 05:30 . 2012-05-18 17:59 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-22 04:46 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-22 04:45 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-17 19:41 . 2012-09-01 06:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-17 19:41 . 2012-09-01 06:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 00:03 . 2012-05-18 10:03 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-12 05:45 . 2013-03-13 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 00:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 00:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 00:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 00:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 00:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 00:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 00:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 00:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 00:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 00:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 00:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 00:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
c:\program files (x86)\Workspace\offsyncext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
c:\program files (x86)\Workspace\offsyncext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mozilla Firefox 19.0 (x86 en-US) - c:\users\Owner\AppData\Local\Mozilla Firefox\uninstall\helper.exe
AddRemove-Mozilla Firefox 19.0.2 (x86 en-US) - c:\users\Owner\AppData\Local\Mozilla Firefox\uninstall\helper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Completion time: 2013-03-22 22:18:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-23 05:18
ComboFix2.txt 2013-03-23 04:53
ComboFix3.txt 2013-03-22 00:17
ComboFix4.txt 2013-03-21 08:06
ComboFix5.txt 2013-03-23 05:00
.
Pre-Run: 51,551,051,776 bytes free
Post-Run: 51,483,312,128 bytes free
.
- - End Of File - - B9CB0929C328CAE8708ADEBD65373B34


----------



## emeraldnzl (Nov 3, 2007)

Well done. 

I will be interested to hear how it goes when you reinstall Firefox.


----------



## white_tigress (Apr 6, 2011)

I hope you don't mind, but I reinstalled Firefox as Explorer was not working either and you had mentioned reinstalling Firefox.


----------



## emeraldnzl (Nov 3, 2007)

> hope you don't mind, but I reinstalled Firefox as Explorer was not working either and you had mentioned reinstalling Firefox.


That's exactly right.

How is it going?


----------



## white_tigress (Apr 6, 2011)

Things seem to be working pretty good! I hope this means all the evil bugs are gone!


----------



## emeraldnzl (Nov 3, 2007)

> Things seem to be working pretty good! I hope this means all the evil bugs are gone!


I hope so too. We should remove the tools we have been using as they can cause problems if left.

After that we can watch things for a day or two just to see how it goes.

*Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.*


Go to Start > Programs > Accessories and click on Run
 Copy and paste the the bolded text below in the box then hit OK

*Combofix /Uninstall*









*Step 2*

Double-click *OTL.exe* to run it. (Vista users, please right click on *OTL.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose *Yes.*

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Any other tools remaining may be deleted.

*Quiz - getsafeonline*

Have a safe and happy computing day!


----------



## white_tigress (Apr 6, 2011)

MBAM...that's Malwarebytes? If so, should I use that as a regular check-up along with Microsoft Security Essentials?


----------



## emeraldnzl (Nov 3, 2007)

The Malwarebytes one we used is the free version that doesn't run in real time. If it did, it might conflict with Microsoft Security Essentials but having it there as it is, updating it and running it say once a week or so might be a good additional security check for you.


----------



## emeraldnzl (Nov 3, 2007)

Futher to my last post it has occurred to me that you might like this program.

It was developed by a colleague at another site I help on.

Completely free and won't harm your machine.

Just like Ccleaner it removes temporary files from your machine. It doesn't have a registry cleaner or any other utility so no problem there.

I run it once a week on my computers.

For ease of use, you might consider :
*TFC.exe*


----------



## white_tigress (Apr 6, 2011)

Thank you very much. Should I keep Malwarebytes AND TFC?


----------

