Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

happili trojan, browser redirect. [Solved]

Started by Itsonlyme7 , Sep 09 2012 10:58 AM

  • This topic is locked This topic is locked

#1
Itsonlyme7
Posted 09 September 2012 - 10:58 AM

Itsonlyme7

    New Member

  • Member
  • Pip
  • 8 posts
OTL logfile created on: 9/9/2012 12:36:46 PM - Run 4
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\mike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 28.22% Memory free
5.21 Gb Paging File | 1.73 Gb Available in Paging File | 33.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.73 Gb Total Space | 169.64 Gb Free Space | 59.79% Space Free | Partition Type: NTFS
Drive D: | 14.06 Gb Total Space | 1.75 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Computer Name: M | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 12:36:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Downloads\OTL.com
PRC - [2012/09/09 03:01:21 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/04 18:59:25 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\mike\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/09/04 18:59:24 | 001,193,176 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/08/14 23:52:23 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/17 20:54:46 | 001,150,464 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/09 20:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/12/13 15:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/20 23:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/18 15:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/09 03:01:20 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/04 18:59:24 | 020,219,096 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/09/04 18:59:24 | 001,193,176 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 22:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 22:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 22:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/14 23:52:23 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/02/17 20:55:14 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\WinRAR\Formats\z.fmt
MOD - [2012/02/17 20:55:13 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\WinRAR\Formats\gz.fmt
MOD - [2012/02/17 20:55:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\WinRAR\Formats\tar.fmt
MOD - [2012/02/17 20:55:04 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\WinRAR\Formats\arj.fmt
MOD - [2012/02/17 20:54:46 | 001,150,464 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
MOD - [2011/01/05 13:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/18 16:09:10 | 001,699,384 | ---- | M] () -- C:\Users\mike\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 15:57:42 | 012,284,984 | ---- | M] () -- C:\Users\mike\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/03/04 15:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/04 15:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 09:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/09 03:01:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/14 23:52:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 05:13:12 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 05:13:11 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/21 05:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/07/13 06:47:42 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 03:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 18:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/04 15:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/01 21:54:36 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 15:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/09 20:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/20 20:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 08:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 22:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/11 22:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=06-06-2012
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=06-06-2012
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:2.5


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/09 04:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 03:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 03:32:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 03:01:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 03:32:09 | 000,000,000 | ---D | M]

[2012/05/03 18:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2012/09/09 04:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions
[2012/06/14 03:08:09 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[1832/11/29 00:22:58 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions\[email protected]
[2012/05/03 18:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/09 03:01:21 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/09 03:01:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/09 03:01:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mike\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: avast! WebRep = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2012/08/09 17:56:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe] C:\Users\mike\AppData\Local\AOL\Adobe\iklvh.dll (Sony Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\mike\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6029068-658E-45F5-89C0-6FA2A1F996C0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 06:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/09 06:29:41 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\RK_Quarantine
[2012/09/09 05:04:09 | 000,142,128 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/09/09 04:59:34 | 000,266,776 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/09/09 04:59:23 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/09/09 04:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/09/04 18:59:28 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Spotify
[2012/09/04 18:59:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Spotify
[2012/08/16 20:19:02 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/08/10 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\{1A455ACA-489D-4CCB-B989-46C160807E70}
[2012/08/10 20:01:06 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\{D5F2006F-F4DC-461E-BA2F-2EB8D6176B27}

========== Files - Modified Within 30 Days ==========

[2012/09/09 12:52:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/09 12:45:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 11:02:14 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 10:54:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 05:37:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 05:37:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 05:35:03 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/09 05:35:03 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/09 05:35:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/09 05:26:45 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 04:59:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/09 04:55:49 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/09/04 18:59:26 | 000,001,762 | ---- | M] () -- C:\Users\mike\Desktop\Spotify.lnk
[2012/09/04 17:52:31 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/29 17:44:05 | 000,000,022 | ---- | M] () -- C:\Users\mike\Desktop\New WinRAR ZIP archive.zip
[2012/08/26 15:05:17 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormike.job
[2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 05:13:12 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 05:13:11 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 05:13:11 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 05:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/15 03:24:05 | 000,293,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/09 04:55:49 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/09/04 18:59:26 | 000,001,762 | ---- | C] () -- C:\Users\mike\Desktop\Spotify.lnk
[2012/09/04 18:59:26 | 000,001,748 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/08/29 17:44:05 | 000,000,022 | ---- | C] () -- C:\Users\mike\Desktop\New WinRAR ZIP archive.zip
[2012/08/05 00:22:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 00:22:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 00:22:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 00:22:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 00:22:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/18 20:44:12 | 008,918,691 | ---- | C] () -- C:\Users\mike\16 - Miss Jane Feat Jeremih.mp3
[2012/07/18 20:44:10 | 008,943,755 | ---- | C] () -- C:\Users\mike\15 - Fast Car.mp3
[2012/07/18 20:44:09 | 008,521,627 | ---- | C] () -- C:\Users\mike\14 - Slice Feat Shorty K.mp3
[2012/07/18 20:44:06 | 012,857,960 | ---- | C] () -- C:\Users\mike\13 - I Can t Go Feat DJ Thunder.mp3
[2012/07/18 20:44:06 | 007,365,955 | ---- | C] () -- C:\Users\mike\12 - Mr T.mp3
[2012/07/18 20:44:05 | 007,303,270 | ---- | C] () -- C:\Users\mike\10 - Neiman Marcus.mp3
[2012/07/18 20:44:05 | 006,818,435 | ---- | C] () -- C:\Users\mike\11 - SI m Doggin.mp3
[2012/07/18 20:44:04 | 009,174,674 | ---- | C] () -- C:\Users\mike\09 - Brite.mp3
[2012/07/18 20:44:02 | 010,357,502 | ---- | C] () -- C:\Users\mike\08 - Cell Dope.mp3
[2012/07/18 20:44:01 | 012,477,637 | ---- | C] () -- C:\Users\mike\07 - Stop The Show Feat Boldy James Payroll Of DBCO.mp3
[2012/07/18 20:44:01 | 011,021,038 | ---- | C] () -- C:\Users\mike\06 - Get It Together Feat Casey Veggies.mp3
[2012/07/18 20:44:00 | 011,265,524 | ---- | C] () -- C:\Users\mike\04 - She Gotta Have.mp3
[2012/07/18 20:44:00 | 008,953,186 | ---- | C] () -- C:\Users\mike\05 - Too Short Back Feat Shorty K Tris J.mp3
[2012/07/18 20:43:59 | 009,761,911 | ---- | C] () -- C:\Users\mike\03 - Thank God.mp3
[2012/07/18 20:43:58 | 009,344,993 | ---- | C] () -- C:\Users\mike\02 - Wassup.mp3
[2012/07/18 20:43:58 | 008,785,981 | ---- | C] () -- C:\Users\mike\01 - Merry Go Round.mp3
[2012/07/18 20:43:58 | 000,159,035 | ---- | C] () -- C:\Users\mike\00 - _Sir_Michael_Rocks_Premier_Politics-front-large.jpg
[2012/07/18 19:29:01 | 006,372,713 | ---- | C] () -- C:\Users\mike\14 - Its Hard (DatPiff Exclusive).mp3
[2012/07/18 19:29:00 | 008,949,333 | ---- | C] () -- C:\Users\mike\13 - Story To Tell (DatPiff Exclusive).mp3
[2012/07/18 19:28:59 | 003,076,702 | ---- | C] () -- C:\Users\mike\12 - So Close So Far Freestyle (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,872,211 | ---- | C] () -- C:\Users\mike\08 - Kush Freestyle (Exercise III) (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,764,219 | ---- | C] () -- C:\Users\mike\10 - Set Me Free (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,457,151 | ---- | C] () -- C:\Users\mike\11 - Stay Up (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,407,608 | ---- | C] () -- C:\Users\mike\09 - The One Freestyle (DatPiff Exclusive).mp3
[2012/07/18 19:28:57 | 003,870,594 | ---- | C] () -- C:\Users\mike\06 - Titos Verse (DatPiff Exclusive).mp3
[2012/07/18 19:28:57 | 002,811,437 | ---- | C] () -- C:\Users\mike\07 - Def Jam Cypher Sessions Freestyle (DatPiff Exclusive).mp3
[2012/07/18 19:28:56 | 014,481,952 | ---- | C] () -- C:\Users\mike\05 - Outkast Medley (DatPiff Exclusive).mp3
[2012/07/18 19:28:56 | 007,456,271 | ---- | C] () -- C:\Users\mike\03 - The Ghost of Tito Lopez (DatPiff Exclusive).mp3
[2012/07/18 19:28:56 | 006,045,951 | ---- | C] () -- C:\Users\mike\04 - Mississippi Burning (DatPiff Exclusive).mp3
[2012/07/18 19:28:55 | 007,486,317 | ---- | C] () -- C:\Users\mike\02 - Exhibit T (DatPiff Exclusive).mp3
[2012/07/18 19:28:55 | 005,051,485 | ---- | C] () -- C:\Users\mike\01 - KWNC (Prod By LA Da Box (DatPiff Exclusive).mp3
[2012/07/18 19:28:55 | 000,292,307 | ---- | C] () -- C:\Users\mike\00 - Tito_Lopez_The_Lost_Files_Of_Tito_Lopez-front-large.jpg
[2012/07/18 19:28:55 | 000,150,597 | ---- | C] () -- C:\Users\mike\00 - Tito_Lopez_The_Lost_Files_Of_Tito_Lopez-back-large.jpg
[2012/07/17 22:51:05 | 005,501,217 | ---- | C] () -- C:\Users\mike\17 - Get It How I Live (DatPiff Exclusive).mp3
[2012/07/17 22:51:05 | 005,426,601 | ---- | C] () -- C:\Users\mike\18 - Come Up (DatPiff Exclusive).mp3
[2012/07/17 22:51:05 | 003,809,106 | ---- | C] () -- C:\Users\mike\16 - Keep Your Cool (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 007,507,411 | ---- | C] () -- C:\Users\mike\13 - No Love (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 006,350,711 | ---- | C] () -- C:\Users\mike\14 - Cashin In (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 005,289,946 | ---- | C] () -- C:\Users\mike\15 - Cold Corner 2 (Eyes Wide) (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 005,187,114 | ---- | C] () -- C:\Users\mike\12 - Ice Box Pt2 (DatPiff Exclusive).mp3
[2012/07/17 22:51:03 | 004,920,043 | ---- | C] () -- C:\Users\mike\11 - Young Fly Flashy (DatPiff Exclusive).mp3
[2012/07/17 22:51:01 | 007,172,631 | ---- | C] () -- C:\Users\mike\10 - Jokes On You (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 007,204,621 | ---- | C] () -- C:\Users\mike\06 - Make It Stack (feat AAP Rocky) (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 005,424,718 | ---- | C] () -- C:\Users\mike\07 - Score (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 005,148,869 | ---- | C] () -- C:\Users\mike\08 - We [bleep]in (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 004,547,009 | ---- | C] () -- C:\Users\mike\09 - Love Shots (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 007,328,124 | ---- | C] () -- C:\Users\mike\04 - Predator (feat Styles P) (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 005,546,350 | ---- | C] () -- C:\Users\mike\02 - Super Crack (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 004,803,432 | ---- | C] () -- C:\Users\mike\03 - Shock The World (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 004,180,876 | ---- | C] () -- C:\Users\mike\05 - The Pulse (DatPiff Exclusive).mp3
[2012/07/17 22:50:58 | 006,651,661 | ---- | C] () -- C:\Users\mike\01 - 1 2 3 Grind (feat Prodigy) (DatPiff Exclusive).mp3
[2012/07/17 22:50:58 | 000,371,539 | ---- | C] () -- C:\Users\mike\00 - Lloyd_Banks_The_Cold_Corner_2-front-large.jpg
[2012/07/17 22:50:58 | 000,308,004 | ---- | C] () -- C:\Users\mike\00 - Lloyd_Banks_The_Cold_Corner_2-back-large.jpg
[2012/05/27 21:50:57 | 000,001,854 | ---- | C] () -- C:\Users\mike\AppData\Roaming\GhostObjGAFix.xml
[2012/05/21 03:19:01 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/14 02:27:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/14 02:18:50 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/08 00:14:24 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/20 20:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/15 19:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/10 13:48:40 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/06/06 03:33:02 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\acccore
[2012/06/17 11:14:16 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Blio
[2012/07/28 11:46:28 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\NetStat Agent
[2012/06/07 21:47:32 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\OpenOffice.org
[2012/05/03 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PictureMover
[2012/05/21 03:20:27 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SoftGrid Client
[2012/09/09 03:03:15 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Spotify
[2012/05/03 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Synaptics
[2012/05/03 00:01:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Tific
[2012/05/21 03:20:49 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TP
[2012/06/06 02:09:43 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Windows Live Writer
[2012/08/16 19:39:18 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 09 September 2012 - 01:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
[1832/11/29 00:22:58 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions\[email protected]


:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Itsonlyme7
Posted 09 September 2012 - 01:58 PM

Itsonlyme7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
Prefs.js: [email protected]:2.5 removed from extensions.enabledAddons
C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions\[email protected] moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: mike
->Temp folder emptied: 1610426572 bytes
->Temporary Internet Files folder emptied: 63553718 bytes
->Java cache emptied: 349353 bytes
->FireFox cache emptied: 381474651 bytes
->Google Chrome cache emptied: 345834823 bytes
->Flash cache emptied: 201673 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3781854 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 267130273 bytes

Total Files Cleaned = 2,549.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.61.3 log created on 09092012_153916

Files\Folders moved on Reboot...
C:\Users\mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\_avast_\unp112478722.tmp moved successfully.
C:\Windows\temp\_avast_\unp71935331.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


___

However, I'm still getting redirected on google.
  • 0

#4
Essexboy
Posted 09 September 2012 - 02:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it all browsers or just one ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O4 - HKCU..\Run: [Adobe] C:\Users\mike\AppData\Local\AOL\Adobe\iklvh.dll (Sony Corporation)

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#5
Itsonlyme7
Posted 09 September 2012 - 02:19 PM

Itsonlyme7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 9/9/2012 3:58:37 PM - Run 5
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\mike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 33.42% Memory free
5.21 Gb Paging File | 2.72 Gb Available in Paging File | 52.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.73 Gb Total Space | 172.04 Gb Free Space | 60.63% Space Free | Partition Type: NTFS
Drive D: | 14.06 Gb Total Space | 1.75 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Computer Name: M | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 12:36:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Downloads\OTL.com
PRC - [2012/09/09 03:01:21 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/04 18:59:25 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\mike\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/09/04 18:59:24 | 001,193,176 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/09 20:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/12/13 15:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/20 23:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/18 15:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/09 03:01:20 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/04 18:59:24 | 020,219,096 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/09/04 18:59:24 | 001,193,176 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 22:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 22:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 22:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2011/01/05 13:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/18 16:09:10 | 001,699,384 | ---- | M] () -- C:\Users\mike\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 15:57:42 | 012,284,984 | ---- | M] () -- C:\Users\mike\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/03/04 15:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/04 15:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 09:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/09 03:01:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/14 23:52:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 05:13:12 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 05:13:11 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/21 05:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/07/13 06:47:42 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 03:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 18:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/04 15:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/01 21:54:36 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 15:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/09 20:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/20 20:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 08:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 22:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/11 22:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=06-06-2012
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=06-06-2012
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/09 04:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 03:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 03:32:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 03:01:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 03:32:09 | 000,000,000 | ---D | M]

[2012/05/03 18:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2012/09/09 15:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions
[2012/06/14 03:08:09 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2012/05/03 18:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/09 03:01:21 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/09 03:01:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/09 03:01:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mike\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2012/09/09 15:39:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe] C:\Users\mike\AppData\Local\AOL\Adobe\iklvh.dll (Sony Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\mike\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6029068-658E-45F5-89C0-6FA2A1F996C0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 15:39:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/09 06:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/09 06:29:41 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\RK_Quarantine
[2012/09/09 05:04:09 | 000,142,128 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/09/09 04:59:34 | 000,266,776 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/09/09 04:59:23 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/09/09 04:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/09/04 18:59:28 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Spotify
[2012/09/04 18:59:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Spotify
[2012/08/16 20:19:02 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/08/10 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\{1A455ACA-489D-4CCB-B989-46C160807E70}
[2012/08/10 20:01:06 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\{D5F2006F-F4DC-461E-BA2F-2EB8D6176B27}

========== Files - Modified Within 30 Days ==========

[2012/09/09 16:00:56 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 16:00:56 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:59:45 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/09 15:59:45 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/09 15:59:45 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/09 15:52:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/09 15:50:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 15:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 15:50:20 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 15:45:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 15:39:24 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/09 04:59:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/09 04:55:49 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/09/04 18:59:26 | 000,001,762 | ---- | M] () -- C:\Users\mike\Desktop\Spotify.lnk
[2012/09/04 17:52:31 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/29 17:44:05 | 000,000,022 | ---- | M] () -- C:\Users\mike\Desktop\New WinRAR ZIP archive.zip
[2012/08/26 15:05:17 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormike.job
[2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 05:13:12 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 05:13:11 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 05:13:11 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 05:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/15 03:24:05 | 000,293,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/09 04:55:49 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/09/04 18:59:26 | 000,001,762 | ---- | C] () -- C:\Users\mike\Desktop\Spotify.lnk
[2012/09/04 18:59:26 | 000,001,748 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/08/29 17:44:05 | 000,000,022 | ---- | C] () -- C:\Users\mike\Desktop\New WinRAR ZIP archive.zip
[2012/08/05 00:22:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 00:22:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 00:22:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 00:22:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 00:22:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/18 20:44:12 | 008,918,691 | ---- | C] () -- C:\Users\mike\16 - Miss Jane Feat Jeremih.mp3
[2012/07/18 20:44:10 | 008,943,755 | ---- | C] () -- C:\Users\mike\15 - Fast Car.mp3
[2012/07/18 20:44:09 | 008,521,627 | ---- | C] () -- C:\Users\mike\14 - Slice Feat Shorty K.mp3
[2012/07/18 20:44:06 | 012,857,960 | ---- | C] () -- C:\Users\mike\13 - I Can t Go Feat DJ Thunder.mp3
[2012/07/18 20:44:06 | 007,365,955 | ---- | C] () -- C:\Users\mike\12 - Mr T.mp3
[2012/07/18 20:44:05 | 007,303,270 | ---- | C] () -- C:\Users\mike\10 - Neiman Marcus.mp3
[2012/07/18 20:44:05 | 006,818,435 | ---- | C] () -- C:\Users\mike\11 - SI m Doggin.mp3
[2012/07/18 20:44:04 | 009,174,674 | ---- | C] () -- C:\Users\mike\09 - Brite.mp3
[2012/07/18 20:44:02 | 010,357,502 | ---- | C] () -- C:\Users\mike\08 - Cell Dope.mp3
[2012/07/18 20:44:01 | 012,477,637 | ---- | C] () -- C:\Users\mike\07 - Stop The Show Feat Boldy James Payroll Of DBCO.mp3
[2012/07/18 20:44:01 | 011,021,038 | ---- | C] () -- C:\Users\mike\06 - Get It Together Feat Casey Veggies.mp3
[2012/07/18 20:44:00 | 011,265,524 | ---- | C] () -- C:\Users\mike\04 - She Gotta Have.mp3
[2012/07/18 20:44:00 | 008,953,186 | ---- | C] () -- C:\Users\mike\05 - Too Short Back Feat Shorty K Tris J.mp3
[2012/07/18 20:43:59 | 009,761,911 | ---- | C] () -- C:\Users\mike\03 - Thank God.mp3
[2012/07/18 20:43:58 | 009,344,993 | ---- | C] () -- C:\Users\mike\02 - Wassup.mp3
[2012/07/18 20:43:58 | 008,785,981 | ---- | C] () -- C:\Users\mike\01 - Merry Go Round.mp3
[2012/07/18 20:43:58 | 000,159,035 | ---- | C] () -- C:\Users\mike\00 - _Sir_Michael_Rocks_Premier_Politics-front-large.jpg
[2012/07/18 19:29:01 | 006,372,713 | ---- | C] () -- C:\Users\mike\14 - Its Hard (DatPiff Exclusive).mp3
[2012/07/18 19:29:00 | 008,949,333 | ---- | C] () -- C:\Users\mike\13 - Story To Tell (DatPiff Exclusive).mp3
[2012/07/18 19:28:59 | 003,076,702 | ---- | C] () -- C:\Users\mike\12 - So Close So Far Freestyle (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,872,211 | ---- | C] () -- C:\Users\mike\08 - Kush Freestyle (Exercise III) (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,764,219 | ---- | C] () -- C:\Users\mike\10 - Set Me Free (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,457,151 | ---- | C] () -- C:\Users\mike\11 - Stay Up (DatPiff Exclusive).mp3
[2012/07/18 19:28:58 | 004,407,608 | ---- | C] () -- C:\Users\mike\09 - The One Freestyle (DatPiff Exclusive).mp3
[2012/07/18 19:28:57 | 003,870,594 | ---- | C] () -- C:\Users\mike\06 - Titos Verse (DatPiff Exclusive).mp3
[2012/07/18 19:28:57 | 002,811,437 | ---- | C] () -- C:\Users\mike\07 - Def Jam Cypher Sessions Freestyle (DatPiff Exclusive).mp3
[2012/07/18 19:28:56 | 014,481,952 | ---- | C] () -- C:\Users\mike\05 - Outkast Medley (DatPiff Exclusive).mp3
[2012/07/18 19:28:56 | 007,456,271 | ---- | C] () -- C:\Users\mike\03 - The Ghost of Tito Lopez (DatPiff Exclusive).mp3
[2012/07/18 19:28:56 | 006,045,951 | ---- | C] () -- C:\Users\mike\04 - Mississippi Burning (DatPiff Exclusive).mp3
[2012/07/18 19:28:55 | 007,486,317 | ---- | C] () -- C:\Users\mike\02 - Exhibit T (DatPiff Exclusive).mp3
[2012/07/18 19:28:55 | 005,051,485 | ---- | C] () -- C:\Users\mike\01 - KWNC (Prod By LA Da Box (DatPiff Exclusive).mp3
[2012/07/18 19:28:55 | 000,292,307 | ---- | C] () -- C:\Users\mike\00 - Tito_Lopez_The_Lost_Files_Of_Tito_Lopez-front-large.jpg
[2012/07/18 19:28:55 | 000,150,597 | ---- | C] () -- C:\Users\mike\00 - Tito_Lopez_The_Lost_Files_Of_Tito_Lopez-back-large.jpg
[2012/07/17 22:51:05 | 005,501,217 | ---- | C] () -- C:\Users\mike\17 - Get It How I Live (DatPiff Exclusive).mp3
[2012/07/17 22:51:05 | 005,426,601 | ---- | C] () -- C:\Users\mike\18 - Come Up (DatPiff Exclusive).mp3
[2012/07/17 22:51:05 | 003,809,106 | ---- | C] () -- C:\Users\mike\16 - Keep Your Cool (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 007,507,411 | ---- | C] () -- C:\Users\mike\13 - No Love (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 006,350,711 | ---- | C] () -- C:\Users\mike\14 - Cashin In (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 005,289,946 | ---- | C] () -- C:\Users\mike\15 - Cold Corner 2 (Eyes Wide) (DatPiff Exclusive).mp3
[2012/07/17 22:51:04 | 005,187,114 | ---- | C] () -- C:\Users\mike\12 - Ice Box Pt2 (DatPiff Exclusive).mp3
[2012/07/17 22:51:03 | 004,920,043 | ---- | C] () -- C:\Users\mike\11 - Young Fly Flashy (DatPiff Exclusive).mp3
[2012/07/17 22:51:01 | 007,172,631 | ---- | C] () -- C:\Users\mike\10 - Jokes On You (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 007,204,621 | ---- | C] () -- C:\Users\mike\06 - Make It Stack (feat AAP Rocky) (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 005,424,718 | ---- | C] () -- C:\Users\mike\07 - Score (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 005,148,869 | ---- | C] () -- C:\Users\mike\08 - We [bleep]in (DatPiff Exclusive).mp3
[2012/07/17 22:51:00 | 004,547,009 | ---- | C] () -- C:\Users\mike\09 - Love Shots (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 007,328,124 | ---- | C] () -- C:\Users\mike\04 - Predator (feat Styles P) (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 005,546,350 | ---- | C] () -- C:\Users\mike\02 - Super Crack (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 004,803,432 | ---- | C] () -- C:\Users\mike\03 - Shock The World (DatPiff Exclusive).mp3
[2012/07/17 22:50:59 | 004,180,876 | ---- | C] () -- C:\Users\mike\05 - The Pulse (DatPiff Exclusive).mp3
[2012/07/17 22:50:58 | 006,651,661 | ---- | C] () -- C:\Users\mike\01 - 1 2 3 Grind (feat Prodigy) (DatPiff Exclusive).mp3
[2012/07/17 22:50:58 | 000,371,539 | ---- | C] () -- C:\Users\mike\00 - Lloyd_Banks_The_Cold_Corner_2-front-large.jpg
[2012/07/17 22:50:58 | 000,308,004 | ---- | C] () -- C:\Users\mike\00 - Lloyd_Banks_The_Cold_Corner_2-back-large.jpg
[2012/05/27 21:50:57 | 000,001,854 | ---- | C] () -- C:\Users\mike\AppData\Roaming\GhostObjGAFix.xml
[2012/05/21 03:19:01 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/14 02:27:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/14 02:18:50 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/08 00:14:24 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/20 20:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/15 19:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/10 13:48:40 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/06/06 03:33:02 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\acccore
[2012/06/17 11:14:16 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Blio
[2012/07/28 11:46:28 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\NetStat Agent
[2012/06/07 21:47:32 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\OpenOffice.org
[2012/05/03 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PictureMover
[2012/05/21 03:20:27 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SoftGrid Client
[2012/09/09 03:03:15 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Spotify
[2012/05/03 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Synaptics
[2012/05/03 00:01:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Tific
[2012/05/21 03:20:49 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TP
[2012/06/06 02:09:43 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Windows Live Writer
[2012/08/16 19:39:18 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#6
Itsonlyme7
Posted 09 September 2012 - 02:34 PM

Itsonlyme7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
# AdwCleaner v2.001 - Logfile created 09/09/2012 at 16:29:58
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : mike - M
# Boot Mode : Normal
# Running from : C:\Users\mike\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\prefs.js

C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\nidkfrzs.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3801 octets] - [09/09/2012 16:29:58]

########## EOF - C:\AdwCleaner[S1].txt - [3861 octets] ##########
  • 0

#7
Essexboy
Posted 09 September 2012 - 02:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects still apparent ?
  • 0

#8
Itsonlyme7
Posted 09 September 2012 - 02:39 PM

Itsonlyme7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Not as of right now.

My computer is clean otherwise? Thank you very much.
  • 0

#9
Essexboy
Posted 09 September 2012 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#10
Essexboy
Posted 11 September 2012 - 04:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP