Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast keeps giving windows.malware-gen and win32.downloader.PKU 9tj) a


  • This topic is locked This topic is locked

#1
betsym

betsym

    Member

  • Member
  • PipPipPip
  • 129 posts
Like some other members here, I keep getting alerts from my free version of Avast antivirus concerning win32:malware-gen and win32.downloader.PKU (Trj) malware. I have run Malware Bytes, Superantispyware, iObit Malware fighter (free), AND Trojan Remover(paid version), all to no avail. If I try to do anything on the internet, I get the message "internet explorer has stopped working."I consulted the local computer store where I got my computer custom-built, Circuitboard Computers, and the owner told me to uninstall my Avast anti-virus and then re-install it.The MINUTE I uninstalled Avast, the trojans/malware it had been sending to the chest started attacking my system. I quickly shut it down and restarted the computer in safe mode and then re-installed Avast. This fixed nothing. Didn't the computer man know what would happen if I uninstalled my antivirus protection in the presence of active malware which it was in the process of quarantining?I stupidly thought that I would have time to re-install it before anything worse could happen.All of this happened right after I went to a website, "FirstClass-downloads.com. I looked up a movie soundtrack and it came up with several locations to download it from. I paid the $1.99 for the 3-day trial and pressed download. I didn't see it download or find the files anywhere on my computer but right after that I started getting bombarded with virus alerts.I had also updated my antivirus. Since Avast is the one giving the constant alerts, would installing another antivirus program first and then uninstalling Avast correct the problem or only if they are false alerts?My computer is new. I've only had it for a few months, about 4, and before that I had a 9 year old Alienwares computer that finally bit the dust. I have a router which allows my daughter to connect her computer wirelessly to the network. Her desktop has been down for some time so she is using her laptop. I wondered if I might've gotten a virus from HER computer, since we are on the same network but she claims her computer is fine. She usually just ignores any problems until they stop her cold in her tracks (which is why her desktop is still in "graveyard" mode).

My operating system is Windows 7, 64 bit, and I have the browsers: Internet Explorer 9, Mozilla Firefox, and Opera.Since I have a custom-built system, I don't know much else about it.

Here is my OT log:OTL logfile created on: 7/22/2012 5:01:55 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Betsy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 42.15% Memory free
7.96 Gb Paging File | 5.66 Gb Available in Paging File | 71.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 694.99 Gb Free Space | 74.62% Space Free | Partition Type: NTFS

Computer Name: BETSY-PC | User Name: Betsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 04:30:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Betsy\Downloads\OTL.exe
PRC - [2012/07/19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/07/19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/07/19 00:54:46 | 001,192,664 | ---- | M] () -- C:\Users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/28 21:52:46 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 00:54:46 | 001,192,664 | ---- | M] () -- C:\Users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 23:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/06 01:12:22 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/11/20 23:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 21:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 21:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/07/21 17:01:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/29 14:56:24 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/06/20 18:58:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/28 16:56:24 | 000,013,192 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/28 21:52:46 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/20 23:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 23:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 12:44:26 | 000,513,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/01/25 11:28:10 | 000,172,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/10 01:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 01:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Betsy\Downloads
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 E2 66 8A 54 E0 CC 01 [binary data]
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes,DefaultScope = {DDD17EC2-7AA2-4D0D-8EB5-0224EB767813}
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae9e967f1
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{69E424E0-00A7-4947-B195-4F925730EB75}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-30 01:54:02&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{964BC362-3977-442B-A8F4-B4A61C7006F2}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{DDD17EC2-7AA2-4D0D-8EB5-0224EB767813}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{F63DAAF5-4E9D-4721-9213-881154A5E12B}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc9"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-tyc9"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=380920&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=380920"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/29 22:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 18:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/29 22:57:03 | 000,000,000 | ---D | M]

[2012/02/14 04:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Extensions
[2012/07/21 18:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions
[2012/07/06 14:30:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/25 02:34:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]
[2012/06/07 13:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/20 18:58:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/30 01:53:53 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/25 02:30:31 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/20 18:58:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 18:58:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...00014dae9e967f1
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...m&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...00014dae9e967f1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Domain Error Assistant = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Savings-Slider = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.0_0\
CHR - Extension: Gmail = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3:64bit: - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000..\Run: [Spotify Web Helper] C:\Users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..Trusted Domains: secondlife.com ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} http://www.activewor...ldsDownload.cab (ActiveWorldsDownload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9B35FA-AE15-4EA9-9A05-2769738C5599}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9B35FA-AE15-4EA9-9A05-2769738C5599}: NameServer = 8.8.8.8,4.2.2.1
O18:64bit: - Protocol\Handler\copernicagent - No CLSID value found
O18:64bit: - Protocol\Handler\copernicagentcache - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/07/21 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar
[2012/07/21 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/07/21 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/21 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\IObit
[2012/07/21 18:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/07/20 02:58:31 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/20 02:58:31 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/20 02:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/20 02:58:30 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/20 02:58:30 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/20 02:58:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/20 02:58:30 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/20 02:58:22 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/20 02:58:22 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/20 01:20:31 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\SpeedyPC Software
[2012/07/20 01:20:31 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\DriverCure
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/07/19 22:40:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/19 10:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2012/07/19 09:56:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Betsy\Desktop\dds.scr
[2012/07/19 07:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2012/07/19 07:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2012/07/17 09:35:40 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\YourFileDownloader
[2012/07/08 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\IDM
[2012/07/08 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\DMCache
[2012/07/06 02:01:07 | 000,000,000 | ---D | C] -- C:\Users\Betsy\Documents\access_application.do_files
[2012/07/04 00:15:37 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Local\Yahoo!
[2012/07/04 00:15:37 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Local\NanoService
[2012/06/27 23:57:49 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Local\Macromedia
[2012/06/25 02:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 04:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 04:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 04:31:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 18:49:31 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/21 14:02:57 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 14:02:57 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 13:59:05 | 000,794,642 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/21 13:59:05 | 000,674,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/21 13:59:05 | 000,122,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 13:54:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 13:54:20 | 3206,475,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 02:58:31 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/20 02:58:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/20 02:58:29 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/07/20 01:20:35 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/07/20 01:20:19 | 000,001,199 | ---- | M] () -- C:\Users\Betsy\Desktop\SpeedyPC Pro.lnk
[2012/07/20 01:20:19 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/20 01:20:19 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/19 23:55:56 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/19 10:12:16 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/07/19 09:57:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Betsy\Desktop\dds.scr
[2012/07/19 09:20:55 | 000,012,974 | ---- | M] () -- C:\Users\Betsy\Desktop\9.htm
[2012/07/19 08:14:02 | 000,000,000 | ---- | M] () -- C:\Users\Betsy\defogger_reenable
[2012/07/19 08:09:06 | 000,000,123 | ---- | M] () -- C:\Users\Betsy\Desktop\Microsoft Fix it.url
[2012/07/19 04:42:21 | 000,001,137 | ---- | M] () -- C:\Users\Betsy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/19 04:42:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 23:24:52 | 000,175,807 | ---- | M] () -- C:\Users\Betsy\Documents\Beginning Writer's Answer Book.pdf
[2012/07/13 13:31:55 | 000,033,114 | ---- | M] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342200711.amz
[2012/07/13 13:17:18 | 000,003,772 | ---- | M] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342199829.amz
[2012/07/11 17:26:51 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/07 01:36:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/06 02:01:08 | 000,000,778 | ---- | M] () -- C:\Users\Betsy\Documents\access_application.do.htm
[2012/07/04 10:43:17 | 054,887,300 | ---- | M] () -- C:\Users\Betsy\Documents\MusicToFeelBetterSongSampler.zip
[2012/07/04 07:11:17 | 007,042,317 | ---- | M] () -- C:\Users\Betsy\Documents\Celtic dream.mp3
[2012/07/04 07:10:57 | 006,466,791 | ---- | M] () -- C:\Users\Betsy\Documents\shaman's countdown.mp3
[2012/07/04 05:58:32 | 000,000,035 | ---- | M] () -- C:\Users\Betsy\Documents\Beyond+Earth.mp3
[2012/07/04 05:58:09 | 000,000,035 | ---- | M] () -- C:\Users\Betsy\Documents\Intro.mp3
[2012/07/04 05:57:51 | 004,066,077 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Silence.mp3
[2012/07/04 05:57:29 | 005,479,618 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - moon flight.mp3
[2012/07/04 05:56:40 | 003,388,575 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Winter princess.mp3
[2012/07/04 05:30:36 | 000,014,165 | ---- | M] () -- C:\Users\Betsy\Documents\album_download.php
[2012/07/04 05:29:27 | 050,262,945 | ---- | M] () -- C:\Users\Betsy\Documents\Gothrixus - Memory Of Light & Darkness (Ambient _ Soundtrack) -- FREE DOWNLOAD.zip
[2012/07/04 04:54:44 | 005,213,048 | ---- | M] () -- C:\Users\Betsy\Documents\Corvo - Home (Morganville Vampires Internet Single).zip
[2012/07/04 04:45:05 | 003,643,645 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Rain song.mp3
[2012/07/04 04:44:44 | 007,374,976 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Santorini.mp3
[2012/07/04 04:40:55 | 038,005,214 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_autumn_prelude_mp3_160kbps.zip
[2012/07/04 04:35:10 | 008,478,910 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Escape.mp3
[2012/07/04 04:33:53 | 064,688,459 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_e-world_mp3_160kbps.zip
[2012/07/04 04:23:50 | 011,236,291 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Agnus Dei.mp3
[2012/07/04 04:22:41 | 005,453,408 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Eden.mp3
[2012/07/04 04:22:00 | 005,032,104 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Blue.mp3
[2012/07/04 04:21:00 | 007,820,625 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Keep flying.mp3
[2012/07/04 04:19:56 | 005,933,539 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Celtic dream.mp3
[2012/07/04 04:17:42 | 032,469,037 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_earth_mix_mp3_160kbps.zip
[2012/07/04 04:13:23 | 029,944,846 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_the_orchestral_expansion_mp3_160kbps.zip
[2012/07/04 04:11:12 | 008,609,523 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Infinity.mp3
[2012/07/04 04:08:57 | 097,411,508 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_untold_stories_of_a_dying_moon_mp3_160kbps.zip
[2012/07/04 03:49:55 | 099,440,768 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_mp3_160kbps.zip
[2012/07/04 03:45:54 | 059,738,729 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_fairytale_mp3_160kbps.zip
[2012/07/04 03:43:13 | 018,605,023 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_darkness_falls_mp3_160kbps.zip
[2012/07/04 03:41:38 | 003,386,965 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Lost kingdom.mp3
[2012/07/04 03:41:16 | 004,760,146 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Moonlight requiem.mp3
[2012/07/04 03:40:55 | 006,448,359 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Gothic.mp3
[2012/07/04 03:39:39 | 006,395,947 | ---- | M] () -- C:\Users\Betsy\Documents\Dia - zero-project - Come to me.mp3
[2012/07/04 03:37:46 | 001,253,848 | ---- | M] () -- C:\Users\Betsy\Documents\Agni Ponichtera - zero-project - Yannis Tzionas - Songs.mp3
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/25 02:30:35 | 000,000,487 | ---- | M] () -- C:\user.js
[2012/06/25 01:20:18 | 003,538,237 | ---- | M] () -- C:\Users\Betsy\Documents\Head and Neck Pain.pdf
[2012/06/24 04:26:41 | 001,037,682 | ---- | M] () -- C:\Users\Betsy\Documents\HowToCreate.pdf
[2012/06/24 03:19:54 | 003,538,237 | ---- | M] () -- C:\Users\Betsy\Documents\Free+Gift+Special+Report+.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 18:49:31 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/21 05:00:27 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}\U\[email protected]
[2012/07/20 08:20:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}\U\[email protected]
[2012/07/20 02:58:31 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/20 02:58:29 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/07/20 01:20:35 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/07/20 01:20:19 | 000,001,199 | ---- | C] () -- C:\Users\Betsy\Desktop\SpeedyPC Pro.lnk
[2012/07/20 01:20:19 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/20 01:20:19 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/19 23:55:56 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/19 18:39:25 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}\L\[email protected]
[2012/07/19 10:12:16 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/07/19 10:12:16 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/07/19 09:20:55 | 000,012,974 | ---- | C] () -- C:\Users\Betsy\Desktop\9.htm
[2012/07/19 08:14:02 | 000,000,000 | ---- | C] () -- C:\Users\Betsy\defogger_reenable
[2012/07/19 08:09:05 | 000,000,123 | ---- | C] () -- C:\Users\Betsy\Desktop\Microsoft Fix it.url
[2012/07/18 23:24:52 | 000,175,807 | ---- | C] () -- C:\Users\Betsy\Documents\Beginning Writer's Answer Book.pdf
[2012/07/13 13:31:55 | 000,033,114 | ---- | C] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342200711.amz
[2012/07/13 13:17:17 | 000,003,772 | ---- | C] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342199829.amz
[2012/07/06 02:01:07 | 000,000,778 | ---- | C] () -- C:\Users\Betsy\Documents\access_application.do.htm
[2012/07/04 10:42:34 | 054,887,300 | ---- | C] () -- C:\Users\Betsy\Documents\MusicToFeelBetterSongSampler.zip
[2012/07/04 07:11:14 | 007,042,317 | ---- | C] () -- C:\Users\Betsy\Documents\Celtic dream.mp3
[2012/07/04 07:10:52 | 006,466,791 | ---- | C] () -- C:\Users\Betsy\Documents\shaman's countdown.mp3
[2012/07/04 05:58:31 | 000,000,035 | ---- | C] () -- C:\Users\Betsy\Documents\Beyond+Earth.mp3
[2012/07/04 05:58:08 | 000,000,035 | ---- | C] () -- C:\Users\Betsy\Documents\Intro.mp3
[2012/07/04 05:57:45 | 004,066,077 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Silence.mp3
[2012/07/04 05:57:20 | 005,479,618 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - moon flight.mp3
[2012/07/04 05:56:35 | 003,388,575 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Winter princess.mp3
[2012/07/04 05:30:35 | 000,014,165 | ---- | C] () -- C:\Users\Betsy\Documents\album_download.php
[2012/07/04 05:28:56 | 050,262,945 | ---- | C] () -- C:\Users\Betsy\Documents\Gothrixus - Memory Of Light & Darkness (Ambient _ Soundtrack) -- FREE DOWNLOAD.zip
[2012/07/04 04:54:40 | 005,213,048 | ---- | C] () -- C:\Users\Betsy\Documents\Corvo - Home (Morganville Vampires Internet Single).zip
[2012/07/04 04:45:00 | 003,643,645 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Rain song.mp3
[2012/07/04 04:44:36 | 007,374,976 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Santorini.mp3
[2012/07/04 04:39:41 | 038,005,214 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_autumn_prelude_mp3_160kbps.zip
[2012/07/04 04:34:56 | 008,478,910 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Escape.mp3
[2012/07/04 04:31:53 | 064,688,459 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_e-world_mp3_160kbps.zip
[2012/07/04 04:23:24 | 011,236,291 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Agnus Dei.mp3
[2012/07/04 04:22:31 | 005,453,408 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Eden.mp3
[2012/07/04 04:21:47 | 005,032,104 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Blue.mp3
[2012/07/04 04:20:48 | 007,820,625 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Keep flying.mp3
[2012/07/04 04:19:46 | 005,933,539 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Celtic dream.mp3
[2012/07/04 04:16:35 | 032,469,037 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_earth_mix_mp3_160kbps.zip
[2012/07/04 04:12:29 | 029,944,846 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_the_orchestral_expansion_mp3_160kbps.zip
[2012/07/04 04:10:53 | 008,609,523 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Infinity.mp3
[2012/07/04 04:04:54 | 097,411,508 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_untold_stories_of_a_dying_moon_mp3_160kbps.zip
[2012/07/04 03:46:05 | 099,440,768 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_mp3_160kbps.zip
[2012/07/04 03:43:35 | 059,738,729 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_fairytale_mp3_160kbps.zip
[2012/07/04 03:42:46 | 018,605,023 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_darkness_falls_mp3_160kbps.zip
[2012/07/04 03:41:32 | 003,386,965 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Lost kingdom.mp3
[2012/07/04 03:41:09 | 004,760,146 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Moonlight requiem.mp3
[2012/07/04 03:40:43 | 006,448,359 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Gothic.mp3
[2012/07/04 03:39:27 | 006,395,947 | ---- | C] () -- C:\Users\Betsy\Documents\Dia - zero-project - Come to me.mp3
[2012/07/04 03:37:44 | 001,253,848 | ---- | C] () -- C:\Users\Betsy\Documents\Agni Ponichtera - zero-project - Yannis Tzionas - Songs.mp3
[2012/06/25 01:20:18 | 003,538,237 | ---- | C] () -- C:\Users\Betsy\Documents\Head and Neck Pain.pdf
[2012/06/24 04:26:41 | 001,037,682 | ---- | C] () -- C:\Users\Betsy\Documents\HowToCreate.pdf
[2012/06/24 03:19:54 | 003,538,237 | ---- | C] () -- C:\Users\Betsy\Documents\Free+Gift+Special+Report+.pdf
[2012/05/07 00:50:55 | 000,165,477 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2012/05/07 00:50:55 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2012/03/29 22:53:35 | 000,165,380 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012/03/29 22:53:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2012/03/29 22:45:37 | 000,142,456 | ---- | C] () -- C:\Windows\hpwins10.dat
[2012/03/29 22:45:37 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2012/02/18 21:13:59 | 000,007,600 | ---- | C] () -- C:\Users\Betsy\AppData\Local\resmon.resmoncfg
[2012/02/14 02:45:40 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2012/02/08 02:42:30 | 000,187,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/08 00:48:42 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/02/08 00:48:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/02/08 00:48:42 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/02/08 00:48:41 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2012/02/02 23:15:12 | 000,000,110 | ---- | C] () -- C:\Users\Betsy\webct_upload_applet.properties
[2012/02/01 22:34:08 | 000,759,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/31 16:52:02 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/31 16:52:02 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/31 16:52:02 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/31 16:52:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/31 16:04:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}\@
[2012/01/31 16:04:29 | 000,002,048 | -HS- | C] () -- C:\Users\Betsy\AppData\Local\{aa2e1122-46fd-a844-af14-de4cd62143d9}\@
[2012/01/31 15:46:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/31 15:46:51 | 000,023,898 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/03/09 19:13:08 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Amazon
[2012/02/01 09:42:42 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Auslogics
[2012/05/07 03:49:55 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Babylon
[2012/02/14 04:22:45 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Copernic
[2012/05/04 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DarkRitualGuide
[2012/07/08 08:11:30 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DMCache
[2012/07/20 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DriverCure
[2012/07/08 13:11:09 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\IDM
[2012/07/21 18:49:25 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\IObit
[2012/04/30 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\OpenCandy
[2012/05/08 23:29:19 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Opera
[2012/02/18 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\SecondLife
[2012/02/08 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Simply Super Software
[2012/04/06 04:26:34 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\SoundSpectrum
[2012/07/20 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\SpeedyPC Software
[2012/07/19 04:35:05 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Spotify
[2012/05/03 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\TuneUpMedia
[2012/02/05 02:28:09 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Windows Live Writer
[2012/07/17 09:36:51 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\YourFileDownloader
[2012/02/14 04:23:36 | 000,000,423 | -H-- | M] () -- C:\Windows\Tasks\1 Copernic Intra-Daily ~Betsy-PC Betsy.job
[2012/02/14 04:23:36 | 000,000,399 | -H-- | M] () -- C:\Windows\Tasks\2 Copernic Daily ~Betsy-PC Betsy.job
[2012/02/14 04:23:36 | 000,000,404 | -H-- | M] () -- C:\Windows\Tasks\3 Copernic Weekly ~Betsy-PC Betsy.job
[2012/02/14 04:23:36 | 000,000,409 | -H-- | M] () -- C:\Windows\Tasks\4 Copernic Monthly ~Betsy-PC Betsy.job
[2012/07/20 02:58:29 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/04/12 19:26:44 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/20 01:20:19 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/07/20 01:20:35 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/07/20 01:20:19 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:F8780B24

< End of report >

Edited by betsym, 22 July 2012 - 04:01 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

the owner told me to uninstall my Avast anti-virus and then re-install it.The MINUTE I uninstalled Avast, the trojans/malware it had been sending to the chest started attacking my system. I quickly shut it down and restarted the computer in safe mode and then re-installed Avast.

That was not clever as Avast was holding it in check

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKU\S-1-5-21-1260934113-1572342194-1008497398-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae9e967f1
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2012/06/25 02:34:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]
    [2012/06/25 02:30:31 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/05/07 03:49:55 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Babylon

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}
    C:\Users\Betsy\AppData\Local\{aa2e1122-46fd-a844-af14-de4cd62143d9}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-1260934113-1572342194-1008497398-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-1260934113-1572342194-1008497398-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\content\imgs folder moved successfully.
Folder move failed. C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\content scheduled to be moved on reboot.
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\components folder moved successfully.
Folder move failed. C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected] scheduled to be moved on reboot.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Users\Betsy\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Betsy\Downloads\cmd.bat deleted successfully.
C:\Users\Betsy\Downloads\cmd.txt deleted successfully.
C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}\U folder moved successfully.
C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9}\L folder moved successfully.
C:\Windows\Installer\{aa2e1122-46fd-a844-af14-de4cd62143d9} folder moved successfully.
C:\Users\Betsy\AppData\Local\{aa2e1122-46fd-a844-af14-de4cd62143d9}\U folder moved successfully.
C:\Users\Betsy\AppData\Local\{aa2e1122-46fd-a844-af14-de4cd62143d9}\L folder moved successfully.
C:\Users\Betsy\AppData\Local\{aa2e1122-46fd-a844-af14-de4cd62143d9} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Betsy
->Temp folder emptied: 15674348058 bytes
->Temporary Internet Files folder emptied: 864053871 bytes
->Java cache emptied: 3554587 bytes
->FireFox cache emptied: 580922963 bytes
->Google Chrome cache emptied: 44574777 bytes
->Opera cache emptied: 67814898 bytes
->Flash cache emptied: 42750 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 198747430 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 860346 bytes

Total Files Cleaned = 16,627.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.54.0 log created on 07222012_100022

Files\Folders moved on Reboot...
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected] folder moved successfully.
File\Folder C:\Users\Betsy\AppData\Local\Temp\OICE_1171DB2B-AF46-4BE0-A234-68CB9426470C.0\87DD4F7. not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\OICE_02DD94F6-4FEE-40C3-9F6A-31F64420DEBC.0\BAC660CB. not found!
C:\Users\Betsy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF01EECFA195A38367.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF31759A2D9FA93A5F.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF48AEF2DB0B67F833.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF4E7681C5CC1B3DEA.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF568548C15BC762EC.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF5BA810502B037B95.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DF7B28ABC0DC101717.TMP not found!
File\Folder C:\Users\Betsy\AppData\Local\Temp\~DFBEE533EB202AAE64.TMP not found!
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YCRFKTCX\api[2].htm moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\al[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\al[2].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\al[3].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\r[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QHYQ35PM\track[1].htm moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OW9RME8R\log[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHSLHCJ5\al[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB35TEI8\init[2].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB35TEI8\s[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB35TEI8\s[2].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IYSUCX6R\init[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I23MWNLA\s[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEXBJTEK\index[3].htm moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B10ZBOE6\s[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6KPIPAYM\al[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1EM7QCCD\s[1].js moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected]\content not found!
File C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\[email protected] not found!
File C:\Users\Betsy\AppData\Local\Temp\OICE_1171DB2B-AF46-4BE0-A234-68CB9426470C.0\87DD4F7. not found!
File C:\Users\Betsy\AppData\Local\Temp\OICE_02DD94F6-4FEE-40C3-9F6A-31F64420DEBC.0\BAC660CB. not found!
File C:\Users\Betsy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF01EECFA195A38367.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF31759A2D9FA93A5F.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF48AEF2DB0B67F833.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF4E7681C5CC1B3DEA.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF568548C15BC762EC.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF5BA810502B037B95.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DF7B28ABC0DC101717.TMP not found!
File C:\Users\Betsy\AppData\Local\Temp\~DFBEE533EB202AAE64.TMP not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YCRFKTCX\api[2].htm not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\al[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\al[2].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\al[3].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVI4WN9M\r[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QHYQ35PM\track[1].htm not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OW9RME8R\log[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHSLHCJ5\al[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB35TEI8\init[2].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB35TEI8\s[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KB35TEI8\s[2].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IYSUCX6R\init[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I23MWNLA\s[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEXBJTEK\index[3].htm not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B10ZBOE6\s[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6KPIPAYM\al[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1EM7QCCD\s[1].js not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
[2012/07/22 10:10:32 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

OTL logfile created on: 7/22/2012 10:20:59 AM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Betsy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.17% Memory free
7.96 Gb Paging File | 6.41 Gb Available in Paging File | 80.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 711.37 Gb Free Space | 76.38% Space Free | Partition Type: NTFS

Computer Name: BETSY-PC | User Name: Betsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 09:42:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Betsy\Downloads\OTL (1).exe
PRC - [2012/07/21 17:01:24 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/07/19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/07/19 00:54:46 | 001,192,664 | ---- | M] () -- C:\Users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/28 21:52:46 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 00:54:46 | 001,192,664 | ---- | M] () -- C:\Users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 23:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/06 01:12:22 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/11/20 23:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 21:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 21:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/07/21 17:01:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/29 14:56:24 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/06/20 18:58:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/28 16:56:24 | 000,013,192 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/28 21:52:46 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/20 23:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 23:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 12:44:26 | 000,513,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/01/25 11:28:10 | 000,172,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/10 01:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 01:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Betsy\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 E2 66 8A 54 E0 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DDD17EC2-7AA2-4D0D-8EB5-0224EB767813}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{69E424E0-00A7-4947-B195-4F925730EB75}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-30 01:54:02&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{964BC362-3977-442B-A8F4-B4A61C7006F2}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{DDD17EC2-7AA2-4D0D-8EB5-0224EB767813}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F63DAAF5-4E9D-4721-9213-881154A5E12B}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc9"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-tyc9"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=380920&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=380920"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/29 22:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 18:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/29 22:57:03 | 000,000,000 | ---D | M]

[2012/02/14 04:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Extensions
[2012/07/22 10:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions
[2012/07/06 14:30:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/07 13:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\BETSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QJ012UU8.DEFAULT\EXTENSIONS\[email protected]
[2012/06/20 18:58:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/30 01:53:53 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/20 18:58:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 18:58:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...00014dae9e967f1
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...m&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...00014dae9e967f1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Domain Error Assistant = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Savings-Slider = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.0_0\
CHR - Extension: Gmail = C:\Users\Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/22 10:00:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: secondlife.com ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} http://www.activewor...ldsDownload.cab (ActiveWorldsDownload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9B35FA-AE15-4EA9-9A05-2769738C5599}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9B35FA-AE15-4EA9-9A05-2769738C5599}: NameServer = 8.8.8.8,4.2.2.1
O18:64bit: - Protocol\Handler\copernicagent - No CLSID value found
O18:64bit: - Protocol\Handler\copernicagentcache - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 10:00:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/21 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/07/21 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar
[2012/07/21 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/07/21 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/21 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\IObit
[2012/07/21 18:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/07/20 02:58:31 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/20 02:58:31 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/20 02:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/20 02:58:30 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/20 02:58:30 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/20 02:58:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/20 02:58:30 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/20 02:58:22 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/20 02:58:22 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/20 01:20:31 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\SpeedyPC Software
[2012/07/20 01:20:31 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\DriverCure
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/07/20 01:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/07/19 22:40:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/19 10:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2012/07/19 09:56:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Betsy\Desktop\dds.scr
[2012/07/19 07:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2012/07/19 07:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2012/07/17 09:35:40 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\YourFileDownloader
[2012/07/08 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\IDM
[2012/07/08 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Roaming\DMCache
[2012/07/06 02:01:07 | 000,000,000 | ---D | C] -- C:\Users\Betsy\Documents\access_application.do_files
[2012/07/04 00:15:37 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Local\Yahoo!
[2012/07/04 00:15:37 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Local\NanoService
[2012/06/27 23:57:49 | 000,000,000 | ---D | C] -- C:\Users\Betsy\AppData\Local\Macromedia
[2012/06/25 02:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer

========== Files - Modified Within 30 Days ==========

[2012/07/22 10:18:20 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 10:18:20 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 10:15:05 | 000,794,642 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 10:15:05 | 000,674,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 10:15:05 | 000,122,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 10:10:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 10:10:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 10:10:17 | 3206,475,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 10:00:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/22 09:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 09:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 18:49:31 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/20 02:58:31 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/20 02:58:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/20 02:58:29 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/07/20 01:20:35 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/07/20 01:20:19 | 000,001,199 | ---- | M] () -- C:\Users\Betsy\Desktop\SpeedyPC Pro.lnk
[2012/07/20 01:20:19 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/20 01:20:19 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/19 23:55:56 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/19 10:12:16 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/07/19 09:57:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Betsy\Desktop\dds.scr
[2012/07/19 09:20:55 | 000,012,974 | ---- | M] () -- C:\Users\Betsy\Desktop\9.htm
[2012/07/19 08:14:02 | 000,000,000 | ---- | M] () -- C:\Users\Betsy\defogger_reenable
[2012/07/19 08:09:06 | 000,000,123 | ---- | M] () -- C:\Users\Betsy\Desktop\Microsoft Fix it.url
[2012/07/19 04:42:21 | 000,001,137 | ---- | M] () -- C:\Users\Betsy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/19 04:42:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 23:24:52 | 000,175,807 | ---- | M] () -- C:\Users\Betsy\Documents\Beginning Writer's Answer Book.pdf
[2012/07/13 13:31:55 | 000,033,114 | ---- | M] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342200711.amz
[2012/07/13 13:17:18 | 000,003,772 | ---- | M] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342199829.amz
[2012/07/11 17:26:51 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/07 01:36:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/06 02:01:08 | 000,000,778 | ---- | M] () -- C:\Users\Betsy\Documents\access_application.do.htm
[2012/07/04 10:43:17 | 054,887,300 | ---- | M] () -- C:\Users\Betsy\Documents\MusicToFeelBetterSongSampler.zip
[2012/07/04 07:11:17 | 007,042,317 | ---- | M] () -- C:\Users\Betsy\Documents\Celtic dream.mp3
[2012/07/04 07:10:57 | 006,466,791 | ---- | M] () -- C:\Users\Betsy\Documents\shaman's countdown.mp3
[2012/07/04 05:58:32 | 000,000,035 | ---- | M] () -- C:\Users\Betsy\Documents\Beyond+Earth.mp3
[2012/07/04 05:58:09 | 000,000,035 | ---- | M] () -- C:\Users\Betsy\Documents\Intro.mp3
[2012/07/04 05:57:51 | 004,066,077 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Silence.mp3
[2012/07/04 05:57:29 | 005,479,618 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - moon flight.mp3
[2012/07/04 05:56:40 | 003,388,575 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Winter princess.mp3
[2012/07/04 05:30:36 | 000,014,165 | ---- | M] () -- C:\Users\Betsy\Documents\album_download.php
[2012/07/04 05:29:27 | 050,262,945 | ---- | M] () -- C:\Users\Betsy\Documents\Gothrixus - Memory Of Light & Darkness (Ambient _ Soundtrack) -- FREE DOWNLOAD.zip
[2012/07/04 04:54:44 | 005,213,048 | ---- | M] () -- C:\Users\Betsy\Documents\Corvo - Home (Morganville Vampires Internet Single).zip
[2012/07/04 04:45:05 | 003,643,645 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Rain song.mp3
[2012/07/04 04:44:44 | 007,374,976 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Santorini.mp3
[2012/07/04 04:40:55 | 038,005,214 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_autumn_prelude_mp3_160kbps.zip
[2012/07/04 04:35:10 | 008,478,910 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Escape.mp3
[2012/07/04 04:33:53 | 064,688,459 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_e-world_mp3_160kbps.zip
[2012/07/04 04:23:50 | 011,236,291 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Agnus Dei.mp3
[2012/07/04 04:22:41 | 005,453,408 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Eden.mp3
[2012/07/04 04:22:00 | 005,032,104 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Blue.mp3
[2012/07/04 04:21:00 | 007,820,625 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Keep flying.mp3
[2012/07/04 04:19:56 | 005,933,539 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Celtic dream.mp3
[2012/07/04 04:17:42 | 032,469,037 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_earth_mix_mp3_160kbps.zip
[2012/07/04 04:13:23 | 029,944,846 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_the_orchestral_expansion_mp3_160kbps.zip
[2012/07/04 04:11:12 | 008,609,523 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Infinity.mp3
[2012/07/04 04:08:57 | 097,411,508 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_untold_stories_of_a_dying_moon_mp3_160kbps.zip
[2012/07/04 03:49:55 | 099,440,768 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_mp3_160kbps.zip
[2012/07/04 03:45:54 | 059,738,729 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_fairytale_mp3_160kbps.zip
[2012/07/04 03:43:13 | 018,605,023 | ---- | M] () -- C:\Users\Betsy\Documents\zero_project_darkness_falls_mp3_160kbps.zip
[2012/07/04 03:41:38 | 003,386,965 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Lost kingdom.mp3
[2012/07/04 03:41:16 | 004,760,146 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Moonlight requiem.mp3
[2012/07/04 03:40:55 | 006,448,359 | ---- | M] () -- C:\Users\Betsy\Documents\zero-project - Gothic.mp3
[2012/07/04 03:39:39 | 006,395,947 | ---- | M] () -- C:\Users\Betsy\Documents\Dia - zero-project - Come to me.mp3
[2012/07/04 03:37:46 | 001,253,848 | ---- | M] () -- C:\Users\Betsy\Documents\Agni Ponichtera - zero-project - Yannis Tzionas - Songs.mp3
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/25 02:30:35 | 000,000,487 | ---- | M] () -- C:\user.js
[2012/06/25 01:20:18 | 003,538,237 | ---- | M] () -- C:\Users\Betsy\Documents\Head and Neck Pain.pdf
[2012/06/24 04:26:41 | 001,037,682 | ---- | M] () -- C:\Users\Betsy\Documents\HowToCreate.pdf
[2012/06/24 03:19:54 | 003,538,237 | ---- | M] () -- C:\Users\Betsy\Documents\Free+Gift+Special+Report+.pdf

========== Files Created - No Company Name ==========

[2012/07/21 18:49:31 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/20 02:58:31 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/20 02:58:29 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/07/20 01:20:35 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/07/20 01:20:19 | 000,001,199 | ---- | C] () -- C:\Users\Betsy\Desktop\SpeedyPC Pro.lnk
[2012/07/20 01:20:19 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/20 01:20:19 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/19 23:55:56 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/19 10:12:16 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/07/19 10:12:16 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/07/19 09:20:55 | 000,012,974 | ---- | C] () -- C:\Users\Betsy\Desktop\9.htm
[2012/07/19 08:14:02 | 000,000,000 | ---- | C] () -- C:\Users\Betsy\defogger_reenable
[2012/07/19 08:09:05 | 000,000,123 | ---- | C] () -- C:\Users\Betsy\Desktop\Microsoft Fix it.url
[2012/07/18 23:24:52 | 000,175,807 | ---- | C] () -- C:\Users\Betsy\Documents\Beginning Writer's Answer Book.pdf
[2012/07/13 13:31:55 | 000,033,114 | ---- | C] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342200711.amz
[2012/07/13 13:17:17 | 000,003,772 | ---- | C] () -- C:\Users\Betsy\Documents\Amazon-MP3-1342199829.amz
[2012/07/06 02:01:07 | 000,000,778 | ---- | C] () -- C:\Users\Betsy\Documents\access_application.do.htm
[2012/07/04 10:42:34 | 054,887,300 | ---- | C] () -- C:\Users\Betsy\Documents\MusicToFeelBetterSongSampler.zip
[2012/07/04 07:11:14 | 007,042,317 | ---- | C] () -- C:\Users\Betsy\Documents\Celtic dream.mp3
[2012/07/04 07:10:52 | 006,466,791 | ---- | C] () -- C:\Users\Betsy\Documents\shaman's countdown.mp3
[2012/07/04 05:58:31 | 000,000,035 | ---- | C] () -- C:\Users\Betsy\Documents\Beyond+Earth.mp3
[2012/07/04 05:58:08 | 000,000,035 | ---- | C] () -- C:\Users\Betsy\Documents\Intro.mp3
[2012/07/04 05:57:45 | 004,066,077 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Silence.mp3
[2012/07/04 05:57:20 | 005,479,618 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - moon flight.mp3
[2012/07/04 05:56:35 | 003,388,575 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Winter princess.mp3
[2012/07/04 05:30:35 | 000,014,165 | ---- | C] () -- C:\Users\Betsy\Documents\album_download.php
[2012/07/04 05:28:56 | 050,262,945 | ---- | C] () -- C:\Users\Betsy\Documents\Gothrixus - Memory Of Light & Darkness (Ambient _ Soundtrack) -- FREE DOWNLOAD.zip
[2012/07/04 04:54:40 | 005,213,048 | ---- | C] () -- C:\Users\Betsy\Documents\Corvo - Home (Morganville Vampires Internet Single).zip
[2012/07/04 04:45:00 | 003,643,645 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Rain song.mp3
[2012/07/04 04:44:36 | 007,374,976 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Santorini.mp3
[2012/07/04 04:39:41 | 038,005,214 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_autumn_prelude_mp3_160kbps.zip
[2012/07/04 04:34:56 | 008,478,910 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Escape.mp3
[2012/07/04 04:31:53 | 064,688,459 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_e-world_mp3_160kbps.zip
[2012/07/04 04:23:24 | 011,236,291 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Agnus Dei.mp3
[2012/07/04 04:22:31 | 005,453,408 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Eden.mp3
[2012/07/04 04:21:47 | 005,032,104 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Blue.mp3
[2012/07/04 04:20:48 | 007,820,625 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Keep flying.mp3
[2012/07/04 04:19:46 | 005,933,539 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Celtic dream.mp3
[2012/07/04 04:16:35 | 032,469,037 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_earth_mix_mp3_160kbps.zip
[2012/07/04 04:12:29 | 029,944,846 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_the_orchestral_expansion_mp3_160kbps.zip
[2012/07/04 04:10:53 | 008,609,523 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Infinity.mp3
[2012/07/04 04:04:54 | 097,411,508 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_untold_stories_of_a_dying_moon_mp3_160kbps.zip
[2012/07/04 03:46:05 | 099,440,768 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_fairytale_2_mp3_160kbps.zip
[2012/07/04 03:43:35 | 059,738,729 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_fairytale_mp3_160kbps.zip
[2012/07/04 03:42:46 | 018,605,023 | ---- | C] () -- C:\Users\Betsy\Documents\zero_project_darkness_falls_mp3_160kbps.zip
[2012/07/04 03:41:32 | 003,386,965 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Lost kingdom.mp3
[2012/07/04 03:41:09 | 004,760,146 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Moonlight requiem.mp3
[2012/07/04 03:40:43 | 006,448,359 | ---- | C] () -- C:\Users\Betsy\Documents\zero-project - Gothic.mp3
[2012/07/04 03:39:27 | 006,395,947 | ---- | C] () -- C:\Users\Betsy\Documents\Dia - zero-project - Come to me.mp3
[2012/07/04 03:37:44 | 001,253,848 | ---- | C] () -- C:\Users\Betsy\Documents\Agni Ponichtera - zero-project - Yannis Tzionas - Songs.mp3
[2012/06/25 01:20:18 | 003,538,237 | ---- | C] () -- C:\Users\Betsy\Documents\Head and Neck Pain.pdf
[2012/06/24 04:26:41 | 001,037,682 | ---- | C] () -- C:\Users\Betsy\Documents\HowToCreate.pdf
[2012/06/24 03:19:54 | 003,538,237 | ---- | C] () -- C:\Users\Betsy\Documents\Free+Gift+Special+Report+.pdf
[2012/05/07 00:50:55 | 000,165,477 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2012/05/07 00:50:55 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2012/03/29 22:53:35 | 000,165,380 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012/03/29 22:53:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2012/03/29 22:45:37 | 000,142,456 | ---- | C] () -- C:\Windows\hpwins10.dat
[2012/03/29 22:45:37 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2012/02/18 21:13:59 | 000,007,600 | ---- | C] () -- C:\Users\Betsy\AppData\Local\resmon.resmoncfg
[2012/02/14 02:45:40 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2012/02/08 02:42:30 | 000,187,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/08 00:48:42 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/02/08 00:48:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/02/08 00:48:42 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/02/08 00:48:41 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2012/02/02 23:15:12 | 000,000,110 | ---- | C] () -- C:\Users\Betsy\webct_upload_applet.properties
[2012/02/01 22:34:08 | 000,759,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/31 16:52:02 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/31 16:52:02 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/31 16:52:02 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/31 16:52:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/31 15:46:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/31 15:46:51 | 000,023,898 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/03/09 19:13:08 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Amazon
[2012/02/01 09:42:42 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Auslogics
[2012/02/14 04:22:45 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Copernic
[2012/05/04 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DarkRitualGuide
[2012/07/08 08:11:30 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DMCache
[2012/07/20 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\DriverCure
[2012/07/08 13:11:09 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\IDM
[2012/07/21 18:49:25 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\IObit
[2012/04/30 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\OpenCandy
[2012/05/08 23:29:19 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Opera
[2012/02/18 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\SecondLife
[2012/02/08 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Simply Super Software
[2012/04/06 04:26:34 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\SoundSpectrum
[2012/07/20 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\SpeedyPC Software
[2012/07/19 04:35:05 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Spotify
[2012/05/03 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\TuneUpMedia
[2012/02/05 02:28:09 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\Windows Live Writer
[2012/07/17 09:36:51 | 000,000,000 | ---D | M] -- C:\Users\Betsy\AppData\Roaming\YourFileDownloader
[2012/02/14 04:23:36 | 000,000,423 | -H-- | M] () -- C:\Windows\Tasks\1 Copernic Intra-Daily ~Betsy-PC Betsy.job
[2012/02/14 04:23:36 | 000,000,399 | -H-- | M] () -- C:\Windows\Tasks\2 Copernic Daily ~Betsy-PC Betsy.job
[2012/02/14 04:23:36 | 000,000,404 | -H-- | M] () -- C:\Windows\Tasks\3 Copernic Weekly ~Betsy-PC Betsy.job
[2012/02/14 04:23:36 | 000,000,409 | -H-- | M] () -- C:\Windows\Tasks\4 Copernic Monthly ~Betsy-PC Betsy.job
[2012/07/20 02:58:29 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/04/12 19:26:44 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/20 01:20:19 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/07/20 01:20:35 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/07/20 01:20:19 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:F8780B24

< End of report >

Here are the reports generated after running the "fix" and then after rebooting. I will now download and run Combofix and post that report.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK Combofix should kill the final element :)
  • 0

#5
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
ComboFix 12-07-21.01 - Betsy 07/22/2012 15:48:48.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2620 [GMT -4:00]
Running from: c:\users\Betsy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Betsy\AppData\Local\Temp\{5A5BDCED-8A58-46C5-858B-5A9368BD9BA7}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 19:53 . 2012-07-22 19:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-22 19:53 . 2012-07-22 19:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 19:53 . 2012-07-22 19:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-22 19:53 . 2012-07-22 19:53 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-22 19:53 . 2012-07-22 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 19:53 . 2012-07-22 19:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-22 14:00 . 2012-07-22 14:00 -------- d-----w- C:\_OTL
2012-07-21 22:50 . 2012-07-21 22:50 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-07-21 22:50 . 2012-07-21 22:50 -------- d-----w- c:\program files (x86)\Application Updater
2012-07-21 22:50 . 2012-07-21 22:50 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-07-21 22:49 . 2012-07-21 22:49 -------- d-----w- c:\users\Betsy\AppData\Roaming\IObit
2012-07-21 22:49 . 2012-07-21 22:49 -------- d-----w- c:\program files (x86)\IObit
2012-07-20 06:58 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-20 06:58 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-20 06:58 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-20 06:58 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-20 06:58 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-20 06:58 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-20 06:58 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-20 06:58 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-20 05:20 . 2012-07-20 05:20 -------- d-----w- c:\users\Betsy\AppData\Roaming\SpeedyPC Software
2012-07-20 05:20 . 2012-07-20 05:20 -------- d-----w- c:\users\Betsy\AppData\Roaming\DriverCure
2012-07-20 05:20 . 2012-07-20 05:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-20 05:20 . 2012-07-20 05:20 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-20 05:20 . 2012-07-20 05:20 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-20 02:40 . 2012-07-20 02:40 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-19 14:12 . 2012-07-19 14:12 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2012-07-19 11:39 . 2012-07-19 11:39 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-07-17 13:35 . 2012-07-17 13:36 -------- d-----w- c:\users\Betsy\AppData\Roaming\YourFileDownloader
2012-07-08 12:11 . 2012-07-08 17:11 -------- d-----w- c:\users\Betsy\AppData\Roaming\IDM
2012-07-08 12:11 . 2012-07-08 12:11 -------- d-----w- c:\users\Betsy\AppData\Roaming\DMCache
2012-07-04 04:15 . 2012-07-04 04:15 -------- d-----w- c:\users\Betsy\AppData\Local\Yahoo!
2012-07-04 04:15 . 2012-07-04 04:15 -------- d-----w- c:\users\Betsy\AppData\Local\NanoService
2012-06-28 03:57 . 2012-06-28 03:57 -------- d-----w- c:\users\Betsy\AppData\Local\Macromedia
2012-06-25 06:30 . 2012-06-25 06:30 -------- d-----w- c:\program files (x86)\FLVPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 19:47 . 2012-05-01 08:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D916FBC-297A-424D-9028-D93F1FEFD5C8}\offreg.dll
2012-07-21 21:01 . 2012-04-02 02:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 21:01 . 2012-01-31 20:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-01-31 21:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-01-31 21:04 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-21 03:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 03:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 03:37 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 03:37 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 03:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 03:37 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 03:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 03:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 03:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-28 08:39 . 2012-05-28 08:39 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-03 10:07 . 2012-02-24 21:46 131072 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
.
.
((((((((((((((((((((((((((((( [email protected]_18.37.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-14 07:19 . 2012-07-22 19:17 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 07:19 . 2012-07-22 18:36 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 07:19 . 2012-07-22 18:36 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-03-14 07:19 . 2012-07-22 19:17 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2012-03-14 07:19 . 2012-07-22 18:36 16384 c:\windows\Temp\Cookies\index.dat
+ 2012-03-14 07:19 . 2012-07-22 19:17 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-07-22 19:18 44852 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-22 19:18 32714 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-31 19:51 . 2012-07-22 19:18 11788 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1260934113-1572342194-1008497398-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-07-22 18:44 93856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-31 20:11 . 2012-07-22 18:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-31 20:11 . 2012-07-22 19:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-22 18:36 . 2012-07-22 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 19:16 . 2012-07-22 19:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 19:16 . 2012-07-22 19:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-22 18:36 . 2012-07-22 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-22 19:21 674532 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 14:15 674532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-22 19:21 122020 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-22 14:15 122020 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-22 19:16 390744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-22 18:35 390744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-21 08:55 . 2012-07-22 14:09 4779046 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1260934113-1572342194-1008497398-1000-8192.dat
+ 2012-02-21 08:55 . 2012-07-22 19:16 4779046 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1260934113-1572342194-1008497398-1000-8192.dat
+ 2012-02-21 02:01 . 2012-07-22 19:16 24790296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1260934113-1572342194-1008497398-1000-4096.dat
- 2012-02-21 02:01 . 2012-07-22 18:35 24790296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1260934113-1572342194-1008497398-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-11 06:09 208608 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-11 06:09 208608 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-11 06:09 208608 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-09 1240848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 250056]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-06 1436424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-19 792512]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R4 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
R4 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-06-29 67584]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2011-10-28 13192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-01 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-01-25 172648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys [2011-08-01 513824]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-14 c:\windows\Tasks\1 Copernic Intra-Daily ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-02-14 c:\windows\Tasks\2 Copernic Daily ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-02-14 c:\windows\Tasks\3 Copernic Weekly ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-02-14 c:\windows\Tasks\4 Copernic Monthly ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:01]
.
2012-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-20 16:21]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 21:10]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 21:10]
.
2012-07-20 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-20 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-20 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-11 06:09 232672 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-11 06:09 232672 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-11 06:09 232672 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search Using Copernic Agent - c:\program files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Trusted Zone: netflix.com
Trusted Zone: secondlife.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E9B35FA-AE15-4EA9-9A05-2769738C5599}: NameServer = 8.8.8.8,4.2.2.1
DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
FF - ProfilePath - c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc9
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fafa53e300000000000014dae9e967f1
FF - user.js: extensions.BabylonToolbar_i.hardId - fafa53e300000000000014dae9e967f1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15516
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-22 15:54:57
ComboFix-quarantined-files.txt 2012-07-22 19:54
ComboFix2.txt 2012-07-22 18:41
.
Pre-Run: 766,756,904,960 bytes free
Post-Run: 766,444,326,912 bytes free
.
- - End Of File - - 7D16231BE1F5618D3E90DA1AC47E77F3
Combofix nearly crashed my computer! I finally got the log done.
  • 0

#6
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
So far, so good. I haven't had any more virus alerts!
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a quick sweep for orphans now

Update Malwarebytes and run a quick scan
Post the log here along with any problems you are noticing
  • 0

#8
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Ok. I have a couple questions, too. Is it better to have Microsoft Security Essentials or Avast? If Avast, would it be better to get the paid-version? Should I keep the iObit Malware Fighter (free version)I had just installed (hoping it would get rid of the viruses)? I even have Trojan Remover and THAT didn't get rid of them!

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Betsy :: BETSY-PC [administrator]

7/23/2012 1:32:53 PM
mbam-log-2012-07-23 (13-32-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262664
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I haven't noticed it doing anything wrong. Everything seems to be fixed. Thank you so much. You saved me $75!

Edited by betsym, 23 July 2012 - 11:38 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would remove Iobit and Trojan Remover, you are better off with MBAM

As for AV both MSE and Avast are much of a muchness, but the one thing I like about Avast is the webshield. That will stop you from going to the majority of infected sites
As for paid versus free... MSE is totally free, the only difference between the free Avast and the paid for versions is the number of bells and whistles that you want.. There is a list of the extras that you get here The virus engine and frequency of updates is the same be it paid or free

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#10
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Well, it is stilll doing one thing. I keep getting an error message while on the internet saying that "internet explorer has quit working." It then closes the program and recovers the webpage. It was doing this a while back, before I got the viruses, and when I went to itunes, I couldn't listen to samples because they would only play for about 10 seconds. I "Googled" it and found what others did for the problem that involved changing DNS entries and it worked, at least for ITunes! Also, my system restore doesn't work.I used it one time in the few 5months that I've had my computer and that was the last it worked. I will do the last things listed here and get back on in a couple hours.

Edited by betsym, 23 July 2012 - 03:43 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One option for this problem is to uninstall IE9 and then reinstall it. Would you like to try that ?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run the following programme to check out system restore

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#15
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
ok. I will do that now. I am still working on your previous instructions to run OTL and the other things on the list but I will post them, too when I get them done as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP