Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constanly logs off/ Suspect infection [Solved]

Started by homeworks67 , Jan 10 2013 11:34 AM

  • This topic is locked This topic is locked

#1
homeworks67
Posted 10 January 2013 - 11:34 AM

homeworks67

    Member

  • Member
  • PipPip
  • 25 posts
Acer Aspire 5750 Laptop
I5 2430M
2.4 Ghz
6 gb
64 bit
Win 7 Sp1

My problem is that I am unable to stay logged on for very long. I have taken on this problem of trying to fix it from another source. In the last few days, successfully logging on has happened only once. Just when I was about to install an anti-virus program,it logged off. I have determined that the antivirus was disabled and that there was nothing else left for protection. I have managed to stay logged in through safe mode and installed malware antibytes and avast. Ran quick scans with both programs and came up with various trojans (Malware Antibytes found Trojan:Agent,Trojan.Zbot,Backdoor.bot(x2),Trojan Ransom, Trojan Crypt. Avast Free Antivirus found Win 32:Trojan-gen (x3), Win 32:Malware-gen) which were deleted successfully. Still no log on. Ran scans again, comes up clear. Still unable to stay logged on. I've done what I can, I need your help. Many thanks in advance.

Here is my OTL log:

OTL logfile created on: 10/01/2013 11:43:58 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 84.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.54 Gb Total Space | 625.07 Gb Free Space | 91.85% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 0.89 Gb Free Space | 47.81% Space Free | Partition Type: FAT

Computer Name: JENSPLACE2-PC | User Name: Jens Place2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2010/12/06 16:42:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.exe


========== Modules (SafeList) ==========

MOD - [2010/12/06 16:42:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/11/20 22:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/02 13:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:37:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/09/08 05:59:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 14:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/12 02:08:54 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/12 02:08:54 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/12 02:08:54 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 13:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/08 11:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/09 22:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?p=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/10 09:49:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/17 14:06:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/17 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Mozilla\Extensions
[2012/11/17 14:06:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {575BDDF5-790A-4D01-A37D-2863DEC1C085} - No CLSID value found.
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKCU..\Run: [Cuikti] C:\Users\Jens Place2\AppData\Roaming\Esryo\vius.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/01/10 09:49:37 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/10 09:49:37 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/10 09:49:36 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/10 09:49:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/10 09:49:36 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/10 09:49:36 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/10 09:49:36 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/10 09:49:26 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/10 09:49:26 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/10 09:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/10 09:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/10 09:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2013/01/09 20:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rogers Online Protection
[2013/01/09 20:08:05 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\newsXpresso
[2013/01/09 19:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/01/09 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Local\Wajam
[2013/01/09 19:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/09 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\Malwarebytes
[2013/01/09 19:16:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/09 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/09 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2013/01/09 19:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/09 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Local\Programs
[2013/01/09 07:50:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/26 11:42:38 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\YoudaGames
[2012/12/24 11:23:06 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Local\{A3558FCC-D0DC-47E1-88B2-9A1914D74E15}

========== Files - Modified Within 30 Days ==========

[2013/01/10 10:53:04 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 10:53:04 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 10:53:04 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 10:48:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 10:48:32 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 10:47:09 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 10:09:25 | 000,428,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 10:01:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 10:01:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 09:49:37 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/10 09:49:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/01/10 09:49:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/09 19:52:56 | 000,001,268 | ---- | M] () -- C:\Users\Jens Place2\Desktop\Revo Uninstaller.lnk
[2013/01/09 19:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/09 19:40:32 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 19:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/09 19:16:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 12:18:49 | 002,156,689 | ---- | M] () -- C:\Users\Jens Place2\Documents\Supervised Visit Brochure1.pdf
[2012/12/17 22:17:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/10 09:49:37 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/10 09:49:36 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/01/10 09:49:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/09 19:52:56 | 000,001,268 | ---- | C] () -- C:\Users\Jens Place2\Desktop\Revo Uninstaller.lnk
[2013/01/09 19:40:32 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 19:16:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 12:18:49 | 002,156,689 | ---- | C] () -- C:\Users\Jens Place2\Documents\Supervised Visit Brochure1.pdf
[2012/12/17 22:17:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/11/04 16:18:23 | 000,111,248 | ---- | C] () -- C:\Users\Jens Place2\AppData\Local\GDIPFONTCACHEV21.DAT
[2011/09/08 06:03:52 | 000,015,222 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe5.log
[2011/08/12 02:27:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/12 02:27:32 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2012/10/22 15:04:39 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Awem
[2012/01/31 10:40:28 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Canon
[2013/01/09 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elal
[2012/10/15 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elep
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elsul
[2013/01/09 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Esryo
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Etnopa
[2012/10/15 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Fuem
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Gyzag
[2012/10/14 19:04:30 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ibep
[2012/10/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Izko
[2012/10/22 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Jewel Match 3
[2012/10/14 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Koveec
[2012/10/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Kyop
[2012/07/03 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\LegacyInteractive
[2013/01/09 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\newsXpresso
[2012/10/15 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Omwiu
[2012/11/12 05:00:50 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oqex
[2012/10/14 19:04:30 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oroqx
[2012/10/14 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oruvep
[2012/10/15 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oswah
[2012/02/04 14:35:16 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\PowerCinema
[2012/11/12 05:00:50 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Riuso
[2013/01/09 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Rogers Online Protection
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ruarug
[2012/12/06 13:16:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\runic games
[2012/01/02 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\SmartDraw
[2012/10/14 18:44:14 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\TeamViewer
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ufups
[2012/10/15 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Uvel
[2012/10/15 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Uvzav
[2013/01/09 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Vowea
[2012/10/14 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Vueta
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Wacoke
[2012/05/20 13:01:19 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\WildTangent
[2012/08/01 22:28:36 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Windows Live Writer
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Xobe
[2012/12/26 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\YoudaGames
[2012/10/15 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ypdo
[2012/10/15 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Yrosom
[2013/01/10 09:49:36 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/12/15 21:13:22 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/11 07:52:59 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?]?_lotserviceruntime.log) -- C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log
[2012/08/11 07:52:59 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?]?_lotserviceruntime.log) -- C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5A437AC3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

< End of report >
  • 0

Advertisements

#2
homeworks67
Posted 10 January 2013 - 12:02 PM

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Sorry for the old version of OTL

Here is the newest version:

OTL logfile created on: 10/01/2013 12:55:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.86 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 85.03% Memory free
11.71 Gb Paging File | 10.84 Gb Available in Paging File | 92.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.54 Gb Total Space | 623.83 Gb Free Space | 91.67% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 0.89 Gb Free Space | 47.80% Space Free | Partition Type: FAT

Computer Name: JENSPLACE2-PC | User Name: Jens Place2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/10 12:50:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/02 13:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:37:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/08 05:59:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 14:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/12 02:08:54 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/12 02:08:54 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/12 02:08:54 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 13:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/08 11:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/09 22:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?p=us
IE - HKCU\..\SearchScopes,DefaultScope = {1AC365B7-0FC0-4A24-93C6-CDF3AFC6C9DF}
IE - HKCU\..\SearchScopes\{1AC365B7-0FC0-4A24-93C6-CDF3AFC6C9DF}: "URL" = http://www.google.co...archTerms}&rlz=
IE - HKCU\..\SearchScopes\{847F0080-743A-4E8B-8A63-0F1F45BB3C99}: "URL" = http://search.condui...&ctid=CT3042917
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.1000.1(B)
IE - HKCU\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/10 09:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/17 14:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/17 14:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens Place2\AppData\Roaming\Mozilla\Extensions
[2012/11/17 14:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {575BDDF5-790A-4D01-A37D-2863DEC1C085} - No CLSID value found.
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKCU..\Run: [Cuikti] C:\Users\Jens Place2\AppData\Roaming\Esryo\vius.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32FF7AE2-4494-4C95-B790-A8BB3DAD4835}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4AD35B-0A9A-4B0F-95B1-C542D8F51B74}: DhcpNameServer = 64.71.255.198 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/10 09:49:37 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/10 09:49:37 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/10 09:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/10 09:49:36 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/10 09:49:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/10 09:49:36 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/10 09:49:36 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/10 09:49:36 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/10 09:49:26 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/10 09:49:26 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/10 09:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/10 09:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/10 09:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2013/01/09 20:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rogers Servicepoint Agent
[2013/01/09 20:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rogers Online Protection
[2013/01/09 20:08:05 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\newsXpresso
[2013/01/09 19:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/01/09 19:52:55 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/01/09 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Local\Wajam
[2013/01/09 19:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/09 19:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/09 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\Malwarebytes
[2013/01/09 19:16:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/09 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/09 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2013/01/09 19:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/09 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Local\Programs
[2013/01/09 07:50:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/26 11:42:38 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Roaming\YoudaGames
[2012/12/24 11:23:06 | 000,000,000 | ---D | C] -- C:\Users\Jens Place2\AppData\Local\{A3558FCC-D0DC-47E1-88B2-9A1914D74E15}

========== Files - Modified Within 30 Days ==========

[2013/01/10 12:53:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 12:53:40 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 12:52:23 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 12:52:23 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 12:44:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 12:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 12:26:53 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 12:26:53 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 12:26:53 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 12:21:42 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 10:09:25 | 000,428,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 09:49:37 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/10 09:49:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/01/10 09:49:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/09 19:52:56 | 000,001,268 | ---- | M] () -- C:\Users\Jens Place2\Desktop\Revo Uninstaller.lnk
[2013/01/09 19:40:32 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 19:16:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 12:18:49 | 002,156,689 | ---- | M] () -- C:\Users\Jens Place2\Documents\Supervised Visit Brochure1.pdf
[2012/12/17 22:17:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/10 09:49:37 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/10 09:49:36 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/01/10 09:49:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/09 19:52:56 | 000,001,268 | ---- | C] () -- C:\Users\Jens Place2\Desktop\Revo Uninstaller.lnk
[2013/01/09 19:40:32 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 19:16:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 12:18:49 | 002,156,689 | ---- | C] () -- C:\Users\Jens Place2\Documents\Supervised Visit Brochure1.pdf
[2012/12/17 22:17:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/11/17 00:26:02 | 000,000,116 | ---- | C] () -- C:\Users\Jens Place2\webct_upload_applet.properties
[2012/10/15 12:18:22 | 000,001,073 | ---- | C] () -- C:\Users\Jens Place2\Documents - Shortcut.lnk
[2012/02/01 08:20:49 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/01/31 10:47:38 | 000,795,633 | ---- | C] () -- C:\Users\Jens Place2\ Jen's Place rate letter Alliston.pdf
[2011/11/04 16:18:23 | 000,111,248 | ---- | C] () -- C:\Users\Jens Place2\AppData\Local\GDIPFONTCACHEV21.DAT
[2011/08/12 02:27:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/12 02:27:36 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/12 02:27:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/12 02:27:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/12 02:27:32 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/22 15:04:39 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Awem
[2012/01/31 10:40:28 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Canon
[2013/01/09 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elal
[2012/10/15 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elep
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elsul
[2013/01/09 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Esryo
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Etnopa
[2012/10/15 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Fuem
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Gyzag
[2012/10/14 19:04:30 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ibep
[2012/10/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Izko
[2012/10/22 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Jewel Match 3
[2012/10/14 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Koveec
[2012/10/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Kyop
[2012/07/03 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\LegacyInteractive
[2013/01/09 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\newsXpresso
[2012/10/15 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Omwiu
[2012/11/12 05:00:50 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oqex
[2012/10/14 19:04:30 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oroqx
[2012/10/14 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oruvep
[2012/10/15 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oswah
[2012/02/04 14:35:16 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\PowerCinema
[2012/11/12 05:00:50 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Riuso
[2013/01/09 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Rogers Online Protection
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ruarug
[2012/12/06 13:16:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\runic games
[2012/01/02 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\SmartDraw
[2012/10/14 18:44:14 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\TeamViewer
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ufups
[2012/10/15 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Uvel
[2012/10/15 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Uvzav
[2013/01/09 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Vowea
[2012/10/14 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Vueta
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Wacoke
[2012/05/20 13:01:19 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\WildTangent
[2012/08/01 22:28:36 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Windows Live Writer
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Xobe
[2012/12/26 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\YoudaGames
[2012/10/15 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ypdo
[2012/10/15 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Yrosom

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/11 07:52:59 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?]?_lotserviceruntime.log) -- C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log
[2012/08/11 07:52:59 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?]?_lotserviceruntime.log) -- C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5A437AC3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

< End of report >
  • 0

#3
Essexboy
Posted 10 January 2013 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try a normal log in after this run and let me know the result

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKCU..\Run: [Cuikti] C:\Users\Jens Place2\AppData\Roaming\Esryo\vius.exe ()
[2013/01/09 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elal
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Elsul
[2013/01/09 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Esryo
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Etnopa
[2012/10/15 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Fuem
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Gyzag
[2012/10/14 19:04:30 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ibep
[2012/10/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Izko
[2012/10/14 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Koveec
[2012/10/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Kyop
[2012/10/15 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Omwiu
[2012/11/12 05:00:50 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oqex
[2012/10/14 19:04:30 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oroqx
[2012/10/14 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oruvep
[2012/10/15 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Oswah[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ufups
[2012/10/15 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Uvel
[2012/10/15 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Uvzav
[2013/01/09 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Vowea
[2012/10/14 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Vueta
[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Wacoke
[2012/08/11 07:52:59 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?]?_lotserviceruntime.log) -- C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log
[2012/08/11 07:52:59 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?]?_lotserviceruntime.log) -- C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#4
homeworks67
Posted 10 January 2013 - 01:00 PM

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The result was a sucessful login!



Here is the log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cuikti deleted successfully.
C:\Users\Jens Place2\AppData\Roaming\Esryo\vius.exe moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Elal folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Elsul folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Esryo folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Etnopa folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Fuem folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Gyzag folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Ibep folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Izko folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Koveec folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Kyop folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Omwiu folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Oqex folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Oroqx folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Oruvep folder moved successfully.
Folder C:\Users\Jens Place2\AppData\Roaming\Oswah[2013/01/10 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jens Place2\AppData\Roaming\Ufups\ not found.
C:\Users\Jens Place2\AppData\Roaming\Uvel folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Uvzav folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Vowea folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Vueta folder moved successfully.
C:\Users\Jens Place2\AppData\Roaming\Wacoke folder moved successfully.
C:\Windows\SysWOW64\ꥈ]㍈_lotserviceruntime.log moved successfully.
File C:\Windows\SysWow64\ꥈ]㍈_lotserviceruntime.log not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jens Place2
->Temp folder emptied: 7486814 bytes
->Temporary Internet Files folder emptied: 33634790 bytes
->Java cache emptied: 21798550 bytes
->FireFox cache emptied: 22894024 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60626363 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 01102013_135124

Files\Folders moved on Reboot...
C:\Users\Jens Place2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
Essexboy
Posted 10 January 2013 - 01:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now reboot and try another login followed by checking windows updates
  • 0

#6
homeworks67
Posted 10 January 2013 - 01:34 PM

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Another successful log in as well, windows now up to date. I take it we are done!? From all of us here at Jens Place, we thank you kindly.
I myself would love to pay it forward. So if I were to read the tutorial, what kinda time would someone have to put in to learn some of this stuff (someone who loves the tech side of computers,troubleshooting but has no programming experience). I ask u this as u r the MASTER. All hail Essexboy ;D
  • 0

#7
Essexboy
Posted 10 January 2013 - 01:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

So if I were to read the tutorial, what kinda time would someone have to put in to learn some of this stuff (someone who loves the tech side of computers,troubleshooting but has no programming experience).

Well I have no programming experience, but I do like solving mysteries :rofl:

We actually run a course here that will teach you how to do it.. These are the details

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#8
Essexboy
Posted 12 January 2013 - 10:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP