Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CHITKA REMOVAL [Solved]

Started by RUSTY2 , Mar 23 2013 12:31 PM

  • This topic is locked This topic is locked

#1
RUSTY2
Posted 23 March 2013 - 12:31 PM

RUSTY2

    Member

  • Member
  • PipPipPip
  • 221 posts
TRYING TO GET RID OF CHITKA POP UP'S DOWNLOADED OTL NOT SURE WHAT TO DO NEXT?
TRIED TO POST OTL.TXT BUT THIS CAME UP Error You aren't permitted to upload this kind of file
  • 0

Advertisements

#2
Essexboy
Posted 23 March 2013 - 12:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you paste the OTL log please
  • 0

#3
RUSTY2
Posted 23 March 2013 - 09:06 PM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
OTL logfile created on: 23/03/2013 7:42:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.97 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 83.78% Memory free
13.93 Gb Paging File | 12.80 Gb Available in Paging File | 91.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.39 Gb Total Space | 785.74 Gb Free Space | 85.37% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.59 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: BR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/23 19:23:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BR\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/11 10:29:54 | 003,284,008 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Stopped] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/17 09:56:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 09:53:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/11/09 21:23:19 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 14:15:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/12/08 18:23:10 | 000,136,568 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe -- (SQLANYs_SmpParts)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 14:40:14 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/11/09 21:23:20 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/07 00:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 00:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 00:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/27 07:05:08 | 000,063,528 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/02 04:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=16553
IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=16553
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3F0BC86F-BC59-4463-8FA0-15C91CBF2E3E}: "URL" = http://websearch.ask...F3-BD78256C9859
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-12-15 12:32:56&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8CBbqFsI&i=26
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://securesearch....2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://lavasoft.blek...1514A181B21&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Users\BR\AppData\Local\Temp\..\application data\nptrademanager\nptrademanager.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\BR\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 08:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/20 13:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:52:57 | 000,000,000 | ---D | M]

[2012/04/05 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Extensions
[2013/03/22 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\extensions
[2013/03/18 11:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\sgtqri72.default-1363220796849\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:53:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 02:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2011/07/29 06:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
[2013/03/20 13:12:44 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/12/15 13:32:33 | 000,003,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/06 17:18:53 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 15:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:17:05 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/04/05 09:25:42 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/03/03 09:04:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/17 19:05:54 | 000,001,386 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 72.29.93.243 www.google-analytics.com.
O1 - Hosts: 72.29.93.243 ad-emea.doubleclick.net.
O1 - Hosts: 72.29.93.243 www.statcounter.com.
O1 - Hosts: 64.27.10.42 www.google-analytics.com.
O1 - Hosts: 64.27.10.42 ad-emea.doubleclick.net.
O1 - Hosts: 64.27.10.42 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [aliim] C:\Program Files (x86)\Trademanager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/20 09:13:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 14:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 10:55:11 | 000,000,038 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell - "" = AutoRun
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 10:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxFreeway 2012
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Entropy Technology Ltd
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropy Technology Ltd
[2013/03/23 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Downloaded Installations
[2013/03/23 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\IsolatedStorage
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHOK IT Consulting
[2013/03/23 16:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\Tax
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GenuSource Consulting
[2013/03/23 09:30:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FDE64A63-12FB-478C-A881-31F250C231E7}
[2013/03/22 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\VirtualStore
[2013/03/22 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{B15CD21A-C931-4EBD-B6B9-F11A78F638F2}
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/03/21 10:03:17 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/03/21 10:03:16 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/03/21 10:03:16 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/03/21 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/03/21 10:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/03/21 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{5720FADB-0439-4A3C-92F6-49C216F7E845}
[2013/03/20 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6BB28D13-B0A4-427E-934B-82DABF37E077}
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\LavasoftStatistics
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/20 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/20 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/20 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/03/20 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/03/20 13:11:23 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/20 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{7EEF3235-4AAA-4214-B541-5099BEC6ED5B}
[2013/03/20 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{686040E4-2BCA-4B6A-8EB8-CA8F00A23152}
[2013/03/20 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/20 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\DriverCure
[2013/03/20 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/20 06:59:57 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\otcv0.1-1
[2013/03/19 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{8A48AC88-5FAB-4A44-9A77-9EEAA79E8AA2}
[2013/03/19 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{457A205A-105F-41F8-8C6B-FDB4D9BD842E}
[2013/03/19 08:14:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{F1A6CAD4-A881-4AA2-B78F-3B8049966393}
[2013/03/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1FF460EA-A122-4E99-A2A4-DE3D41F1A41E}
[2013/03/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/03/18 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2013/03/18 15:14:33 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/03/18 15:14:33 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/03/18 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/03/18 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/18 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/18 10:48:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2013/03/18 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2013/03/18 09:13:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C24A48EC-72E1-4659-81A7-657CE5918BC9}
[2013/03/17 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AB2E2B86-0618-41E9-BB2B-8F2A6BEBCE54}
[2013/03/17 09:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 09:41:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E0F37E2B-D804-4752-9F44-BEE5E0F2C247}
[2013/03/15 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{69BA8EC4-267E-47A1-845A-2F5C2CF0F593}
[2013/03/15 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1CAFF28E-5BC4-4D9F-AE04-9703B7794FDB}
[2013/03/14 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1A86E95F-6E1D-474D-82F7-1025EE470D50}
[2013/03/14 05:47:40 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/13 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{A0320918-88E8-47ED-8FEA-53DAF2FC7102}
[2013/03/13 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6B8FCCAB-2462-44C4-8EEC-EC15E7700542}
[2013/03/13 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data-1
[2013/03/13 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data
[2013/03/13 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{D54CC5D4-E19F-4AB9-ADE3-00DEAC954B92}
[2013/03/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{00DECF31-5884-4B67-B03D-1580276728E6}
[2013/03/12 07:56:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E80F5D57-6E86-4407-A8B8-8CC62B27AB50}
[2013/03/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C3192566-D6A6-424D-B506-DE097BA928E3}
[2013/03/11 06:07:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Malwarebytes
[2013/03/11 06:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/11 06:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/11 06:07:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Programs
[2013/03/10 17:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 11:02:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E7357FA0-BF4F-4397-9629-8AC6C4F02034}
[2013/03/10 10:33:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{3072DAFF-ED98-4C2D-974F-435621D95050}
[2013/03/09 08:31:51 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C5EDE53E-C589-4C85-85A2-309D7FAFB1D6}
[2013/03/08 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AFF13EDA-C28F-4DA3-992D-5756F360BDE6}
[2013/03/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{30669A07-3F85-4B40-8F55-04FFDEAD597F}
[2013/03/07 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FD9F0475-12C1-4230-890C-B24CB8F0AD26}
[2013/03/06 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/06 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1B563261-1295-4362-966E-ACF08E175584}
[2013/03/05 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{CBBDFFAB-9162-40C0-A222-E84C05EDEDEB}
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/05 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{32D33FEE-F28D-4A95-A417-83BB6D096E5B}
[2013/03/04 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{43BF15EF-E208-488C-9442-462397E7710A}
[2013/03/03 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{ABED4794-38BE-4EB0-92F0-4CBCE275B5D3}
[2013/03/03 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/03/02 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{2F61ED36-D6BE-4571-99FE-D00AFB81AD21}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2030/07/20 19:57:30 | 000,648,124 | ---- | M] () -- C:\Users\BR\Documents\IMG_0087.JPG
[2030/07/20 19:55:56 | 000,905,640 | ---- | M] () -- C:\Users\BR\Documents\IMG_0085.JPG
[2030/07/20 19:55:26 | 000,792,710 | ---- | M] () -- C:\Users\BR\Documents\IMG_0083.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057(0).JPG
[2029/01/01 05:09:38 | 000,771,357 | ---- | M] () -- C:\Users\BR\Documents\IMG_0042.JPG
[2029/01/01 05:08:18 | 000,941,950 | ---- | M] () -- C:\Users\BR\Documents\IMG_0040.JPG
[2013/03/23 19:44:02 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/23 19:44:02 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/23 19:44:02 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/23 19:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/23 19:39:41 | 1314,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/23 19:27:23 | 000,001,034 | ---- | M] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 19:09:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 18:42:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 17:43:33 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\TaxFreeway 2012.lnk
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/23 17:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 16:07:14 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\GenuTax Standard.lnk
[2013/03/23 15:46:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 15:46:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 08:48:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/22 07:59:05 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/22 07:57:21 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 09:13:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | M] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | M] () -- C:\Users\BR\Documents\SCAN0000.odt
[2013/03/05 08:51:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/05 04:01:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/23 19:27:23 | 000,001,034 | ---- | C] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:43:33 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\TaxFreeway 2012.lnk
[2013/03/23 17:35:02 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:33 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/23 16:07:14 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\GenuTax Standard.lnk
[2013/03/21 10:03:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/20 17:53:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/20 09:13:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | C] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/03/18 15:14:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | C] () -- C:\Users\BR\Documents\SCAN0000.odt
[2012/12/02 13:08:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/10/03 18:23:13 | 000,049,261 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.1
[2012/10/03 18:23:12 | 000,136,857 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.0
[2012/10/03 18:23:12 | 000,049,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
[2012/10/03 18:22:42 | 000,050,685 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.1
[2012/10/03 18:22:40 | 000,135,858 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.0
[2012/10/03 18:22:40 | 000,050,520 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
[2012/10/03 18:22:18 | 000,134,269 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.0
[2012/10/03 18:22:18 | 000,049,466 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
[2012/10/03 18:21:55 | 000,115,714 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.0
[2012/10/03 18:21:55 | 000,038,427 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
[2012/10/03 18:21:35 | 000,121,078 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.0
[2012/10/03 18:21:35 | 000,044,248 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
[2012/10/03 18:18:39 | 000,112,551 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.0
[2012/10/03 18:18:39 | 000,040,181 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
[2012/09/23 14:15:55 | 000,132,533 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
[2012/09/23 14:15:52 | 000,132,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
[2012/09/23 14:15:39 | 000,003,890 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
[2012/09/23 14:15:33 | 000,137,289 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
[2012/08/22 16:05:20 | 000,006,400 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
[2012/08/22 16:05:20 | 000,001,969 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
[2012/06/07 21:09:05 | 000,000,000 | ---- | C] () -- C:\Users\BR\AppData\Local\Temptable.xml
[2012/06/07 14:40:49 | 000,016,016 | ---- | C] () -- C:\Users\BR\carbon_steel.jpg
[2012/06/07 14:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/14 09:36:24 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008(0).JPG
[2012/03/14 09:36:24 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021(0).JPG
[2012/03/14 08:44:41 | 000,000,133 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 18:47:41 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2012/03/13 08:16:26 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/13 08:16:26 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/03/13 06:43:42 | 000,768,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 05:27:04 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008.JPG
[2012/03/13 05:27:04 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021.JPG

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/14 05:47:40 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2012/12/15 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\AnvSoft
[2012/08/20 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Canneverbe Limited
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DassaultSystemes
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DriverCure
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\EDrawings
[2013/03/18 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2012/11/14 08:42:35 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\funkitron
[2013/03/06 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/23 11:45:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2012/04/18 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TeamViewer
[2012/09/13 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TightVNC
[2013/03/18 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\WildTangent
[2012/04/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Windows Live Writer
[2012/03/13 05:30:05 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Avery
[2012/03/16 01:10:57 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Babylon
[2012/03/13 05:30:35 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/14 09:41:17 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Template
[2012/03/13 05:30:39 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\WildTangent
[2012/03/13 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/14 09:44:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2012/03/14 09:43:54 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
[2012/03/13 05:33:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2012/03/13 05:32:55 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\BR\Documents\2008 BMW 335I Service History.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty

< End of report >
  • 0

#4
RUSTY2
Posted 23 March 2013 - 10:17 PM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
I also did a SECURITY CHECK
Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#5
RUSTY2
Posted 23 March 2013 - 10:30 PM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
JUST DID A ADW CLEANER , CAN ANYONE CAN TELL ME WHAT MY NEXT STEP IS
THANX


# AdwCleaner v2.115 - Logfile created 03/23/2013 at 21:23:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : BR - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\BR\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\BRIAN\AppData\Roaming\Mozilla\Firefox\Profiles\rvkciqtl.default\prefs.js

[OK] File is clean.

File : C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [41089 octets] - [23/03/2013 21:04:11]
AdwCleaner[S1].txt - [41157 octets] - [23/03/2013 21:05:57]
AdwCleaner[S2].txt - [314 octets] - [23/03/2013 21:19:16]
AdwCleaner[S3].txt - [1013 octets] - [23/03/2013 21:23:44]

########## EOF - C:\AdwCleaner[S3].txt - [1073 octets] ##########
  • 0

#6
Essexboy
Posted 24 March 2013 - 04:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=16553
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=16553
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3F0BC86F-BC59-4463-8FA0-15C91CBF2E3E}: "URL" = http://websearch.ask...F3-BD78256C9859
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8CBbqFsI&i=26
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E4E288C9DD9E2BADAE2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..keyword.URL: "http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=E4E288C9DD9E2BADAE2301514A181B21&q="
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/02/06 17:18:53 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
[2012/03/16 01:10:57 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Babylon

:Files
C:\Program Files (x86)\Freeze.com
C:\Program Files (x86)\alotappbar

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
RUSTY2
Posted 24 March 2013 - 08:36 AM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
Thank you very much for the help !!
Did the fix then the quick scan here are the results

OTL logfile created on: 24/03/2013 7:20:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.97 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 61.35% Memory free
13.93 Gb Paging File | 11.23 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.39 Gb Total Space | 785.62 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.59 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: BR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/24 07:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BR\Downloads\OTL.exe
PRC - [2013/03/17 09:56:11 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/11 10:07:58 | 000,223,032 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
PRC - [2013/03/08 09:53:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/14 15:36:24 | 002,692,680 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
PRC - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/12/20 19:43:14 | 001,434,984 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/17 09:56:10 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/08 09:53:02 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/12/20 19:43:24 | 000,785,256 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/11 10:29:54 | 003,284,008 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/17 09:56:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 09:53:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/11/09 21:23:19 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 14:15:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/12/08 18:23:10 | 000,136,568 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe -- (SQLANYs_SmpParts)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 14:40:14 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/11/09 21:23:20 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/07 00:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 00:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 00:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/27 07:05:08 | 000,063,528 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/02 04:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://securesearch....2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Users\BR\AppData\Local\Temp\..\application data\nptrademanager\nptrademanager.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\BR\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 08:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/20 13:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:52:57 | 000,000,000 | ---D | M]

[2012/04/05 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Extensions
[2013/03/22 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\extensions
[2013/03/18 11:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\sgtqri72.default-1363220796849\extensions
[2013/03/23 21:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 09:53:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 02:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2011/07/29 06:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
[2012/08/30 15:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:17:05 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2013/03/03 09:04:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/24 07:06:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [aliim] C:\Program Files (x86)\Trademanager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/20 09:13:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 14:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 10:55:11 | 000,000,038 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell - "" = AutoRun
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 10:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/24 07:06:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/23 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{28586834-0E0C-4BAF-94CD-EB7EE4D40EE3}
[2013/03/23 21:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/03/23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxFreeway 2012
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Entropy Technology Ltd
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropy Technology Ltd
[2013/03/23 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Downloaded Installations
[2013/03/23 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\IsolatedStorage
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHOK IT Consulting
[2013/03/23 16:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\Tax
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GenuSource Consulting
[2013/03/23 09:30:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FDE64A63-12FB-478C-A881-31F250C231E7}
[2013/03/22 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\VirtualStore
[2013/03/22 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{B15CD21A-C931-4EBD-B6B9-F11A78F638F2}
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/03/21 10:03:17 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/03/21 10:03:16 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/03/21 10:03:16 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/03/21 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/03/21 10:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/03/21 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{5720FADB-0439-4A3C-92F6-49C216F7E845}
[2013/03/20 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6BB28D13-B0A4-427E-934B-82DABF37E077}
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\LavasoftStatistics
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/20 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/20 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/20 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/03/20 13:11:23 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/20 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{7EEF3235-4AAA-4214-B541-5099BEC6ED5B}
[2013/03/20 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{686040E4-2BCA-4B6A-8EB8-CA8F00A23152}
[2013/03/20 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/20 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\DriverCure
[2013/03/20 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/20 06:59:57 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\otcv0.1-1
[2013/03/19 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{8A48AC88-5FAB-4A44-9A77-9EEAA79E8AA2}
[2013/03/19 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{457A205A-105F-41F8-8C6B-FDB4D9BD842E}
[2013/03/19 08:14:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{F1A6CAD4-A881-4AA2-B78F-3B8049966393}
[2013/03/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1FF460EA-A122-4E99-A2A4-DE3D41F1A41E}
[2013/03/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/03/18 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2013/03/18 15:14:33 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/03/18 15:14:33 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/03/18 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/03/18 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/18 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/18 10:48:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2013/03/18 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2013/03/18 09:13:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C24A48EC-72E1-4659-81A7-657CE5918BC9}
[2013/03/17 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AB2E2B86-0618-41E9-BB2B-8F2A6BEBCE54}
[2013/03/17 09:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 09:41:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E0F37E2B-D804-4752-9F44-BEE5E0F2C247}
[2013/03/15 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{69BA8EC4-267E-47A1-845A-2F5C2CF0F593}
[2013/03/15 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1CAFF28E-5BC4-4D9F-AE04-9703B7794FDB}
[2013/03/14 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1A86E95F-6E1D-474D-82F7-1025EE470D50}
[2013/03/14 05:47:40 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/13 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{A0320918-88E8-47ED-8FEA-53DAF2FC7102}
[2013/03/13 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6B8FCCAB-2462-44C4-8EEC-EC15E7700542}
[2013/03/13 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data-1
[2013/03/13 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data
[2013/03/13 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{D54CC5D4-E19F-4AB9-ADE3-00DEAC954B92}
[2013/03/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{00DECF31-5884-4B67-B03D-1580276728E6}
[2013/03/12 07:56:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E80F5D57-6E86-4407-A8B8-8CC62B27AB50}
[2013/03/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C3192566-D6A6-424D-B506-DE097BA928E3}
[2013/03/11 06:07:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Malwarebytes
[2013/03/11 06:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/11 06:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/11 06:07:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Programs
[2013/03/10 17:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 11:02:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E7357FA0-BF4F-4397-9629-8AC6C4F02034}
[2013/03/10 10:33:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{3072DAFF-ED98-4C2D-974F-435621D95050}
[2013/03/09 08:31:51 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C5EDE53E-C589-4C85-85A2-309D7FAFB1D6}
[2013/03/08 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AFF13EDA-C28F-4DA3-992D-5756F360BDE6}
[2013/03/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{30669A07-3F85-4B40-8F55-04FFDEAD597F}
[2013/03/07 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FD9F0475-12C1-4230-890C-B24CB8F0AD26}
[2013/03/06 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/06 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1B563261-1295-4362-966E-ACF08E175584}
[2013/03/05 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{CBBDFFAB-9162-40C0-A222-E84C05EDEDEB}
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/05 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{32D33FEE-F28D-4A95-A417-83BB6D096E5B}
[2013/03/04 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{43BF15EF-E208-488C-9442-462397E7710A}
[2013/03/03 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{ABED4794-38BE-4EB0-92F0-4CBCE275B5D3}
[2013/03/03 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/03/02 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{2F61ED36-D6BE-4571-99FE-D00AFB81AD21}

========== Files - Modified Within 30 Days ==========

[2030/07/20 19:57:30 | 000,648,124 | ---- | M] () -- C:\Users\BR\Documents\IMG_0087.JPG
[2030/07/20 19:55:56 | 000,905,640 | ---- | M] () -- C:\Users\BR\Documents\IMG_0085.JPG
[2030/07/20 19:55:26 | 000,792,710 | ---- | M] () -- C:\Users\BR\Documents\IMG_0083.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057(0).JPG
[2029/01/01 05:09:38 | 000,771,357 | ---- | M] () -- C:\Users\BR\Documents\IMG_0042.JPG
[2029/01/01 05:08:18 | 000,941,950 | ---- | M] () -- C:\Users\BR\Documents\IMG_0040.JPG
[2013/03/24 07:23:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 07:23:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 07:23:22 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/24 07:23:22 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/24 07:23:22 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/24 07:16:55 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 07:16:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 07:16:21 | 1314,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 07:06:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/24 07:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 06:59:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 19:27:23 | 000,001,034 | ---- | M] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/22 08:48:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/22 07:59:05 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/22 07:57:21 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 09:13:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | M] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | M] () -- C:\Users\BR\Documents\SCAN0000.odt
[2013/03/05 08:51:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/05 04:01:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/03/23 19:27:23 | 000,001,034 | ---- | C] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:35:02 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:33 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/21 10:03:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/20 17:53:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/20 09:13:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | C] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/03/18 15:14:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | C] () -- C:\Users\BR\Documents\SCAN0000.odt
[2012/12/02 13:08:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/10/03 18:23:13 | 000,049,261 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.1
[2012/10/03 18:23:12 | 000,136,857 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.0
[2012/10/03 18:23:12 | 000,049,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
[2012/10/03 18:22:42 | 000,050,685 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.1
[2012/10/03 18:22:40 | 000,135,858 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.0
[2012/10/03 18:22:40 | 000,050,520 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
[2012/10/03 18:22:18 | 000,134,269 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.0
[2012/10/03 18:22:18 | 000,049,466 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
[2012/10/03 18:21:55 | 000,115,714 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.0
[2012/10/03 18:21:55 | 000,038,427 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
[2012/10/03 18:21:35 | 000,121,078 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.0
[2012/10/03 18:21:35 | 000,044,248 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
[2012/10/03 18:18:39 | 000,112,551 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.0
[2012/10/03 18:18:39 | 000,040,181 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
[2012/09/23 14:15:55 | 000,132,533 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
[2012/09/23 14:15:52 | 000,132,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
[2012/09/23 14:15:39 | 000,003,890 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
[2012/09/23 14:15:33 | 000,137,289 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
[2012/08/22 16:05:20 | 000,006,400 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
[2012/08/22 16:05:20 | 000,001,969 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
[2012/06/07 21:09:05 | 000,000,000 | ---- | C] () -- C:\Users\BR\AppData\Local\Temptable.xml
[2012/06/07 14:40:49 | 000,016,016 | ---- | C] () -- C:\Users\BR\carbon_steel.jpg
[2012/06/07 14:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/14 09:36:24 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008(0).JPG
[2012/03/14 09:36:24 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021(0).JPG
[2012/03/14 08:44:41 | 000,000,133 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 18:47:41 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2012/03/13 08:16:26 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/13 08:16:26 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/03/13 06:43:42 | 000,768,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 05:27:04 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008.JPG
[2012/03/13 05:27:04 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021.JPG

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/14 05:47:40 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2012/12/15 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\AnvSoft
[2012/08/20 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Canneverbe Limited
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DassaultSystemes
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DriverCure
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\EDrawings
[2013/03/18 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2012/11/14 08:42:35 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\funkitron
[2013/03/06 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/24 07:17:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2012/04/18 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TeamViewer
[2012/09/13 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TightVNC
[2013/03/18 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\WildTangent
[2012/04/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/14 09:44:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2012/03/14 09:43:54 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
[2012/03/13 05:33:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2012/03/13 05:32:55 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\BR\Documents\2008 BMW 335I Service History.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty

< End of report >
  • 0

#8
Essexboy
Posted 24 March 2013 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that it has now gone ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2013/03/23 21:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#9
RUSTY2
Posted 24 March 2013 - 09:37 AM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
Hi ESSEXBOY, THE CHITKA POPUP'S ARE NOT COMING UP ANYMORE!
DID THE SCAN SHOWED 1 PROBLEM SHOULD I GET THE MALEWARE TO REMOVE IT?

HERE ARE THE RESULTS
HEURISTICS,RES....

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.18.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BR :: BRIAN-PC [administrator]

Protection: Enabled

24/03/2013 8:24:21 AM
MBAM-log-2013-03-24 (08-31-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278719
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\BR\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)
  • 0

#10
Essexboy
Posted 24 March 2013 - 09:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye delete that

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

Advertisements

#11
RUSTY2
Posted 24 March 2013 - 10:46 AM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
Thank you for all your help very much appreciated !

All popups seem to be gone now !!!

I do have 1 smaller problem now, my windows live mail has a window coming up now with

INITIALIZATION OF RSS FEED SUPPORT FAILED. RSS FEEDS COULD NOT BE UPDATED.

It does not seem to be stopping mail , can you tell me how to get rid of this?
  • 0

#12
Essexboy
Posted 24 March 2013 - 10:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open live mail and select View tab
Click Quick View
Click feeds and ensure that all are unticked
[attachment=63935:Capture.JPG]
  • 0

#13
RUSTY2
Posted 24 March 2013 - 11:31 AM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
unchecked all ,but still have the problem, tried rebooting no luck
  • 0

#14
Essexboy
Posted 24 March 2013 - 11:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next trick delete the following folders

C:\Users\BR\AppData\Local\Microsoft\Windows Live Mail\Your Feeds
C:\Users\BR\AppData\Local\Microsoft\Feeds
  • 0

#15
RUSTY2
Posted 24 March 2013 - 03:51 PM

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
thank you greatly that did it
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP