Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ukash virus on windows 7 [Solved]

Started by satelite , May 07 2013 03:12 AM

  • This topic is locked This topic is locked

#1
satelite
Posted 07 May 2013 - 03:12 AM

satelite

    New Member

  • Member
  • Pip
  • 8 posts
Hi everyone

Firstly what a fantastic site and community here.

I have had this virus before and cleared it with no problem in the past, but it seems it has been develop some what.

Safe mode has been locked.

I had run frst.exe and this is the results, hope I have presented this correctly


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013
Ran by SYSTEM on 07-05-2013 09:55:22
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [AsioReg] REGSVR32 /S CTASIO.DLL [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKU\phil\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [ 2013-03-14] (Disc Soft Ltd)
HKU\phil\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [ 2013-04-16] (Google)
HKU\phil\...\Policies\system: [LogonHoursAction] 2
HKU\phil\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\phil\...\Winlogon: [Shell] explorer.exe,C:\Users\phil\AppData\Roaming\skype.dat <==== ATTENTION

========================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-20] (Advanced Micro Devices, Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-05-06] (SurfRight B.V.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-11-23] ()
S2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-17] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-11] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-11] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-09] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-11] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-11] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-11] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-11] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-11] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-11] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-11] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-11] (Creative Technology Ltd)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-26] (DT Soft Ltd)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-09] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-09] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-09] (Creative Technology Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2013-05-06] ()
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] ()
S1 drviwvpe; \??\C:\Windows\system32\drivers\drviwvpe.sys [x]
S1 fvzeqmgh; \??\C:\Windows\system32\drivers\fvzeqmgh.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S1 lcukglvf; \??\C:\Windows\system32\drivers\lcukglvf.sys [x]
S1 takdxvxy; \??\C:\Windows\system32\drivers\takdxvxy.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-07 00:17 - 2013-05-07 00:17 - 00000000 ____D C:\Windows\pss
2013-05-06 17:20 - 2013-05-06 17:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-05-06 05:29 - 2013-05-06 05:29 - 00000000 ____D C:\FRST
2013-05-06 04:46 - 2013-05-06 04:46 - 00030464 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-05-06 02:05 - 2013-05-06 13:06 - 00000004 ____A C:\Users\phil\AppData\Roaming\skype.ini
2013-05-05 14:27 - 2013-05-05 14:27 - 00144224 ____A C:\Windows\Minidump\050513-16848-01.dmp
2013-05-05 14:07 - 2013-05-05 23:30 - 00000000 ____D C:\Users\phil\Downloads\Hansel.and.Gretel.Witch.Hunters.2013.DVDRip.XviD.AC3-NYDIC
2013-05-05 14:06 - 2013-05-05 23:32 - 00000000 ____D C:\Users\phil\Downloads\Hollow Man II (2006)
2013-05-05 11:44 - 2013-05-05 11:44 - 00000000 ____D C:\Users\phil\AppData\Local\{C01C5778-D968-4C09-9E94-04A9ECF1B64F}
2013-05-05 07:31 - 2013-05-05 08:51 - 00000000 ____D C:\Users\phil\Downloads\The.Sims.3.Deluxe.4.1.1.Rus.Eng.RePack_[R.G.Catalyst]
2013-05-04 20:41 - 2013-05-04 20:41 - 00000000 ____D C:\Users\phil\AppData\Local\{3188FEC8-AB2B-4128-B72A-DABB0B4345F8}
2013-05-04 02:45 - 2013-05-04 02:47 - 00000000 ____D C:\Users\phil\Downloads\The.Place.Beyond.the.Pines.2012.DVDSCR.XviD.AC3-PTpOWeR
2013-05-04 01:31 - 2013-05-04 02:03 - 00000000 ____D C:\Users\phil\Downloads\The.Big.Bang.Theory.S06E22.HDTV.x264-LOL
2013-05-04 01:31 - 2013-05-04 02:02 - 00000000 ____D C:\Users\phil\Downloads\The.Big.Bang.Theory.S06E21.HDTV.XviD-BiT
2013-05-03 22:40 - 2013-05-03 22:40 - 00000000 ____D C:\Users\phil\AppData\Local\{3AD5CBA8-5D1E-40A7-8547-E82A59EBB345}
2013-05-03 07:49 - 2013-05-03 07:50 - 00000000 ____D C:\Users\phil\AppData\Local\{8E67878A-3699-4527-97E7-17CFFF7EB7B6}
2013-05-03 06:59 - 2013-05-06 04:57 - 00000000 ___SD C:\Users\phil\Google Drive
2013-05-03 06:59 - 2013-05-03 06:59 - 00001691 ____A C:\Users\phil\Desktop\Google Drive.lnk
2013-05-03 06:58 - 2013-05-03 06:58 - 00000000 ____D C:\Users\phil\AppData\LocalGoogle
2013-05-03 06:57 - 2013-05-03 06:57 - 00781760 ____A (Google Inc.) C:\Users\phil\Downloads\googledrivesync.exe
2013-05-03 05:06 - 2013-05-03 05:08 - 00010240 __ASH C:\Users\phil\Downloads\Thumbs.db
2013-05-02 21:01 - 2013-05-04 02:05 - 00000000 ____D C:\Users\phil\Downloads\Parker 2013 BRRip XviD AC3-SANTi
2013-05-02 20:55 - 2013-05-02 21:05 - 466375438 ___RA C:\Users\phil\Downloads\Deadliest.Catch.S09E03.HDTV.x264-KILLERS.mp4
2013-05-02 19:49 - 2013-05-02 19:49 - 00000000 ____D C:\Users\phil\AppData\Local\{AE847638-BCE4-4703-8A81-902562C005A9}
2013-05-01 22:43 - 2013-05-01 22:43 - 00000000 ____D C:\Users\phil\AppData\Local\{BC45DA34-4224-4637-B509-CC9A85B62BFE}
2013-05-01 05:25 - 2013-05-01 05:25 - 00000000 ____D C:\Users\phil\AppData\Local\{24510FAF-9694-4D3B-8332-B744CDD4B456}
2013-05-01 03:50 - 2013-05-01 04:03 - 00000000 ____D C:\Users\phil\Downloads\Revenge.S02E19.HDTV.XviD-AFG
2013-05-01 02:37 - 2013-05-01 02:37 - 00000000 ____D C:\Users\phil\AppData\Local\{32D77A6B-CF7D-45F2-93DD-39107AC63882}
2013-05-01 00:12 - 2013-05-01 00:14 - 00000000 ____D C:\Users\phil\Downloads\Iron Man 3-camrip 2013-Inferno
2013-05-01 00:06 - 2013-05-01 00:28 - 00000000 ____D C:\Users\phil\Downloads\Beautiful Creatures 2013 480p WEB-DL XviD AC3-BiDA
2013-04-30 13:03 - 2013-04-30 13:03 - 00000000 ____D C:\Users\phil\AppData\Local\{2F3CADEC-A349-4DF8-AEC6-8BAAF22DEAF9}
2013-04-30 12:52 - 2013-04-30 12:52 - 00002201 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-30 12:51 - 2013-05-06 13:05 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-30 12:51 - 2013-05-06 02:02 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-30 12:51 - 2013-05-03 06:58 - 00000000 ____D C:\Users\phil\AppData\Local\Google
2013-04-30 12:51 - 2013-05-03 06:57 - 00000000 ____D C:\Program Files\Google
2013-04-30 12:51 - 2013-04-30 12:51 - 00774608 ____A (Google Inc.) C:\Users\phil\Downloads\ChromeSetup.exe
2013-04-30 10:24 - 2013-04-30 12:32 - 00000000 ____D C:\Users\phil\Downloads\Iron Man 3 2013 New Source TSRip Pimp4003 (PimpRG)
2013-04-29 23:41 - 2013-04-29 23:41 - 00000000 ____D C:\Users\phil\AppData\Local\{3A47E486-60FC-4E27-BA29-27B84DAA5399}
2013-04-29 11:17 - 2013-04-29 11:17 - 00000000 ____D C:\Users\phil\AppData\Local\{1403A160-A0A7-43EF-AA68-3DF5FF92950B}
2013-04-29 11:15 - 2013-04-29 11:15 - 00144224 ____A C:\Windows\Minidump\042913-15943-01.dmp
2013-04-28 22:27 - 2013-04-28 22:27 - 00000000 ____D C:\Users\phil\AppData\Local\{83823BEF-169A-4EA1-8D9C-B776C528938D}
2013-04-28 20:19 - 2013-04-28 20:19 - 00000000 ____D C:\Users\phil\AppData\Local\{91512B86-4833-4960-9EBF-F422A4EFB745}
2013-04-28 12:32 - 2013-04-28 12:33 - 00000000 ____D C:\Users\phil\Downloads\Deacon Blue - The Very Best Of Deacon Blue
2013-04-28 09:14 - 2013-04-28 09:14 - 00000000 ____D C:\Users\phil\AppData\Local\{E0C97CDF-B742-4BC4-A87B-C04E1C035113}
2013-04-28 06:01 - 2013-04-28 06:02 - 24247157 ____A C:\Users\phil\Downloads\0466.zip
2013-04-27 19:45 - 2013-04-27 19:46 - 00000000 ____D C:\Users\phil\AppData\Local\{8B2BFC6E-22C4-41B6-9B3E-4272502E98EB}
2013-04-27 00:00 - 2013-04-27 00:00 - 00000000 ____D C:\Users\phil\AppData\Local\{695B9BAD-21E1-455D-AF07-E67611DE6882}
2013-04-26 22:43 - 2013-04-26 22:43 - 00000000 ____D C:\Users\phil\AppData\Local\{0B726866-6E1D-4A80-A685-C88CFBEC0654}
2013-04-26 10:42 - 2013-04-26 10:42 - 00000000 ____D C:\Users\phil\AppData\Local\{B9C09E02-8FF2-46C5-87EA-2F99BA17E182}
2013-04-25 19:36 - 2013-04-25 19:36 - 00000000 ____D C:\Users\phil\AppData\Local\{78861B6B-11CB-44DC-AE97-A2EB04AA3844}
2013-04-24 23:26 - 2013-04-24 23:26 - 00000000 ____D C:\Users\phil\AppData\Local\{8E364DB8-5246-461B-8210-3C2315FBF4EF}
2013-04-24 15:11 - 2013-04-25 03:11 - 00000000 ____D C:\Users\phil\Downloads\21 & Over (2013) R5 LINE Xvid MP3 MiLLENiUM
2013-04-24 03:39 - 2013-04-26 05:09 - 00000000 ____D C:\Users\phil\Downloads\Deadliest.Catch.S09.Special.Legend.Of.The.Time.Bandit.HDTV.x264-W4F
2013-04-24 03:27 - 2013-04-24 03:27 - 00000000 ____D C:\Users\phil\AppData\Local\{7C1B67A8-4F9C-44A3-B015-B0936A440C95}
2013-04-24 02:26 - 2013-04-24 02:26 - 00000000 ____D C:\ProgramData\RELOADED
2013-04-24 02:21 - 2013-04-24 02:21 - 00000898 ____A C:\Users\Public\Desktop\Dead Island Riptide.lnk
2013-04-24 02:19 - 2013-04-24 03:50 - 00000000 ____D C:\Program Files\Dead Island Riptide
2013-04-24 00:14 - 2013-04-24 02:11 - 00000000 ____D C:\Users\phil\Downloads\Dead.Island.Riptide-RELOADED
2013-04-23 19:24 - 2013-04-12 05:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 13:49 - 2013-04-23 13:49 - 00000000 ____D C:\Users\phil\AppData\Local\{C20A9416-A32A-4CCB-9060-63320ECD251D}
2013-04-23 00:08 - 2013-04-23 00:08 - 00000000 ____D C:\Users\phil\AppData\Local\{298A7747-DD40-4F2D-BFD1-619CF06505B3}
2013-04-22 03:14 - 2013-04-22 03:14 - 00000000 ____D C:\Users\phil\AppData\Local\{7E508734-E4D6-4D06-ABE3-CC3C3A0C9063}
2013-04-22 03:12 - 2013-04-22 08:41 - 00000000 ____D C:\Users\phil\Downloads\The.Last.Stand.2013.ENG.HDRip.1.46GB.-Lum1x
2013-04-21 09:44 - 2013-04-21 09:44 - 00000000 ____D C:\Users\phil\AppData\Local\{C9904E53-6ECF-460E-B1E3-6CFC6F28D25E}
2013-04-20 19:36 - 2013-04-20 19:36 - 00000000 ____D C:\Users\phil\AppData\Local\{FEA187EB-06C2-4020-9AAB-01AA1087E541}
2013-04-20 10:58 - 2013-04-20 10:58 - 00002764 ____A C:\Users\Public\Desktop\Serious Sam 3.lnk
2013-04-20 10:56 - 2013-04-20 10:56 - 00000000 ____D C:\Program Files\Croteam
2013-04-19 23:59 - 2013-04-20 00:03 - 00000000 ____D C:\Users\phil\Downloads\Serious Sam 3 BFE - Multi
2013-04-19 22:45 - 2013-04-19 22:45 - 00000000 ____D C:\Users\phil\AppData\Local\{77205320-5059-47BB-96A7-FC81FBBF161D}
2013-04-19 13:01 - 2013-04-19 13:13 - 00000000 ____D C:\Users\phil\Downloads\Eagles - Complete Greatest Hits
2013-04-19 04:00 - 2013-04-19 04:00 - 00001171 ____A C:\Users\phil\Desktop\Any Video Converter 5.lnk
2013-04-18 22:43 - 2013-04-18 22:44 - 00000000 ____D C:\Users\phil\AppData\Local\{22F0EF4E-D7A1-448A-8C95-6F0056149BE1}
2013-04-18 19:58 - 2013-04-18 19:58 - 00000000 ____D C:\Users\phil\AppData\Local\{5CDB2473-6EEC-4B88-9251-3CE5A359A6A8}
2013-04-18 04:31 - 2013-04-18 04:32 - 00000000 ____D C:\Users\phil\AppData\Local\{369A75F2-5A63-401D-945F-9D8277837A98}
2013-04-17 10:58 - 2013-04-17 10:58 - 00000000 ____D C:\Users\phil\AppData\Local\{F0299C5B-32D0-430A-AB63-4E1AAEDFBFA8}
2013-04-17 05:23 - 2013-04-17 05:23 - 00000000 ____D C:\Users\phil\Downloads\5213
2013-04-16 20:33 - 2013-04-16 20:34 - 00000000 ____D C:\Users\phil\AppData\Local\{D18A8B62-3610-4E78-980C-F8AC844C12ED}
2013-04-16 14:27 - 2013-04-16 14:27 - 00004005 ____A C:\Users\phil\Desktop\DeSmuME.exe - Shortcut.lnk
2013-04-16 13:59 - 2013-04-16 14:00 - 00000000 ____D C:\Users\phil\Downloads\ideas1032
2013-04-16 11:22 - 2012-12-24 23:52 - 00000000 ____D C:\Users\phil\Documents\Wood_R4_v1.56
2013-04-16 00:54 - 2013-04-16 00:54 - 00000000 ____D C:\Users\phil\AppData\Local\{FC9CD902-4E06-4FE5-BF46-483EF106AAB6}
2013-04-15 12:17 - 2013-04-15 12:17 - 00000000 ____D C:\Users\phil\AppData\Local\{9B8375DC-696A-4C5D-B509-40B9DAC89D27}
2013-04-14 23:57 - 2013-04-14 23:57 - 00000000 ____D C:\Users\phil\AppData\Local\{3D586515-1F17-463F-A951-9DD140932EA4}
2013-04-13 22:57 - 2013-04-13 22:57 - 00000000 ____D C:\Users\phil\AppData\Local\{3604D6FD-B51D-4394-B2B1-7CA23474AD45}
2013-04-13 06:46 - 2013-04-13 06:46 - 00000000 ____D C:\Users\phil\AppData\Local\{0F854BB6-E4FF-47E6-AF62-231D944E35F1}
2013-04-13 01:39 - 2013-04-13 01:39 - 00000000 ____D C:\Users\phil\AppData\Local\{5BE4EEB7-7D1A-4D1B-B002-DADF6214E49F}
2013-04-12 12:44 - 2013-04-12 12:44 - 00000000 ____D C:\Users\phil\AppData\Local\{CFDAA77A-A012-4545-B960-9C4666D4BA4F}
2013-04-11 23:29 - 2013-04-11 23:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-11 23:24 - 2013-04-11 23:25 - 00000000 ____D C:\Users\phil\AppData\Local\{1C425CCA-D696-4362-9CA0-ACC868E12296}
2013-04-11 14:10 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 14:10 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 14:10 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 14:10 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 14:10 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 14:10 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 14:10 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 14:10 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 14:10 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 14:10 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 14:10 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 14:10 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 14:10 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 14:10 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 14:10 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 14:10 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 12:51 - 2013-04-11 13:02 - 00000000 ____D C:\Users\phil\Downloads\Hannibal.S01E01.HDTV.x264-LOL
2013-04-11 05:40 - 2013-04-11 05:41 - 00000000 ____D C:\Users\phil\AppData\Local\{6992B0FF-C3D9-4E02-8D28-0D4ECFF7DE86}
2013-04-11 02:34 - 2013-04-11 02:35 - 00000000 ____D C:\Steam
2013-04-11 01:56 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-11 01:56 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-11 01:56 - 2013-03-18 20:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-11 01:56 - 2013-03-18 18:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-11 01:56 - 2013-02-28 19:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 01:56 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 01:56 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-11 01:56 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-08 14:04 - 2013-04-20 10:55 - 00000000 ____D C:\Users\phil\Documents\sam
2013-04-08 13:46 - 2013-04-08 13:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-08 13:46 - 2013-04-08 13:46 - 00000000 ____D C:\Program Files (x86)
2013-04-08 13:43 - 2013-04-08 15:10 - 462653440 ____A C:\Users\phil\Downloads\Repair Peugeot 206-406 multilanguage.ISO
2013-04-08 02:22 - 2013-04-08 02:22 - 00000000 ____D C:\Users\phil\AppData\Local\{B1F0E795-8AFA-40D1-9490-BEC5CAFB5FA0}

==================== One Month Modified Files and Folders ========

2013-05-07 00:17 - 2013-05-07 00:17 - 00000000 ____D C:\Windows\pss
2013-05-07 00:13 - 2010-11-20 13:01 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-06 21:23 - 2013-02-03 01:44 - 00000000 ____D C:\Kane & Lynch 2- Dog Days
2013-05-06 17:20 - 2013-05-06 17:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-05-06 13:06 - 2013-05-06 02:05 - 00000004 ____A C:\Users\phil\AppData\Roaming\skype.ini
2013-05-06 13:06 - 2012-04-23 05:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-06 13:05 - 2013-04-30 12:51 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-06 13:05 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-06 13:05 - 2009-07-13 20:39 - 00046695 ____A C:\Windows\setupact.log
2013-05-06 05:29 - 2013-05-06 05:29 - 00000000 ____D C:\FRST
2013-05-06 04:57 - 2013-05-03 06:59 - 00000000 ___SD C:\Users\phil\Google Drive
2013-05-06 04:49 - 2012-04-14 08:49 - 01213956 ____A C:\Windows\WindowsUpdate.log
2013-05-06 04:46 - 2013-05-06 04:46 - 00030464 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-05-06 04:46 - 2013-01-07 00:46 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-05-06 04:46 - 2013-01-07 00:46 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-06 04:38 - 2013-01-07 00:42 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-06 04:26 - 2009-07-13 20:34 - 00023904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-06 04:25 - 2009-07-13 20:34 - 00023904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-06 02:05 - 2012-04-14 21:19 - 00000000 ____D C:\Users\phil\AppData\Roaming\uTorrent
2013-05-06 02:02 - 2013-04-30 12:51 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-05 23:32 - 2013-05-05 14:06 - 00000000 ____D C:\Users\phil\Downloads\Hollow Man II (2006)
2013-05-05 23:30 - 2013-05-05 14:07 - 00000000 ____D C:\Users\phil\Downloads\Hansel.and.Gretel.Witch.Hunters.2013.DVDRip.XviD.AC3-NYDIC
2013-05-05 14:27 - 2013-05-05 14:27 - 00144224 ____A C:\Windows\Minidump\050513-16848-01.dmp
2013-05-05 14:27 - 2012-04-27 16:29 - 263906266 ____A C:\Windows\MEMORY.DMP
2013-05-05 14:27 - 2012-04-27 16:29 - 00000000 ____D C:\Windows\Minidump
2013-05-05 14:27 - 2012-04-14 21:20 - 00000000 ____D C:\Program Files\uTorrent
2013-05-05 14:27 - 2010-11-20 13:48 - 00025888 ____A C:\Windows\PFRO.log
2013-05-05 11:44 - 2013-05-05 11:44 - 00000000 ____D C:\Users\phil\AppData\Local\{C01C5778-D968-4C09-9E94-04A9ECF1B64F}
2013-05-05 08:51 - 2013-05-05 07:31 - 00000000 ____D C:\Users\phil\Downloads\The.Sims.3.Deluxe.4.1.1.Rus.Eng.RePack_[R.G.Catalyst]
2013-05-04 20:41 - 2013-05-04 20:41 - 00000000 ____D C:\Users\phil\AppData\Local\{3188FEC8-AB2B-4128-B72A-DABB0B4345F8}
2013-05-04 02:47 - 2013-05-04 02:45 - 00000000 ____D C:\Users\phil\Downloads\The.Place.Beyond.the.Pines.2012.DVDSCR.XviD.AC3-PTpOWeR
2013-05-04 02:05 - 2013-05-02 21:01 - 00000000 ____D C:\Users\phil\Downloads\Parker 2013 BRRip XviD AC3-SANTi
2013-05-04 02:03 - 2013-05-04 01:31 - 00000000 ____D C:\Users\phil\Downloads\The.Big.Bang.Theory.S06E22.HDTV.x264-LOL
2013-05-04 02:02 - 2013-05-04 01:31 - 00000000 ____D C:\Users\phil\Downloads\The.Big.Bang.Theory.S06E21.HDTV.XviD-BiT
2013-05-03 22:40 - 2013-05-03 22:40 - 00000000 ____D C:\Users\phil\AppData\Local\{3AD5CBA8-5D1E-40A7-8547-E82A59EBB345}
2013-05-03 07:50 - 2013-05-03 07:49 - 00000000 ____D C:\Users\phil\AppData\Local\{8E67878A-3699-4527-97E7-17CFFF7EB7B6}
2013-05-03 06:59 - 2013-05-03 06:59 - 00001691 ____A C:\Users\phil\Desktop\Google Drive.lnk
2013-05-03 06:59 - 2012-04-14 09:13 - 00000000 ____D C:\users\phil
2013-05-03 06:58 - 2013-05-03 06:58 - 00000000 ____D C:\Users\phil\AppData\LocalGoogle
2013-05-03 06:58 - 2013-04-30 12:51 - 00000000 ____D C:\Users\phil\AppData\Local\Google
2013-05-03 06:57 - 2013-05-03 06:57 - 00781760 ____A (Google Inc.) C:\Users\phil\Downloads\googledrivesync.exe
2013-05-03 06:57 - 2013-04-30 12:51 - 00000000 ____D C:\Program Files\Google
2013-05-03 05:08 - 2013-05-03 05:06 - 00010240 __ASH C:\Users\phil\Downloads\Thumbs.db
2013-05-02 21:05 - 2013-05-02 20:55 - 466375438 ___RA C:\Users\phil\Downloads\Deadliest.Catch.S09E03.HDTV.x264-KILLERS.mp4
2013-05-02 19:49 - 2013-05-02 19:49 - 00000000 ____D C:\Users\phil\AppData\Local\{AE847638-BCE4-4703-8A81-902562C005A9}
2013-05-02 07:28 - 2012-04-14 10:32 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 22:43 - 2013-05-01 22:43 - 00000000 ____D C:\Users\phil\AppData\Local\{BC45DA34-4224-4637-B509-CC9A85B62BFE}
2013-05-01 05:25 - 2013-05-01 05:25 - 00000000 ____D C:\Users\phil\AppData\Local\{24510FAF-9694-4D3B-8332-B744CDD4B456}
2013-05-01 04:03 - 2013-05-01 03:50 - 00000000 ____D C:\Users\phil\Downloads\Revenge.S02E19.HDTV.XviD-AFG
2013-05-01 02:37 - 2013-05-01 02:37 - 00000000 ____D C:\Users\phil\AppData\Local\{32D77A6B-CF7D-45F2-93DD-39107AC63882}
2013-05-01 00:28 - 2013-05-01 00:06 - 00000000 ____D C:\Users\phil\Downloads\Beautiful Creatures 2013 480p WEB-DL XviD AC3-BiDA
2013-05-01 00:14 - 2013-05-01 00:12 - 00000000 ____D C:\Users\phil\Downloads\Iron Man 3-camrip 2013-Inferno
2013-04-30 13:03 - 2013-04-30 13:03 - 00000000 ____D C:\Users\phil\AppData\Local\{2F3CADEC-A349-4DF8-AEC6-8BAAF22DEAF9}
2013-04-30 12:52 - 2013-04-30 12:52 - 00002201 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-30 12:51 - 2013-04-30 12:51 - 00774608 ____A (Google Inc.) C:\Users\phil\Downloads\ChromeSetup.exe
2013-04-30 12:32 - 2013-04-30 10:24 - 00000000 ____D C:\Users\phil\Downloads\Iron Man 3 2013 New Source TSRip Pimp4003 (PimpRG)
2013-04-29 23:41 - 2013-04-29 23:41 - 00000000 ____D C:\Users\phil\AppData\Local\{3A47E486-60FC-4E27-BA29-27B84DAA5399}
2013-04-29 11:17 - 2013-04-29 11:17 - 00000000 ____D C:\Users\phil\AppData\Local\{1403A160-A0A7-43EF-AA68-3DF5FF92950B}
2013-04-29 11:15 - 2013-04-29 11:15 - 00144224 ____A C:\Windows\Minidump\042913-15943-01.dmp
2013-04-29 00:48 - 2012-04-23 05:46 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-29 00:48 - 2012-04-23 03:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-28 22:27 - 2013-04-28 22:27 - 00000000 ____D C:\Users\phil\AppData\Local\{83823BEF-169A-4EA1-8D9C-B776C528938D}
2013-04-28 20:19 - 2013-04-28 20:19 - 00000000 ____D C:\Users\phil\AppData\Local\{91512B86-4833-4960-9EBF-F422A4EFB745}
2013-04-28 12:33 - 2013-04-28 12:32 - 00000000 ____D C:\Users\phil\Downloads\Deacon Blue - The Very Best Of Deacon Blue
2013-04-28 09:14 - 2013-04-28 09:14 - 00000000 ____D C:\Users\phil\AppData\Local\{E0C97CDF-B742-4BC4-A87B-C04E1C035113}
2013-04-28 06:02 - 2013-04-28 06:01 - 24247157 ____A C:\Users\phil\Downloads\0466.zip
2013-04-27 19:46 - 2013-04-27 19:45 - 00000000 ____D C:\Users\phil\AppData\Local\{8B2BFC6E-22C4-41B6-9B3E-4272502E98EB}
2013-04-27 00:00 - 2013-04-27 00:00 - 00000000 ____D C:\Users\phil\AppData\Local\{695B9BAD-21E1-455D-AF07-E67611DE6882}
2013-04-26 22:43 - 2013-04-26 22:43 - 00000000 ____D C:\Users\phil\AppData\Local\{0B726866-6E1D-4A80-A685-C88CFBEC0654}
2013-04-26 10:42 - 2013-04-26 10:42 - 00000000 ____D C:\Users\phil\AppData\Local\{B9C09E02-8FF2-46C5-87EA-2F99BA17E182}
2013-04-26 05:09 - 2013-04-24 03:39 - 00000000 ____D C:\Users\phil\Downloads\Deadliest.Catch.S09.Special.Legend.Of.The.Time.Bandit.HDTV.x264-W4F
2013-04-25 19:36 - 2013-04-25 19:36 - 00000000 ____D C:\Users\phil\AppData\Local\{78861B6B-11CB-44DC-AE97-A2EB04AA3844}
2013-04-25 03:11 - 2013-04-24 15:11 - 00000000 ____D C:\Users\phil\Downloads\21 & Over (2013) R5 LINE Xvid MP3 MiLLENiUM
2013-04-25 03:05 - 2012-05-16 06:46 - 00000000 ____D C:\ProgramData\Adobe
2013-04-24 23:26 - 2013-04-24 23:26 - 00000000 ____D C:\Users\phil\AppData\Local\{8E364DB8-5246-461B-8210-3C2315FBF4EF}
2013-04-24 23:24 - 2012-05-03 08:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-24 03:50 - 2013-04-24 02:19 - 00000000 ____D C:\Program Files\Dead Island Riptide
2013-04-24 03:27 - 2013-04-24 03:27 - 00000000 ____D C:\Users\phil\AppData\Local\{7C1B67A8-4F9C-44A3-B015-B0936A440C95}
2013-04-24 02:26 - 2013-04-24 02:26 - 00000000 ____D C:\ProgramData\RELOADED
2013-04-24 02:21 - 2013-04-24 02:21 - 00000898 ____A C:\Users\Public\Desktop\Dead Island Riptide.lnk
2013-04-24 02:11 - 2013-04-24 00:14 - 00000000 ____D C:\Users\phil\Downloads\Dead.Island.Riptide-RELOADED
2013-04-24 01:47 - 2012-08-30 12:45 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-04-24 01:47 - 2012-08-30 12:44 - 00000000 ____D C:\Program Files\DivX
2013-04-24 01:47 - 2012-08-30 12:43 - 00000000 ____D C:\ProgramData\DivX
2013-04-24 00:16 - 2013-01-23 16:01 - 00000000 ____D C:\Users\phil\Downloads\Harry.Potter.MOViE.PACK.DVDRip.XviD
2013-04-23 13:49 - 2013-04-23 13:49 - 00000000 ____D C:\Users\phil\AppData\Local\{C20A9416-A32A-4CCB-9060-63320ECD251D}
2013-04-23 00:08 - 2013-04-23 00:08 - 00000000 ____D C:\Users\phil\AppData\Local\{298A7747-DD40-4F2D-BFD1-619CF06505B3}
2013-04-22 08:41 - 2013-04-22 03:12 - 00000000 ____D C:\Users\phil\Downloads\The.Last.Stand.2013.ENG.HDRip.1.46GB.-Lum1x
2013-04-22 03:14 - 2013-04-22 03:14 - 00000000 ____D C:\Users\phil\AppData\Local\{7E508734-E4D6-4D06-ABE3-CC3C3A0C9063}
2013-04-21 09:44 - 2013-04-21 09:44 - 00000000 ____D C:\Users\phil\AppData\Local\{C9904E53-6ECF-460E-B1E3-6CFC6F28D25E}
2013-04-20 19:36 - 2013-04-20 19:36 - 00000000 ____D C:\Users\phil\AppData\Local\{FEA187EB-06C2-4020-9AAB-01AA1087E541}
2013-04-20 10:58 - 2013-04-20 10:58 - 00002764 ____A C:\Users\Public\Desktop\Serious Sam 3.lnk
2013-04-20 10:56 - 2013-04-20 10:56 - 00000000 ____D C:\Program Files\Croteam
2013-04-20 10:56 - 2012-04-14 09:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-04-20 10:55 - 2013-04-08 14:04 - 00000000 ____D C:\Users\phil\Documents\sam
2013-04-20 10:31 - 2012-04-27 14:02 - 00000000 ____D C:\Users\phil\AppData\Local\SKIDROW
2013-04-20 00:03 - 2013-04-19 23:59 - 00000000 ____D C:\Users\phil\Downloads\Serious Sam 3 BFE - Multi
2013-04-19 22:45 - 2013-04-19 22:45 - 00000000 ____D C:\Users\phil\AppData\Local\{77205320-5059-47BB-96A7-FC81FBBF161D}
2013-04-19 13:13 - 2013-04-19 13:01 - 00000000 ____D C:\Users\phil\Downloads\Eagles - Complete Greatest Hits
2013-04-19 04:00 - 2013-04-19 04:00 - 00001171 ____A C:\Users\phil\Desktop\Any Video Converter 5.lnk
2013-04-19 04:00 - 2012-04-22 03:14 - 00000000 ____D C:\Program Files\AnvSoft
2013-04-18 22:44 - 2013-04-18 22:43 - 00000000 ____D C:\Users\phil\AppData\Local\{22F0EF4E-D7A1-448A-8C95-6F0056149BE1}
2013-04-18 19:58 - 2013-04-18 19:58 - 00000000 ____D C:\Users\phil\AppData\Local\{5CDB2473-6EEC-4B88-9251-3CE5A359A6A8}
2013-04-18 08:21 - 2013-04-04 10:48 - 00000000 ____D C:\Users\phil\Downloads\Dark.Skies.2013.720p.Read.Info.X264.AC3.TommieCook
2013-04-18 08:18 - 2013-04-05 14:35 - 00000000 ____D C:\Users\phil\Downloads\Sinister.2012.DVDRip.XviD-NYDIC
2013-04-18 04:32 - 2013-04-18 04:31 - 00000000 ____D C:\Users\phil\AppData\Local\{369A75F2-5A63-401D-945F-9D8277837A98}
2013-04-17 10:58 - 2013-04-17 10:58 - 00000000 ____D C:\Users\phil\AppData\Local\{F0299C5B-32D0-430A-AB63-4E1AAEDFBFA8}
2013-04-17 05:23 - 2013-04-17 05:23 - 00000000 ____D C:\Users\phil\Downloads\5213
2013-04-16 20:34 - 2013-04-16 20:33 - 00000000 ____D C:\Users\phil\AppData\Local\{D18A8B62-3610-4E78-980C-F8AC844C12ED}
2013-04-16 14:27 - 2013-04-16 14:27 - 00004005 ____A C:\Users\phil\Desktop\DeSmuME.exe - Shortcut.lnk
2013-04-16 14:00 - 2013-04-16 13:59 - 00000000 ____D C:\Users\phil\Downloads\ideas1032
2013-04-16 00:54 - 2013-04-16 00:54 - 00000000 ____D C:\Users\phil\AppData\Local\{FC9CD902-4E06-4FE5-BF46-483EF106AAB6}
2013-04-15 12:17 - 2013-04-15 12:17 - 00000000 ____D C:\Users\phil\AppData\Local\{9B8375DC-696A-4C5D-B509-40B9DAC89D27}
2013-04-14 23:57 - 2013-04-14 23:57 - 00000000 ____D C:\Users\phil\AppData\Local\{3D586515-1F17-463F-A951-9DD140932EA4}
2013-04-13 22:57 - 2013-04-13 22:57 - 00000000 ____D C:\Users\phil\AppData\Local\{3604D6FD-B51D-4394-B2B1-7CA23474AD45}
2013-04-13 06:46 - 2013-04-13 06:46 - 00000000 ____D C:\Users\phil\AppData\Local\{0F854BB6-E4FF-47E6-AF62-231D944E35F1}
2013-04-13 01:39 - 2013-04-13 01:39 - 00000000 ____D C:\Users\phil\AppData\Local\{5BE4EEB7-7D1A-4D1B-B002-DADF6214E49F}
2013-04-12 12:44 - 2013-04-12 12:44 - 00000000 ____D C:\Users\phil\AppData\Local\{CFDAA77A-A012-4545-B960-9C4666D4BA4F}
2013-04-12 05:45 - 2013-04-23 19:24 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 23:30 - 2013-04-11 23:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-11 23:25 - 2013-04-11 23:24 - 00000000 ____D C:\Users\phil\AppData\Local\{1C425CCA-D696-4362-9CA0-ACC868E12296}
2013-04-11 23:21 - 2009-07-13 20:33 - 00409752 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 14:10 - 2012-04-24 05:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-11 14:08 - 2012-06-23 03:08 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-11 13:02 - 2013-04-11 12:51 - 00000000 ____D C:\Users\phil\Downloads\Hannibal.S01E01.HDTV.x264-LOL
2013-04-11 11:07 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files\Activision
2013-04-11 05:41 - 2013-04-11 05:40 - 00000000 ____D C:\Users\phil\AppData\Local\{6992B0FF-C3D9-4E02-8D28-0D4ECFF7DE86}
2013-04-11 02:35 - 2013-04-11 02:34 - 00000000 ____D C:\Steam
2013-04-08 15:10 - 2013-04-08 13:43 - 462653440 ____A C:\Users\phil\Downloads\Repair Peugeot 206-406 multilanguage.ISO
2013-04-08 14:20 - 2012-04-27 12:12 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-04-08 14:20 - 2012-04-27 12:12 - 00000000 ____D C:\Windows\System32\directx
2013-04-08 13:46 - 2013-04-08 13:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-08 13:46 - 2013-04-08 13:46 - 00000000 ____D C:\Program Files (x86)
2013-04-08 02:22 - 2013-04-08 02:22 - 00000000 ____D C:\Users\phil\AppData\Local\{B1F0E795-8AFA-40D1-9490-BEC5CAFB5FA0}
2013-04-07 01:17 - 2013-04-01 21:04 - 00000000 ____D C:\Users\phil\Downloads\Jonathan_Creek.2013_Special.The_Clue_Of_The_Savants_Thumb.HDTV_x264-FoV

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99

Other Malware:
===========
C:\Users\phil\AppData\Roaming\skype.dat
C:\Users\phil\AppData\Roaming\skype.ini
C:\Users\phil\Application Data\skype.dat
C:\Users\phil\Application Data\skype.ini
C:\Users\phil\Application Data\msconfig.dat
C:\Users\phil\Application Data\msconfig.ini

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4095.17 MB
Available physical RAM: 3597.67 MB
Total Pagefile: 4093.45 MB
Available Pagefile: 3606.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:881.08 GB) (Free:546.85 GB) NTFS
Drive g: () (Removable) (Total:3.72 GB) (Free:3.54 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 051DED20)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=05)

====================================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 61E416DF)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


Last Boot: 2013-05-04 00:18

==================== End Of Log ============================
  • 0

Advertisements

#2
satelite
Posted 07 May 2013 - 04:17 AM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Seem I have fixed the problem....

started PC with command prompt
started task manager
click start new task
chose malwarebyte from my HD and ran as Admin
it found 2 files :- skype.dat and skype.ini
deleted both and pc seems to be running fine

I ran malwarebyte from a usb stick before but it didnt clear the problem.
  • 0

#3
Crowbar
Posted 07 May 2013 - 06:29 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello satelite and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Nice job clearing the infection to get your computer up and running.

Let's see if you have some other issues lurking in there, so please do the following for me -
Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • OTL log with Extras.txt
  • Roguekiller log file

  • 0

#4
satelite
Posted 07 May 2013 - 10:59 AM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well.... Thank you very much for the offer.

Here are the logs you ask for.... I await with interest what you may find

OTL logfile created on: 07/05/2013 17:43:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phil\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 54.96% Memory free
6.50 Gb Paging File | 4.92 Gb Available in Paging File | 75.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 881.08 Gb Total Space | 546.47 Gb Free Space | 62.02% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 69.59 Mb Free Space | 69.59% Space Free | Partition Type: NTFS
Drive N: | 3.72 Gb Total Space | 3.66 Gb Free Space | 98.38% Space Free | Partition Type: NTFS

Computer Name: PHIL-PC | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/07 17:42:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phil\Downloads\OTL.exe
PRC - [2013/05/06 13:46:19 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/05/02 07:23:04 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/03/21 02:52:22 | 000,491,008 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2013/03/21 02:51:44 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2013/03/20 22:33:06 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/28 18:05:26 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010/05/18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2009/10/24 04:24:54 | 001,085,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/07/10 19:23:54 | 000,036,864 | R--- | M] (Realtek) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/07 11:10:27 | 000,128,512 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\_elementtree.pyd
MOD - [2013/05/07 11:10:26 | 000,557,056 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\pysqlite2._sqlite.pyd
MOD - [2013/05/07 11:10:26 | 000,320,512 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32com.shell.shell.pyd
MOD - [2013/05/07 11:10:26 | 000,098,816 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32api.pyd
MOD - [2013/05/07 11:10:26 | 000,044,032 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\_socket.pyd
MOD - [2013/05/07 11:10:26 | 000,026,624 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\_multiprocessing.pyd
MOD - [2013/05/07 11:10:26 | 000,022,528 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32ts.pyd
MOD - [2013/05/07 11:10:25 | 001,022,416 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\windows._cacheinvalidation.pyd
MOD - [2013/05/07 11:10:25 | 000,805,888 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._gdi_.pyd
MOD - [2013/05/07 11:10:25 | 000,087,040 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\_ctypes.pyd
MOD - [2013/05/07 11:10:25 | 000,070,656 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._html2.pyd
MOD - [2013/05/07 11:10:25 | 000,017,408 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32profile.pyd
MOD - [2013/05/07 11:10:25 | 000,011,264 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32crypt.pyd
MOD - [2013/05/07 11:10:24 | 001,175,040 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._core_.pyd
MOD - [2013/05/07 11:10:24 | 000,735,232 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._misc_.pyd
MOD - [2013/05/07 11:10:24 | 000,364,544 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\pythoncom27.dll
MOD - [2013/05/07 11:10:24 | 000,110,080 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\PyWinTypes27.dll
MOD - [2013/05/07 11:10:24 | 000,108,544 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32security.pyd
MOD - [2013/05/07 11:10:23 | 001,153,024 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\_ssl.pyd
MOD - [2013/05/07 11:10:23 | 000,811,008 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._windows_.pyd
MOD - [2013/05/07 11:10:23 | 000,711,680 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\_hashlib.pyd
MOD - [2013/05/07 11:10:23 | 000,122,368 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._wizard.pyd
MOD - [2013/05/07 11:10:23 | 000,119,808 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32file.pyd
MOD - [2013/05/07 11:10:23 | 000,035,840 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32process.pyd
MOD - [2013/05/07 11:10:23 | 000,025,600 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32pdh.pyd
MOD - [2013/05/07 11:10:22 | 001,062,400 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\wx._controls_.pyd
MOD - [2013/05/07 11:10:22 | 000,038,912 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32inet.pyd
MOD - [2013/05/07 11:10:21 | 000,686,080 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\unicodedata.pyd
MOD - [2013/05/07 11:10:21 | 000,127,488 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\pyexpat.pyd
MOD - [2013/05/07 11:10:21 | 000,018,432 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\win32event.pyd
MOD - [2013/05/07 11:10:21 | 000,010,240 | ---- | M] () -- C:\Users\phil\AppData\Local\Temp\_MEI29682\select.pyd
MOD - [2013/03/20 22:33:24 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2013/02/14 04:04:41 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1903b8df5ab9ea0392f9f066a7aa9163\WindowsFormsIntegration.ni.dll
MOD - [2013/02/14 04:04:13 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
MOD - [2013/02/14 04:04:12 | 012,076,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\468914a8abecf32f72d87a18c874b966\System.Web.ni.dll
MOD - [2013/02/14 04:01:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/10 04:08:34 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/10 04:08:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:08:05 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
MOD - [2013/01/10 04:03:38 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
MOD - [2013/01/10 04:03:29 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
MOD - [2013/01/10 04:03:27 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\35296661bd979735d6afd036a104bfd6\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 04:03:21 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/10 04:03:19 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
MOD - [2013/01/10 04:03:17 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/01/10 04:03:15 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/10 04:03:13 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/01/10 04:03:12 | 009,093,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/10 04:03:08 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2010/05/18 16:54:44 | 000,395,776 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll


========== Services (SafeList) ==========

SRV - [2013/05/06 13:46:19 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/04/29 09:48:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/12 08:30:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/21 02:51:44 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/03/20 22:33:06 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/26 22:49:22 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/16 05:37:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 19:23:54 | 000,036,864 | R--- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\takdxvxy.sys -- (takdxvxy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lcukglvf.sys -- (lcukglvf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fvzeqmgh.sys -- (fvzeqmgh)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\drviwvpe.sys -- (drviwvpe)
DRV - [2013/05/06 13:46:21 | 000,030,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/03/26 18:18:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/03/21 07:31:40 | 009,951,744 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2013/03/21 02:25:08 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/01/15 11:11:20 | 000,080,384 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/07/20 11:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/07/20 11:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012/04/09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/10/22 20:24:04 | 000,581,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2009/04/22 13:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/08 22:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...0A30002728F7EED
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...GB&dcc=GB&opt=0
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 59 FC C2 68 1A CD 01 [binary data]
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..browser.startup.homepage:


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/30 21:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 08:30:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/25 12:05:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 08:30:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/25 12:05:27 | 000,000,000 | ---D | M]

[2012/04/14 22:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phil\AppData\Roaming\Mozilla\Extensions
[2013/04/20 19:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\extensions
[2012/04/17 01:53:33 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/07/15 21:46:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/06/11 19:20:37 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\extensions\[email protected]
[2013/04/20 19:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\oxcgok53.default-1345317644389\extensions
[2013/04/16 20:21:19 | 000,001,294 | ---- | M] () -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\searchplugins\delta.xml
[2012/06/03 20:17:15 | 000,003,998 | ---- | M] () -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\searchplugins\sweetim.xml
[2013/04/12 08:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 08:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/04/12 08:30:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 20:43:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 21:13:58 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: wxDfast = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nieadbikoncnmffmennmjjljpghadhfg\1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/07 11:32:18 | 000,000,936 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AsioReg] C:\Windows\System32\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\System32\Ctxfireg.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\System32\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\System32\Ctxfireg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\System32\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-21-1602316494-3321344044-937699727-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1602316494-3321344044-937699727-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\phil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D40ABD2B-053D-487A-9545-314D9961A80A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 12:30:50 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{75EA606F-D19D-4E2C-BBD5-074C8653DFB8}
[2013/05/07 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/05/07 11:23:41 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/05/07 11:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/07 09:17:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/07 02:20:49 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013/05/06 14:29:37 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/05 20:44:37 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{C01C5778-D968-4C09-9E94-04A9ECF1B64F}
[2013/05/05 05:41:14 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{3188FEC8-AB2B-4128-B72A-DABB0B4345F8}
[2013/05/04 07:40:33 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{3AD5CBA8-5D1E-40A7-8547-E82A59EBB345}
[2013/05/03 16:49:46 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{8E67878A-3699-4527-97E7-17CFFF7EB7B6}
[2013/05/03 15:59:21 | 000,000,000 | --SD | C] -- C:\Users\phil\Google Drive
[2013/05/03 15:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/03 04:49:21 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{AE847638-BCE4-4703-8A81-902562C005A9}
[2013/05/02 07:43:21 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{BC45DA34-4224-4637-B509-CC9A85B62BFE}
[2013/05/01 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{24510FAF-9694-4D3B-8332-B744CDD4B456}
[2013/05/01 11:37:45 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{32D77A6B-CF7D-45F2-93DD-39107AC63882}
[2013/04/30 22:03:14 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{2F3CADEC-A349-4DF8-AEC6-8BAAF22DEAF9}
[2013/04/30 21:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/30 21:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/30 21:51:45 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\Google
[2013/04/30 08:41:25 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{3A47E486-60FC-4E27-BA29-27B84DAA5399}
[2013/04/29 20:17:19 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{1403A160-A0A7-43EF-AA68-3DF5FF92950B}
[2013/04/29 07:27:38 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{83823BEF-169A-4EA1-8D9C-B776C528938D}
[2013/04/29 05:19:05 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{91512B86-4833-4960-9EBF-F422A4EFB745}
[2013/04/28 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{E0C97CDF-B742-4BC4-A87B-C04E1C035113}
[2013/04/28 04:45:49 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{8B2BFC6E-22C4-41B6-9B3E-4272502E98EB}
[2013/04/27 09:00:04 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{695B9BAD-21E1-455D-AF07-E67611DE6882}
[2013/04/27 07:43:17 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{0B726866-6E1D-4A80-A685-C88CFBEC0654}
[2013/04/26 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{B9C09E02-8FF2-46C5-87EA-2F99BA17E182}
[2013/04/26 04:36:07 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{78861B6B-11CB-44DC-AE97-A2EB04AA3844}
[2013/04/25 08:26:23 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{8E364DB8-5246-461B-8210-3C2315FBF4EF}
[2013/04/24 12:27:09 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{7C1B67A8-4F9C-44A3-B015-B0936A440C95}
[2013/04/24 11:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013/04/24 11:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Dead Island Riptide
[2013/04/23 22:49:36 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{C20A9416-A32A-4CCB-9060-63320ECD251D}
[2013/04/23 09:08:10 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{298A7747-DD40-4F2D-BFD1-619CF06505B3}
[2013/04/22 12:14:34 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{7E508734-E4D6-4D06-ABE3-CC3C3A0C9063}
[2013/04/21 18:44:31 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{C9904E53-6ECF-460E-B1E3-6CFC6F28D25E}
[2013/04/21 04:36:39 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{FEA187EB-06C2-4020-9AAB-01AA1087E541}
[2013/04/20 19:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Croteam
[2013/04/20 07:45:22 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{77205320-5059-47BB-96A7-FC81FBBF161D}
[2013/04/19 07:43:52 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{22F0EF4E-D7A1-448A-8C95-6F0056149BE1}
[2013/04/19 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{5CDB2473-6EEC-4B88-9251-3CE5A359A6A8}
[2013/04/18 13:31:58 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{369A75F2-5A63-401D-945F-9D8277837A98}
[2013/04/17 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{F0299C5B-32D0-430A-AB63-4E1AAEDFBFA8}
[2013/04/17 05:33:51 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{D18A8B62-3610-4E78-980C-F8AC844C12ED}
[2013/04/16 20:22:15 | 000,000,000 | ---D | C] -- C:\Users\phil\Documents\Wood_R4_v1.56
[2013/04/16 20:22:00 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\Bundled software uninstaller
[2013/04/16 09:54:37 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{FC9CD902-4E06-4FE5-BF46-483EF106AAB6}
[2013/04/15 21:17:26 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{9B8375DC-696A-4C5D-B509-40B9DAC89D27}
[2013/04/15 08:57:15 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{3D586515-1F17-463F-A951-9DD140932EA4}
[2013/04/14 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{3604D6FD-B51D-4394-B2B1-7CA23474AD45}
[2013/04/13 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{0F854BB6-E4FF-47E6-AF62-231D944E35F1}
[2013/04/13 10:39:40 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{5BE4EEB7-7D1A-4D1B-B002-DADF6214E49F}
[2013/04/12 21:44:40 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{CFDAA77A-A012-4545-B960-9C4666D4BA4F}
[2013/04/12 08:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/12 08:24:58 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{1C425CCA-D696-4362-9CA0-ACC868E12296}
[2013/04/11 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{6992B0FF-C3D9-4E02-8D28-0D4ECFF7DE86}
[2013/04/11 11:34:42 | 000,000,000 | ---D | C] -- C:\Steam
[2013/04/08 23:04:38 | 000,000,000 | ---D | C] -- C:\Users\phil\Documents\sam
[2013/04/08 22:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2013/04/08 11:22:27 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\{B1F0E795-8AFA-40D1-9490-BEC5CAFB5FA0}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/07 17:26:53 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/07 17:26:53 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/07 17:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 17:02:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 16:02:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/07 11:23:42 | 000,002,240 | ---- | M] () -- C:\Users\phil\Desktop\SpyHunter.lnk
[2013/05/07 11:17:12 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 11:17:12 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 11:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/07 11:09:29 | 2616,594,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/06 22:06:53 | 000,000,004 | ---- | M] () -- C:\Users\phil\AppData\Roaming\skype.ini
[2013/05/06 13:46:21 | 000,030,464 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/06 13:46:19 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/05/05 23:27:35 | 263,906,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/03 15:59:25 | 000,002,225 | ---- | M] () -- C:\Users\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/03 15:59:22 | 000,001,691 | ---- | M] () -- C:\Users\phil\Desktop\Google Drive.lnk
[2013/04/30 21:52:52 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/24 11:21:43 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Dead Island Riptide.lnk
[2013/04/20 19:58:32 | 000,002,764 | ---- | M] () -- C:\Users\Public\Desktop\Serious Sam 3.lnk
[2013/04/19 13:00:51 | 000,001,171 | ---- | M] () -- C:\Users\phil\Desktop\Any Video Converter 5.lnk
[2013/04/16 23:27:41 | 000,004,005 | ---- | M] () -- C:\Users\phil\Desktop\DeSmuME.exe - Shortcut.lnk
[2013/04/12 08:21:56 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/07 11:23:42 | 000,002,240 | ---- | C] () -- C:\Users\phil\Desktop\SpyHunter.lnk
[2013/05/06 13:46:21 | 000,030,464 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/06 11:05:25 | 000,000,004 | ---- | C] () -- C:\Users\phil\AppData\Roaming\skype.ini
[2013/05/03 15:59:22 | 000,001,691 | ---- | C] () -- C:\Users\phil\Desktop\Google Drive.lnk
[2013/04/30 21:52:52 | 000,002,225 | ---- | C] () -- C:\Users\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/30 21:52:52 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/30 21:51:56 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 21:51:55 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/24 11:21:43 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Island Riptide.lnk
[2013/04/24 11:21:43 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Dead Island Riptide.lnk
[2013/04/20 19:58:32 | 000,002,764 | ---- | C] () -- C:\Users\Public\Desktop\Serious Sam 3.lnk
[2013/04/19 13:00:51 | 000,001,171 | ---- | C] () -- C:\Users\phil\Desktop\Any Video Converter 5.lnk
[2013/04/16 23:27:41 | 000,004,005 | ---- | C] () -- C:\Users\phil\Desktop\DeSmuME.exe - Shortcut.lnk
[2013/03/14 22:13:26 | 000,000,632 | RHS- | C] () -- C:\Users\phil\ntuser.pol
[2013/03/14 18:06:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/12/19 21:12:24 | 000,230,452 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012/12/19 17:42:08 | 000,665,329 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/12/15 01:35:14 | 000,073,984 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012/12/12 12:20:51 | 000,003,584 | ---- | C] () -- C:\Users\phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/11/23 10:25:48 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/11/23 10:25:46 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/11/22 16:14:26 | 000,230,064 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012/11/21 14:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/10/12 21:21:30 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2012/10/12 21:21:30 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2012/10/12 21:08:07 | 000,024,576 | ---- | C] () -- C:\Windows\VMPipe.dll
[2012/10/12 21:08:07 | 000,024,576 | ---- | C] () -- C:\Windows\RunSetup.dll
[2012/06/25 15:24:52 | 000,030,824 | ---- | C] () -- C:\Users\phil\AppData\Local\Temp20.html
[2012/06/25 15:24:04 | 000,001,955 | ---- | C] () -- C:\Users\phil\AppData\Local\Temp1.html
[2012/06/22 14:19:54 | 000,138,904 | ---- | C] () -- C:\Users\phil\AppData\Roaming\PnkBstrK.sys
[2012/06/11 23:49:04 | 000,000,071 | ---- | C] () -- C:\Users\phil\wxDownloadFast.ini
[2012/04/22 10:25:26 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/04/14 21:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/14 18:34:30 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/04/06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/04/06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/09/12 21:03:30 | 000,049,566 | ---- | C] () -- C:\Users\phil\AppData\Roaming\UpdateDrv.exe

========== ZeroAccess Check ==========

[2013/04/29 09:47:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\L
[2013/04/29 09:47:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\U
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/22 12:15:14 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\AnvSoft
[2012/04/22 10:30:48 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Apowersoft
[2012/11/05 22:48:51 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Audacity
[2012/04/22 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\avidemux
[2013/03/26 17:02:59 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Babylon
[2013/03/28 17:58:24 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\DAEMON Tools Lite
[2013/01/05 21:47:56 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\DVDVideoSoft
[2012/07/15 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/22 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Eltima Software
[2012/04/17 01:55:07 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Garmin
[2012/04/18 00:01:15 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\ImgBurn
[2012/12/31 04:42:30 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\ManyCam
[2012/08/30 21:24:28 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\mkvtoolnix
[2012/05/22 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Trine2
[2012/06/22 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Ubisoft
[2013/05/07 17:46:15 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\uTorrent
[2012/09/20 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\WinAVI
[2012/04/25 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 22:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 22:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 22:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 22:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010/11/20 22:29:11 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/11/20 22:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 22:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 22:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 22:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 22:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 22:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2010/11/20 22:29:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 22:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 22:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 22:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 22:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 22:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 22:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 22:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 22:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 22:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2010/09/16 14:11:07 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SERVICES.EXE
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010/11/21 01:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010/11/21 01:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2008/04/14 10:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SERVICES.MSC

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.PY >
[2012/08/30 20:15:00 | 000,006,704 | ---- | M] () MD5=0DEC7DB0E7E9F21FF6F499AD1EC8965F -- C:\Users\phil\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2012/08/30 20:15:00 | 000,031,686 | ---- | M] () MD5=6083D6EF5A4FB7E6D7352592B2710B9B -- C:\Users\phil\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py

< MD5 for: SERVICES.PYC >
[2012/08/30 20:15:28 | 000,030,240 | ---- | M] () MD5=2EA7AD60F79FA7B0AF7CB310F74EE1DB -- C:\Users\phil\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.pyc
[2012/08/30 20:15:28 | 000,006,441 | ---- | M] () MD5=72BC49031B6A9905DC164647B990F070 -- C:\Users\phil\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.pyc

< MD5 for: SERVICES.SBS >
[2010/04/19 17:25:26 | 000,033,457 | ---- | M] () MD5=3171D886B2782CE1B51E0210BCD4E50C -- C:\UBCD4Win\BartPE\PROGRAMS\spybot\Includes\Services.sbs
[2010/04/19 17:25:26 | 000,033,457 | ---- | M] () MD5=3171D886B2782CE1B51E0210BCD4E50C -- C:\UBCD4Win\plugin\AntiSpyware\Spybot\files\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2008/04/14 10:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2008/04/14 10:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE

< MD5 for: WINSOCK.DLL >
[2008/04/14 10:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< End of report >



OTL Extras logfile created on: 07/05/2013 17:43:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phil\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 54.96% Memory free
6.50 Gb Paging File | 4.92 Gb Available in Paging File | 75.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 881.08 Gb Total Space | 546.47 Gb Free Space | 62.02% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 69.59 Mb Free Space | 69.59% Space Free | Partition Type: NTFS
Drive N: | 3.72 Gb Total Space | 3.66 Gb Free Space | 98.38% Space Free | Partition Type: NTFS

Computer Name: PHIL-PC | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{08CF03F9-0CDA-4E0C-BD04-362D9549FAD7}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{A55AA8E8-8730-4B73-956E-5BF69B3E033B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCB110-08FE-EE9E-8106-BF41B7F24EAA}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E25318E-5871-9CDF-174A-D37809EC74BA}" = AMD Media Foundation Decoders
"{0E5A1A36-48B1-1F06-288C-E10B72B5E6AD}" = CCC Help French
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{152399F8-5E31-2736-0CFF-5650C517B28B}" = AMD Accelerated Video Transcoding
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18B94876-310B-AF53-F881-7464E7E3E200}" = CCC Help Czech
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A3ED943-EE4C-F71F-293B-19DE57DA59F7}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F42232F-EC8D-E1D3-CAD1-1B402F109D4C}" = CCC Help Dutch
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{407B3E09-9CDC-38F6-A6CB-16DB4B6A96B0}" = CCC Help Swedish
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD8BBCC-9655-F955-B727-F2BC7463C365}" = AMD Fuel
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53C09642-6FC9-37BD-BEB5-70D04B1C94A9}" = AMD VISION Engine Control Center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57BDAFA7-14F8-BE66-062A-B239B0B4CC14}" = CCC Help Italian
"{593C189C-E257-5065-7190-D4AC5D35E743}" = CCC Help Turkish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64FB743D-7B5A-9408-0CF5-09FBABE5C2E5}" = CCC Help Thai
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7889B25D-701C-8EB5-50BA-A14BBB9B3BE5}" = CCC Help Norwegian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84042D38-8170-AB81-C179-C5D779A04899}" = CCC Help Portuguese
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADB9927-E5C4-CDF6-6730-96A09D4E2C89}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{944B1085-FC85-AB0D-B614-D50F7FCC3241}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD6518A-539D-8E0D-2C72-E51A62978096}" = AMD Drag and Drop Transcoding
"{9AD71978-3576-C6E9-8C1D-7EDCF065A8BD}" = CCC Help Korean
"{9BA60F32-581E-EAC1-3B77-71A48FDF66FF}" = CCC Help Japanese
"{9BB07036-9BB9-B632-0DD6-0877E33E0DB6}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB3655B1-D498-22B1-25DB-61293AE0552B}" = CCC Help Danish
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4A7BDC1-C00A-3A19-03BD-BD85E62F4EBA}" = CCC Help Greek
"{B955CEF3-545F-DBCA-2CD2-3EE448F140DF}" = CCC Help Polish
"{BC6D33FF-3304-F7FB-FE26-6253E262A0CF}" = AMD Catalyst Install Manager
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Eye 110
"{CE1598B5-B154-8280-6711-975F385A951B}" = CCC Help Finnish
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = Vimicro USB PC Camera (ZC0301PLH)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D29920C8-EA21-425A-B19F-0C4491A9CF14}" = Serious Sam 3: BFE
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D91570DC-2B63-1850-57D6-E7185C552718}" = CCC Help Chinese Standard
"{DCEBBFA8-E3AB-D0FF-83CD-50C294166FBE}" = CCC Help Russian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE069421-9FBF-BCF9-3EA5-938369610CFE}" = ccc-utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E809AF5A-DE37-0455-021A-8C4E769D5C18}" = Catalyst Control Center Graphics Previews Common
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7A502C1-0568-CC04-E811-6BA863B26CE9}" = CCC Help Spanish
"{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}" = Windows 7 USB/DVD Download Tool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE2EC31F-BDE7-322B-DDE7-F7792C22631B}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.4
"Any Video Converter_is1" = Any Video Converter 3.3.7
"ASIO4ALL" = ASIO4ALL
"Astroburn Lite" = Astroburn Lite
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"BioShock Infinite_is1" = BioShock Infinite
"Crazy Machines 2 with Happy New Year Add-On" = Crazy Machines 2 with Happy New Year Add-On
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deadlight_is1" = Deadlight
"DivX Setup" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Google Chrome" = Google Chrome
"HitmanPro37" = HitmanPro 3.7
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.5 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"ManyCam" = ManyCam 3.0.91 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NMMS11" = Nero 11 Mini Repack
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RGVhZCBJc2xhbmQgUmlwdGlkZSAoYykgRGVlcCBTaWx2ZXI=_is1" = Dead Island Riptide © Deep Silver version 1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WBFS Manager 3.0" = WBFS Manager 3.0
"WhoCrashed_is1" = WhoCrashed 3.05
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2013 06:25:17 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: googledrivesync.exe, version: 1.9.4536.8202,
time stamp: 0x509418e4 Faulting module name: windows._cacheinvalidation.pyd, version:
0.0.0.0, time stamp: 0x516dd948 Exception code: 0x80000003 Fault offset: 0x00081e77
Faulting
process id: 0x224 Faulting application start time: 0x01ce4a43fd2a0668 Faulting application
path: C:\Program Files\Google\Drive\googledrivesync.exe Faulting module path: C:\Users\phil\AppData\Local\Temp\_MEI58882\windows._cacheinvalidation.pyd
Report
Id: 3e63def0-b637-11e2-af46-90fba63645f0

Error - 06/05/2013 06:32:08 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2013 06:37:01 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2013 09:18:41 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hmpsched.exe, version: 3.7.0.5, time stamp:
0x515c3f6a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x4e4 Faulting application
start time: 0x01ce4a5c2d215322 Faulting application path: C:\Program Files\HitmanPro\hmpsched.exe
Faulting
module path: unknown Report Id: 7820f1e8-b64f-11e2-9c4f-90fba63645f0

Error - 06/05/2013 10:54:31 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hmpsched.exe, version: 3.7.0.5, time stamp:
0x515c3f6a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x4ec Faulting application
start time: 0x01ce4a6990252e8c Faulting application path: C:\Program Files\HitmanPro\hmpsched.exe
Faulting
module path: unknown Report Id: db6c369a-b65c-11e2-9cb4-90fba63645f0

Error - 06/05/2013 17:05:45 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hmpsched.exe, version: 3.7.0.5, time stamp:
0x515c3f6a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x4e0 Faulting application
start time: 0x01ce4a9d6b3486de Faulting application path: C:\Program Files\HitmanPro\hmpsched.exe
Faulting
module path: unknown Report Id: b751cac5-b690-11e2-86eb-90fba63645f0

Error - 07/05/2013 06:20:33 | Computer Name = phil-PC | Source = System Restore | ID = 8193
Description =

Error - 07/05/2013 06:23:33 | Computer Name = phil-PC | Source = System Restore | ID = 8193
Description =

Error - 07/05/2013 06:23:40 | Computer Name = phil-PC | Source = System Restore | ID = 8193
Description =

Error - 07/05/2013 07:59:49 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
stamp: 0x51650aee Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
0x51650a09 Exception code: 0xc0000005 Fault offset: 0x000b10e8 Faulting process id:
0x15fc Faulting application start time: 0x01ce4b18ffdba5f0 Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: 9d8bf2d9-b70d-11e2-9a8a-90fba63645f0

Error - 07/05/2013 10:26:55 | Computer Name = phil-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 07/05/2013 06:07:55 | Computer Name = phil-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.149.1271.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 07/05/2013 06:11:37 | Computer Name = phil-PC | Source = PNRPSvc | ID = 102
Description =

Error - 07/05/2013 06:11:37 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 07/05/2013 06:11:37 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 07/05/2013 06:11:48 | Computer Name = phil-PC | Source = PNRPSvc | ID = 102
Description =

Error - 07/05/2013 06:11:48 | Computer Name = phil-PC | Source = PNRPSvc | ID = 102
Description =

Error - 07/05/2013 06:11:48 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 07/05/2013 06:11:48 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 07/05/2013 06:11:48 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 07/05/2013 06:11:48 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Scan -- Date : 05/07/2013 17:53:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\phil\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe" [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8307313D -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xABF1D700)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] b9bbb4ecf0af291acd893098a7063018
[BSP] 5660a2562dad56521c186737456f73af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 902229 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1847971840 | Size: 51539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05072013_02d1753.txt >>
RKreport[1]_S_05072013_02d1753.txt
  • 0

#5
Crowbar
Posted 07 May 2013 - 03:31 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
As I thought - you have the very popular zero access rootkit on your computer so I must include my backdoor warning below, also
I see you have hitman pro installed. Can I please try to talk you out of using that program? I've seen it turn many a computer into a brick, it's plain old rubbish, and I would dump it ASAP.
I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • uTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files and allowing others to have direct access to your computer, and that is why we recommend
that you remove these programs from your computer.
Please visit the following site:
P2P File Sharing: Evaluate the Risks
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.
Your Java is outdated, but we can deal with that a little later

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...0A30002728F7EED
    IE - HKU\S-1-5-21-1602316494-3321344044-937699727-1000\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
    [2013/04/16 20:21:19 | 000,001,294 | ---- | M] () -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\searchplugins\delta.xml
    [2012/06/03 20:17:15 | 000,003,998 | ---- | M] () -- C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\searchplugins\sweetim.xml
    [2013/04/12 08:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2013/04/29 09:47:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\L
    [2013/04/29 09:47:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\U
    [2013/03/26 17:02:59 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Babylon
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Step 4
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Step 5
Please start Chrome and click on the Chrome Menu
Click on Tools
Select Extensions
Click on the trash can next to the extension named WxDfast
Confirm by clicking Remove


In your next reply I would like to see:
  • OTL fix log
  • All of the new RogueKiller log files
  • Combofix log
  • log file from SecurityCheck - checkup.txt
  • How is the computer running?

  • 0

#6
satelite
Posted 08 May 2013 - 02:42 AM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok here goes, Think everything went to plan :-

Uninstalled malwarebyte and hitmanpro
I now have spyhunter running for protection, is that OK to use ???
Would like to keep utorrent, I only download from a members only site and ensure other members have downloaded and are happy with files.



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-1602316494-3321344044-937699727-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1602316494-3321344044-937699727-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\ not found.
C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\searchplugins\delta.xml moved successfully.
C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected] folder moved successfully.
C:\$Recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\L folder moved successfully.
C:\$Recycle.bin\S-1-5-18\$80931ae2677ead150aa4061bdde5dc99\U folder moved successfully.
C:\Users\phil\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: phil
->Temp folder emptied: 6746982252 bytes
->Temporary Internet Files folder emptied: 798223727 bytes
->Java cache emptied: 617963 bytes
->FireFox cache emptied: 875394068 bytes
->Google Chrome cache emptied: 219641613 bytes
->Flash cache emptied: 65821 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 131991 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136879152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1524679243 bytes

Total Files Cleaned = 9,827.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05082013_084134

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

========================================================================


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Scan -- Date : 05/08/2013 08:56:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\phil\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe" [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8305F13D -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xA2B67700)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] b9bbb4ecf0af291acd893098a7063018
[BSP] 5660a2562dad56521c186737456f73af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 902229 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1847971840 | Size: 51539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TDK USB Device +++++
--- User ---
[MBR] fa69ecd69b20867523caa020004a97cc
[BSP] e2f605fd2418d22069e564ec48b2ec13 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 3812 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_S_05082013_02d0856.txt >>
RKreport[1]_S_05072013_02d1753.txt ; RKreport[2]_S_05082013_02d0856.txt



============================================================================




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Remove -- Date : 05/08/2013 08:58:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\phil\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe" [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1602316494-3321344044-937699727-1000\$80931ae2677ead150aa4061bdde5dc99\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8305F13D -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xA2B67700)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] b9bbb4ecf0af291acd893098a7063018
[BSP] 5660a2562dad56521c186737456f73af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 902229 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1847971840 | Size: 51539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TDK USB Device +++++
--- User ---
[MBR] fa69ecd69b20867523caa020004a97cc
[BSP] e2f605fd2418d22069e564ec48b2ec13 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 3812 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_D_05082013_02d0858.txt >>
RKreport[1]_S_05072013_02d1753.txt ; RKreport[2]_S_05082013_02d0856.txt ; RKreport[3]_D_05082013_02d0858.txt



==========================================================================================




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Remove -- Date : 05/08/2013 08:59:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8305F13D -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xA2B67700)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] b9bbb4ecf0af291acd893098a7063018
[BSP] 5660a2562dad56521c186737456f73af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 902229 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1847971840 | Size: 51539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TDK USB Device +++++
--- User ---
[MBR] fa69ecd69b20867523caa020004a97cc
[BSP] e2f605fd2418d22069e564ec48b2ec13 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 3812 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_D_05082013_02d0859.txt >>
RKreport[1]_S_05072013_02d1753.txt ; RKreport[2]_S_05082013_02d0856.txt ; RKreport[3]_D_05082013_02d0858.txt ; RKreport[4]_D_05082013_02d0859.txt



====================================================================================



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Remove -- Date : 05/08/2013 09:00:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8305F13D -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xA2B67700)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] b9bbb4ecf0af291acd893098a7063018
[BSP] 5660a2562dad56521c186737456f73af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 902229 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1847971840 | Size: 51539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TDK USB Device +++++
--- User ---
[MBR] fa69ecd69b20867523caa020004a97cc
[BSP] e2f605fd2418d22069e564ec48b2ec13 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 3812 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[5]_D_05082013_02d0900.txt >>
RKreport[1]_S_05072013_02d1753.txt ; RKreport[2]_S_05082013_02d0856.txt ; RKreport[3]_D_05082013_02d0858.txt ; RKreport[4]_D_05082013_02d0859.txt ; RKreport[5]_D_05082013_02d0900.txt



===========================================================================================



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Shortcuts HJfix -- Date : 05/08/2013 09:02:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 3 / Fail 0
User folder: Success 165 / Fail 0
My documents: Success 2 / Fail 2
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 6 / Fail 0
My videos: Success 6 / Fail 0
Local drives: Success 108 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[F:] \Device\CdRom2 -- 0x5 --> Skipped
[G:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[K:] \Device\HarddiskVolume8 -- 0x2 --> Restored
[N:] \Device\HarddiskVolume4 -- 0x2 --> Restored

Finished : << RKreport[6]_SC_05082013_02d0902.txt >>
RKreport[1]_S_05072013_02d1753.txt ; RKreport[2]_S_05082013_02d0856.txt ; RKreport[3]_D_05082013_02d0858.txt ; RKreport[4]_D_05082013_02d0859.txt ; RKreport[5]_D_05082013_02d0900.txt ;
RKreport[6]_SC_05082013_02d0902.txt



============================================================================================


ComboFix 13-05-08.02 - phil 08/05/2013 9:06.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.2060 [GMT 1:00]
Running from: c:\users\phil\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\1964.lnk
c:\programdata\wxDfast
c:\programdata\wxDfast\background.html
c:\programdata\wxDfast\bhoclass.dll
c:\programdata\wxDfast\content.js
c:\programdata\wxDfast\nieadbikoncnmffmennmjjljpghadhfg.crx
c:\programdata\wxDfast\settings.ini
c:\users\phil\AppData\Local\Temp\_MEI35682\_ctypes.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\_elementtree.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\_hashlib.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\_multiprocessing.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\_socket.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\_ssl.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\pyexpat.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\pysqlite2._sqlite.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\python27.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\pythoncom27.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\PyWinTypes27.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\select.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\unicodedata.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32api.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32com.shell.shell.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32crypt.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32event.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32file.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32inet.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32pdh.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32process.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32profile.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32security.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\win32ts.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\windows._cacheinvalidation.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._controls_.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._core_.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._gdi_.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._html2.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._misc_.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._windows_.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wx._wizard.pyd
c:\users\phil\AppData\Local\Temp\_MEI35682\wxbase294u_net_vc90.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\wxbase294u_vc90.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\wxmsw294u_adv_vc90.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\wxmsw294u_core_vc90.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\wxmsw294u_html_vc90.dll
c:\users\phil\AppData\Local\Temp\_MEI35682\wxmsw294u_webview_vc90.dll
c:\users\phil\AppData\Roaming\skype.ini
c:\users\phil\AppData\Roaming\UpdateDrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))
.
.
2013-05-08 08:12 . 2013-05-08 08:13 -------- d-----w- c:\users\phil\AppData\Local\temp
2013-05-08 07:52 . 2013-05-08 07:52 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD5A5E93-5AF6-4D23-952C-4BD2EA675001}\MpKsla0276628.sys
2013-05-08 07:41 . 2013-05-08 07:41 -------- d-----w- C:\_OTL
2013-05-07 10:23 . 2013-05-07 10:23 110080 ----a-r- c:\users\phil\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2013-05-07 10:23 . 2013-05-07 10:23 110080 ----a-r- c:\users\phil\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2013-05-07 10:23 . 2013-05-07 10:23 -------- d-----w- C:\sh4ldr
2013-05-07 10:23 . 2013-05-07 10:23 -------- d-----w- c:\program files\Enigma Software Group
2013-05-07 10:21 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD5A5E93-5AF6-4D23-952C-4BD2EA675001}\mpengine.dll
2013-05-07 01:20 . 2013-05-07 01:20 -------- d-----w- c:\windows\Microsoft Antimalware
2013-05-06 13:29 . 2013-05-06 13:29 -------- d-----w- C:\FRST
2013-05-06 12:46 . 2013-05-06 12:46 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-05-05 15:14 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 14:59 . 2013-05-08 07:45 -------- d-s---w- c:\users\phil\Google Drive
2013-04-30 20:51 . 2013-05-03 14:57 -------- d-----w- c:\program files\Google
2013-04-30 20:51 . 2013-05-03 14:58 -------- d-----w- c:\users\phil\AppData\Local\Google
2013-04-24 10:26 . 2013-04-24 10:26 -------- d-----w- c:\programdata\RELOADED
2013-04-24 10:19 . 2013-04-24 11:50 -------- d-----w- c:\program files\Dead Island Riptide
2013-04-24 03:24 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:02 . 2013-04-23 17:02 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E60627B-BAD8-4065-987A-08744F81C563}\gapaengine.dll
2013-04-20 18:56 . 2013-04-20 18:56 -------- d-----w- c:\program files\Croteam
2013-04-16 19:22 . 2013-04-25 07:24 -------- d-----w- c:\users\phil\AppData\Local\Bundled software uninstaller
2013-04-11 10:34 . 2013-04-11 10:35 -------- d-----w- C:\Steam
2013-04-11 09:56 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 09:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 09:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 09:56 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 09:56 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-11 09:56 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 09:56 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-11 09:56 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-08 21:46 . 2013-04-08 21:46 -------- d-----w- C:\Program Files (x86)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:28 . 2012-04-14 18:32 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 14:56 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-29 08:48 . 2012-04-23 13:46 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-29 08:48 . 2012-04-23 11:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-26 17:18 . 2013-03-26 17:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 06:42 . 2013-03-21 06:42 71704 ----a-w- c:\windows\system32\atimpc32.dll
2013-03-21 06:42 . 2013-03-21 06:42 71704 ----a-w- c:\windows\system32\amdpcom32.dll
2013-03-21 06:42 . 2010-08-26 01:20 118584 ----a-w- c:\windows\system32\atiuxpag.dll
2013-03-21 06:42 . 2013-03-21 06:42 92304 ----a-w- c:\windows\system32\atiu9pag.dll
2013-03-21 06:42 . 2010-08-26 02:01 968864 ----a-w- c:\windows\system32\aticfx32.dll
2013-03-21 06:41 . 2010-08-26 01:52 7233336 ----a-w- c:\windows\system32\atidxx32.dll
2013-03-21 06:41 . 2013-03-21 06:41 4474984 ----a-w- c:\windows\system32\atiumdva.dll
2013-03-21 06:41 . 2013-03-21 06:41 5940656 ----a-w- c:\windows\system32\atiumdag.dll
2013-03-21 06:31 . 2013-03-21 06:31 9951744 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-21 02:16 . 2013-03-21 02:16 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-21 02:14 . 2013-03-14 20:47 77824 ----a-w- c:\windows\system32\coinst_12.10.17.dll
2013-03-21 02:14 . 2013-03-21 02:14 46080 ----a-w- c:\windows\system32\aticalrt.dll
2013-03-21 02:14 . 2013-03-21 02:14 44032 ----a-w- c:\windows\system32\aticalcl.dll
2013-03-21 02:09 . 2013-03-21 02:09 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2013-03-21 02:05 . 2013-03-21 02:05 19755008 ----a-w- c:\windows\system32\atioglxx.dll
2013-03-21 01:52 . 2013-03-21 01:52 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-21 01:52 . 2013-03-21 01:52 491008 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-21 01:51 . 2013-03-21 01:51 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-21 01:50 . 2013-03-21 01:50 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2013-03-21 01:50 . 2013-03-21 01:50 25088 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-21 01:50 . 2013-03-21 01:50 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-03-21 01:26 . 2013-03-21 01:26 425984 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-21 01:26 . 2013-03-21 01:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-21 01:26 . 2013-03-21 01:26 34816 ----a-w- c:\windows\system32\atigktxx.dll
2013-03-21 01:25 . 2013-03-21 01:25 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-21 01:23 . 2013-03-21 01:23 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-14 17:06 . 2013-03-14 17:06 180224 ----a-w- c:\windows\system32\clinfo.exe
2013-03-14 17:05 . 2013-03-14 17:05 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2013-03-14 17:05 . 2013-03-14 17:05 56320 ----a-w- c:\windows\system32\OVDecode.dll
2013-03-14 17:03 . 2013-03-14 17:03 23810048 ----a-w- c:\windows\system32\amdocl.dll
2013-03-14 17:01 . 2013-03-14 17:01 50176 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-14 16:55 . 2013-03-14 16:55 4083200 ----a-w- c:\windows\system32\amdsc.dll
2013-03-09 19:51 . 2013-03-09 19:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 19:51 . 2012-06-23 11:34 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 19:51 . 2012-04-22 18:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 03:32 . 2013-03-22 04:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 07:30 . 2013-04-12 07:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [2007-04-09 79872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-21 642656]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
"CtxfiReg"="CTXFIREG.exe" [2007-04-09 43520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 19:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 11:32 19456 ----a-w- c:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 11:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 18:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-13 07:30 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
R1 drviwvpe;drviwvpe;c:\windows\system32\drivers\drviwvpe.sys [x]
R1 fvzeqmgh;fvzeqmgh;c:\windows\system32\drivers\fvzeqmgh.sys [x]
R1 lcukglvf;lcukglvf;c:\windows\system32\drivers\lcukglvf.sys [x]
R1 takdxvxy;takdxvxy;c:\windows\system32\drivers\takdxvxy.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [x]
R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 MpKsla0276628;MpKsla0276628;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD5A5E93-5AF6-4D23-952C-4BD2EA675001}\MpKsla0276628.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-30 20:52 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 08:48]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 20:51]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 20:51]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\phil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\oxcgok53.default-1345317644389\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 30a3c3300000000000000002728f7eed
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15811
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:21
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1602316494-3321344044-937699727-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1602316494-3321344044-937699727-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-08 09:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-08 08:16
.
Pre-Run: 589,260,607,488 bytes free
Post-Run: 589,177,090,048 bytes free
.
- - End Of File - - EA17DA86304125471138683A33A5A3AE


=================================================================================


Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
JavaFX 2.1.1
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.6.602.180
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



================================================================================
  • 0

#7
Crowbar
Posted 08 May 2013 - 07:19 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi,
Malwarebytes is a good one to keep, just wanted to make sure it did not interfere with the OTL fix I had you run.
Glad you see you dump hitman, it's really that bad. I am not familiar with spyhunter, but I don't think it will hurt to keep it.
UTorrent can get you into all kinds of trouble, so please be careful with it. Send any files downloaded to a service like virustotal.com before clicking on them.
Did you ever re-enable your anti virus after running combofix? Please do so now if you did not.
Did you remove that extension from Chrome?
I feel we are almost done, I want to see the results of these steps, and if good, move on to the cleanup phase.
Step 1
Speaking of virustotal.com, I would you submit a few files there now, as I can't tell exactly what program they belong to.
Please go to VirusTotal and upload the following file for scanning.
  • Click Choose File
  • Copy and paste the contents of the following code box into the text box next to File name: then click Open
  • c:\windows\system32\drivers\drviwvpe.sys
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.
Please do the same for these files as well:
  • c:\windows\system32\drivers\fvzeqmgh.sys
  • c:\windows\system32\drivers\lcukglvf.sys
  • c:\windows\system32\drivers\takdxvxy.sys
There should be one URL for each file when you are done.

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

In your next reply I would like to see:
  • 4 URLs from the 4 files submitted to virus total
  • Adwcleaner log file
  • Tell me how the computer is running now, and answers to my questions please

  • 0

#8
satelite
Posted 08 May 2013 - 08:53 AM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Searched for all 4 files but none found !!!

PC seems to running a bit quicker, although didnt have a speed issue anyway

here is the report

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 15:47:48
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : phil - PHIL-PC
# Boot Mode : Normal
# Running from : C:\Users\phil\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\oxcgok53.default-1345317644389\searchplugins\delta.xml
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\GboxUpdater
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\phil\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\phil\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\phil\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\5868fdae73fef41
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SProtector
Key Deleted : HKLM\SOFTWARE\5868fdae73fef41
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\prefs.js

C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\gns0lie9.default\user.js ... Deleted !

Deleted : user_pref("extensions.4fd635f552d05.scode", "(function(){try{if('mystart.incredibar.com,premiumrepor[...]
Deleted : user_pref("extensions.funmoods_i.aflt", "axl");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.id", "30a3c3300000000000000002728f7eed");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15445");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=")[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1617:43:25");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,ezLooker,pagerage,buzzdock,top[...]
Deleted : user_pref("extentions.y2layers.installId", "72502da9-13ba-4f19-af6e-d3275ac8238d");
Deleted : user_pref("extentions.y2layers.lastDnsTest", 371875);

File : C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\oxcgok53.default-1345317644389\prefs.js

C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\oxcgok53.default-1345317644389\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mnt[...]
Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "30a3c3300000000000000002728f7eed");
Deleted : user_pref("extensions.delta.instlDay", "15811");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1620:21:19");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\phil\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8011 octets] - [08/05/2013 15:45:24]
AdwCleaner[R2].txt - [8071 octets] - [08/05/2013 15:47:41]
AdwCleaner[S1].txt - [8268 octets] - [08/05/2013 15:47:48]

########## EOF - C:\AdwCleaner[S1].txt - [8328 octets] ##########
  • 0

#9
Crowbar
Posted 08 May 2013 - 04:44 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts

Searched for all 4 files but none found !!!


Which do you mean, the files were not found on your computer, or not found on virustotal?
  • 0

#10
satelite
Posted 08 May 2013 - 04:58 PM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Not found on my computer
  • 0

Advertisements

#11
Crowbar
Posted 08 May 2013 - 07:15 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Ok, just a little to remove, then sweep for any remnants - thanks for hanging in there.
Step 1

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\takdxvxy.sys -- (takdxvxy)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lcukglvf.sys -- (lcukglvf)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fvzeqmgh.sys -- (fvzeqmgh)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\drviwvpe.sys -- (drviwvpe)
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.
Step 2


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • OTL fix log
  • Malwarebytes log
  • ESET online scan log - careful this one is easy to miss

  • 0

#12
satelite
Posted 09 May 2013 - 04:59 AM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK looks like everything went OK

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service takdxvxy stopped successfully!
Service takdxvxy deleted successfully!
File C:\Windows\system32\drivers\takdxvxy.sys not found.
Service lcukglvf stopped successfully!
Service lcukglvf deleted successfully!
File C:\Windows\system32\drivers\lcukglvf.sys not found.
Service fvzeqmgh stopped successfully!
Service fvzeqmgh deleted successfully!
File C:\Windows\system32\drivers\fvzeqmgh.sys not found.
Service drviwvpe stopped successfully!
Service drviwvpe deleted successfully!
File C:\Windows\system32\drivers\drviwvpe.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: phil
->Temp folder emptied: 41057121 bytes
->Temporary Internet Files folder emptied: 2135775 bytes
->Java cache emptied: 1792509 bytes
->FireFox cache emptied: 94035067 bytes
->Google Chrome cache emptied: 6770654 bytes
->Flash cache emptied: 1563 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15236 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 139.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05092013_084524

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


========================================================


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.07.03

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
phil :: PHIL-PC [administrator]

09/01/2013 06:49:00
mbam-log-2013-01-09 (06-49-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208750
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\ProgramData\wxDfast (PUP.wxDfast) -> No action taken.
C:\ProgramData\wxDfast\data (PUP.wxDfast) -> No action taken.
C:\Users\phil\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\phil\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.

Files Detected: 11
C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\Users\phil\Downloads\installer_driver_genius_eye_110.exe (PUP.BundleInstaller.DT) -> No action taken.
C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> No action taken.
C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> No action taken.
C:\ProgramData\wxDfast\nieadbikoncnmffmennmjjljpghadhfg.crx (PUP.wxDfast) -> No action taken.
C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> No action taken.
C:\ProgramData\GboxUpdater\updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\ProgramData\OptimizerPro\updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\phil\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\phil\Downloads\winavi video converter.exe (Adware.Solimba.Lame) -> Quarantined and deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.

(end)



==================================================


C:\Downloads\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Downloads\CorelDraw X4 [torrent by R0bY90] + Working Keygen\CorelDRAW Graphics Suite x4 Keygen\CorelDRAW Graphics Suite X4 Keygen.exe a variant of Win32/Keygen.AF application
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Croteam\Serious Sam 3 BFE\Steam\steamapps\common\Serious Sam 3\Bin\sam3dll.dll a variant of Win32/Packed.NoobyProtect.O application
C:\Program Files\Square Enix\Hitman Sniper Challenge\HMSC.exe Win32/Agent.NAN virus
C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\Qoobox\Quarantine\C\ProgramData\wxDfast\bhoclass.dll.vir Win32/Adware.MultiPlug.A application
C:\Qoobox\Quarantine\C\Users\phil\AppData\Roaming\UpdateDrv.exe.vir NSIS/TrojanDownloader.Agent.NLI trojan
C:\UBCD4Win\UBCD4WinBuilder.iso Win32/PrcView application
C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView application
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application
C:\Users\All Users\YouTube Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\Users\phil\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\phil\Documents\sam\Bin\sam3dll.dll a variant of Win32/Packed.NoobyProtect.O application
C:\Users\phil\Downloads\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\Users\phil\Downloads\Assassins.Creed.3.The.Tyranny.of.King.Washington.The.Infamy.DLC-RELOADED\rld-ac3dlc3.iso a variant of Win32/Packed.VMProtect.AAH trojan
C:\Users\phil\Downloads\FL Studio 10.0.9c Producer Edition [ChingLiu]\flstudio_10.0.9c.exe Win32/OpenCandy application
C:\Users\phil\Downloads\Windows 7 Ultimate (32 Bit)\Other Windows 7 Activation Tools\Windows 7 Loader eXtreme Edition 3.5.0.3.exe a variant of Win32/HackKMS.A application
  • 0

#13
Crowbar
Posted 09 May 2013 - 06:38 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,
I find it strange that some items were not removed using Malwarebytes.
No problem, I can do it manually -

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL

    :files
    C:\ProgramData\wxDfast
    C:\Users\phil\AppData\LocalLow\Funmoods
    C:\Users\phil\Downloads\installer_driver_genius_eye_110.exe
    C:\Downloads\Setup-SopCast-3.4.0-2011-6-9.exe
    C:\Downloads\CorelDraw X4 [torrent by R0bY90] + Working Keygen\CorelDRAW Graphics Suite x4 Keygen\CorelDRAW Graphics Suite X4 Keygen.exe
    C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll
    C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe
    C:\Program Files\Croteam\Serious Sam 3 BFE\Steam\steamapps\common\Serious Sam 3\Bin\sam3dll.dll
    C:\Program Files\Square Enix\Hitman Sniper Challenge\HMSC.exe
    C:\ProgramData\YouTube Downloader\ytd_installer.exe
    C:\UBCD4Win\UBCD4WinBuilder.iso
    C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe
    C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe
    C:\Users\All Users\YouTube Downloader\ytd_installer.exe
    C:\Users\phil\Documents\ApnStub.exe
    C:\Users\phil\Documents\sam\Bin\sam3dll.dll
    C:\Users\phil\Downloads\ManyCamSetup.exe
    C:\Users\phil\Downloads\Assassins.Creed.3.The.Tyranny.of.King.Washington.The.Infamy.DLC-RELOADED\rld-ac3dlc3.iso
    C:\Users\phil\Downloads\FL Studio 10.0.9c Producer Edition [ChingLiu]\flstudio_10.0.9c.exe
    C:\Users\phil\Downloads\Windows 7 Ultimate (32 Bit)\Other Windows 7 Activation Tools\Windows 7 Loader eXtreme Edition 3.5.0.3.exe
    :reg
    [-HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki]

    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Once you have run this OTL fix, I would say your logs are finally clear.
Having seen files like this on your machine:

Windows 7 Ultimate (32 Bit)\Other Windows 7 Activation Tools\Windows 7 Loader eXtreme Edition 3.5.0.3.exe

it's no wonder you were infected. Not only are cracks like this illegal, most are going to get you some nasty infection, and possibly let the bad guys directly into your bank account.

Having said that:
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Uninstall ComboFix

  • Press the Windows key and R on the keyboard, this opens the Run box
  • In the run box, please type Combofix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the instructions on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



SPRING CLEAN

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#14
satelite
Posted 10 May 2013 - 02:10 PM

satelite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Every thing seems to all OK,

Just one little thing, not really a big issue, When windows live opens is report failing to open RSS feeds, I don't have any feeds. I,ve delete feeds from the list but it still happens.

Thanks for all the help, I couldn't have fixed it without your help. Thanks again.

Phil
  • 0

#15
Crowbar
Posted 11 May 2013 - 03:42 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
You are very welcome!
As for the Windows Live issue, not sure if I can be of much help there. Try posting your issue in the Web Browsers and Email forum here
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP