Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Virus (claims child pornography) [Solved]


  • This topic is locked This topic is locked

#1
timmyc6336

timmyc6336

    Member

  • Member
  • PipPip
  • 22 posts
Hello,

I would like to begin by saying thank you. You guys have helped me fixed my parents computer in the past and really appreciate it. Unfortunately they have stumbled upon the "FBI Virus" I was using the computer today 5/30/13 and the screen began to go blank when I was using Internet Explorer, shortly after the screen locked on a fake message from the FBI. The screen had the FBI logo and claimed they found child pornography on the computer and that I had to pay a $450 fine. Of course I didn't. I shut the computer down and did a system restore to a few days ago. The computer began to work correctly but when I ran Malware Bytes, and attempted to restart the FBI page came back upon restart. I did a system restore again. I am currently on the infected computer. I noticed that right before the FBI page came up this morning I could only open IE, Mozilla and Google Chrome were prevented from opening, along with other programs. That is happening again so I believe the Virus is still here. I currently have OTL, MiniToolBox, ComboFix, SecurityCheck, Tweaking.com-Windows Repair, and Malwarebytes installed on the computer from last time. I patiently await your advice and help. What follows is the OTL scan log. Also, should I just delete IE after we fix this force my parents to use a safer browser in the future?



OTL logfile created on: 5/30/2013 4:23:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 61.92% Memory free
7.68 Gb Paging File | 6.00 Gb Available in Paging File | 78.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.64 Gb Total Space | 236.57 Gb Free Space | 82.24% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/17 12:31:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/10/16 15:53:46 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2009/10/16 13:06:39 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/30 23:31:40 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/10/16 15:53:46 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/10/16 13:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/05 05:51:30 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E92A9D8-B92B-4DEA-8673-E0F93DDBED90}
IE:64bit: - HKLM\..\SearchScopes\{0E92A9D8-B92B-4DEA-8673-E0F93DDBED90}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{C9BBA2AE-8CCE-47EF-B00C-EDF83616FAE6}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\..\SearchScopes,DefaultScope = {C9BBA2AE-8CCE-47EF-B00C-EDF83616FAE6}
IE - HKCU\..\SearchScopes\{C9BBA2AE-8CCE-47EF-B00C-EDF83616FAE6}: "URL" = http://www.google.co...1I7TSNA_enUS378
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\..\SearchScopes\{F5FA55D4-8AE7-43B3-9B28-A203A983B7F0}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2012.0213.2149
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/29 01:00:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/29 01:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/05/22 09:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions
[2013/05/30 16:53:25 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2013/05/14 22:50:03 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[1628/08/17 11:01:33 | 000,005,136 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions\[email protected]
[2011/10/02 12:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/30 13:57:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/30 01:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/30 13:57:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2013/04/21 19:01:37 | 000,000,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [PTP] C:\Users\Owner\AppData\Local\PTP\fnjuimmu.dll (Parallels)
O4 - HKCU..\Run: [VirtualStore] C:\Users\Owner\AppData\Local\Yahoo\VirtualStore\eozpr.dll (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: rjet.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatcherslogin.com ([www] https in Trusted sites)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://online.rjet....achecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Owner\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Owner\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Owner\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} C:\Users\Owner\AppData\Local\Temp\f5tmp\vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Owner\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Owner\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4D2E232-2484-4A25-89EF-33065004A193}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/30 15:33:34 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Users\Owner\opera.exe
[2013/05/22 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PTP
[2011/04/21 14:22:48 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Users\Owner\AppData\Roaming\skype.dat
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/30 16:11:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/30 16:11:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/30 16:10:59 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/30 16:10:59 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/30 16:10:59 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/05/30 16:05:26 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 16:05:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/30 16:05:03 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 15:33:42 | 000,161,280 | ---- | M] (HSN Software LLC) -- C:\Users\Owner\opera.exe
[2013/05/27 17:53:03 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 08:46:18 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/15 11:20:43 | 000,343,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/14 19:33:49 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/05/14 19:33:49 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/05/07 23:50:41 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/14 19:33:49 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/05/14 19:33:49 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/01/26 15:30:42 | 000,726,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/26 15:25:46 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-OWNER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/16 23:18:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/16 23:18:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/16 23:18:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/16 23:18:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/16 23:18:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/12/28 19:14:16 | 000,012,032 | -HS- | C] () -- C:\Users\Owner\AppData\Local\b6paykabaq456ddj
[2011/12/28 19:14:16 | 000,012,032 | -HS- | C] () -- C:\ProgramData\b6paykabaq456ddj
[2011/09/18 18:55:27 | 000,389,120 | ---- | C] () -- C:\windows\SysWow64\LXDUinst.dll
[2011/09/18 18:55:27 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxduinpa.dll
[2011/09/18 18:55:27 | 000,339,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxduiesc.dll
[2011/09/18 18:55:27 | 000,335,872 | ---- | C] () -- C:\windows\SysWow64\lxducomx.dll
[2011/09/18 18:55:26 | 000,651,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxdupmui.dll
[2011/09/18 18:55:25 | 001,069,056 | ---- | C] ( ) -- C:\windows\SysWow64\lxduserv.dll
[2011/09/18 18:55:25 | 000,860,160 | ---- | C] ( ) -- C:\windows\SysWow64\lxduusb1.dll
[2011/09/18 18:55:25 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxduhbn3.dll
[2011/09/18 18:55:25 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxdulmpm.dll
[2011/09/18 18:55:25 | 000,323,584 | ---- | C] ( ) -- C:\windows\SysWow64\lxduih.exe
[2011/09/18 18:55:24 | 000,761,856 | ---- | C] ( ) -- C:\windows\SysWow64\lxducomc.dll
[2011/09/18 18:55:24 | 000,589,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxducoms.exe
[2011/09/18 18:55:24 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lxducomm.dll
[2011/09/18 18:55:24 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxducfg.exe
[2011/09/18 18:50:25 | 001,036,288 | ---- | C] () -- C:\windows\SysWow64\lxdudrs.dll
[2011/09/18 18:50:25 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\lxducaps.dll
[2011/09/18 18:50:25 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\lxducnv4.dll
[2011/05/09 00:21:31 | 000,011,374 | -HS- | C] () -- C:\Users\Owner\AppData\Local\04573030yi177i63m056r15qr6
[2011/01/30 18:42:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\1VjM2R.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3308725556-3237180237-125601495-1000\$98b6b1bd2581720063b7b3bc2cc89f69\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/30 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2011/12/04 20:55:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2010/05/07 19:01:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2013/03/17 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/07/17 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\W Photo Studio Viewer
[2010/05/07 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >


Thank You all very much,
Tim
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello timmyc6336,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The 64bit version will be the right for your machine.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
timmyc6336

timmyc6336

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for your help, I really appreciate the work you guys do.

Here is a copy of the FRST TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-06-2013 02
Ran by Owner (administrator) on 04-06-2013 09:59:09
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Lexmark International, Inc.) C:\windows\system32\spool\DRIVERS\x64\3\lxduserv.exe
( ) C:\windows\system32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [165912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [387608 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [365592 2009-09-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2010-02-04] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [131752 2010-02-04] (Lexmark International Inc.)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-30] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [VirtualStore] rundll32 "C:\Users\Owner\AppData\Local\Yahoo\VirtualStore\eozpr.dll",DllRegisterServer [315904 2013-05-22] (Adobe Systems Incorporated) <===== ATTENTION
HKCU\...\Run: [PTP] Rundll32.exe C:\Users\Owner\AppData\Local\PTP\fnjuimmu.dll,jnxgafnhxizcmryzpdci [704000 2013-05-22] (Parallels) <===== ATTENTION
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3308725556-3237180237-125601495-1000\$98b6b1bd2581720063b7b3bc2cc89f69\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * SsiEfr.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32 SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...q={searchTerms}
SearchScopes: HKCU - {0E92A9D8-B92B-4DEA-8673-E0F93DDBED90} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...q={searchTerms}
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
PDF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://online.rjet....achecleaner.cab
PDF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Owner\AppData\Local\Temp\f5tmp\f5tunsrv.cab
PDF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Owner\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
PDF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Owner\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
PDF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} C:\Users\Owner\AppData\Local\Temp\f5tmp\vdeskctrl.cab
PDF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Owner\AppData\Local\Temp\f5tmp\urxshost.cab
PDF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Owner\AppData\Local\Temp\f5tmp\urxhost.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: F5 Networks Cache Cleaner Plugin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\Extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
FF Extension: F5 Networks Host Plugin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF Extension: gzhwgerlkl - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\Extensions\[email protected]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

==================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 lxduCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-11-05] (Realtek Semiconductor Corporation )
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-04 09:58 - 2013-06-04 09:58 - 01916714 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-04 09:58 - 2013-06-04 09:58 - 01916714 ____A (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2013-05-30 15:33 - 2013-05-30 15:33 - 00161280 ____A (HSN Software LLC) C:\Users\Owner\opera.exe
2013-05-22 09:13 - 2013-05-30 18:36 - 00000000 ____D C:\Users\Owner\AppData\Local\PTP
2013-05-20 19:03 - 2013-05-20 19:03 - 00001310 ____A C:\Users\Owner\Documents\JUNE.txt
2013-05-15 10:57 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 10:57 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 10:57 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 10:57 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 10:57 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 10:57 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 10:57 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 10:57 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 10:57 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 10:57 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 10:57 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 10:57 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 01:15 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 01:15 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 01:15 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 01:15 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 01:15 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 01:15 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 01:15 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 01:15 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 01:15 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 01:15 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 01:15 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 01:15 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 01:15 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 01:15 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 19:33 - 2013-05-14 19:33 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 19:33 - 2013-05-14 19:33 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-14 19:33 - 2013-05-14 19:33 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-14 19:33 - 2013-05-14 19:33 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-14 19:33 - 2013-05-14 19:33 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-14 19:33 - 2013-05-14 19:33 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-14 19:33 - 2013-05-14 19:33 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-14 19:33 - 2013-05-14 19:33 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-14 19:32 - 2013-05-14 19:32 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-14 19:29 - 2013-05-14 19:37 - 00007988 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-06-04 09:58 - 2013-06-04 09:58 - 01916714 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-04 09:58 - 2013-06-04 09:58 - 01916714 ____A (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2013-06-04 09:58 - 2013-01-14 13:55 - 00000000 ____D C:\FRST
2013-06-04 09:55 - 2011-10-25 00:03 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-04 06:27 - 2009-07-13 23:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-04 06:27 - 2009-07-13 23:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-04 06:24 - 2010-03-24 07:58 - 02020679 ____A C:\Windows\WindowsUpdate.log
2013-06-03 23:55 - 2011-10-25 00:03 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-31 21:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-30 19:03 - 2011-10-02 12:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-05-30 19:03 - 2010-05-20 13:00 - 00000000 ____D C:\Users\Owner\AppData\Local\Yahoo
2013-05-30 19:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-30 18:36 - 2013-05-22 09:13 - 00000000 ____D C:\Users\Owner\AppData\Local\PTP
2013-05-30 16:54 - 2011-12-20 21:37 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-30 16:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-30 16:53 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-30 16:28 - 2013-01-11 00:14 - 00071840 ____A C:\Users\Owner\Desktop\OTL.Txt
2013-05-30 16:10 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-30 16:07 - 2009-07-13 23:51 - 00041817 ____A C:\Windows\setupact.log
2013-05-30 16:05 - 2010-05-07 18:43 - 00000000 ____D C:\users\Owner
2013-05-30 16:05 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-30 15:33 - 2013-05-30 15:33 - 00161280 ____A (HSN Software LLC) C:\Users\Owner\opera.exe
2013-05-30 13:57 - 2011-10-02 12:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-30 13:57 - 2011-10-02 12:51 - 00000000 ____D C:\ProgramData\Skype
2013-05-30 13:56 - 2013-04-12 20:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-05-26 08:47 - 2011-09-18 18:57 - 00000000 ____D C:\ProgramData\Lx_cats
2013-05-26 08:46 - 2011-10-25 00:03 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-21 09:20 - 2013-04-17 14:58 - 00000000 ____D C:\Users\Owner\Desktop\Tim's Junk
2013-05-20 19:03 - 2013-05-20 19:03 - 00001310 ____A C:\Users\Owner\Documents\JUNE.txt
2013-05-15 20:28 - 2013-04-12 20:28 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-05-15 11:20 - 2009-07-13 23:45 - 00343552 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 19:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-14 19:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-14 19:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-14 19:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-14 19:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-14 19:37 - 2013-05-14 19:29 - 00007988 ____A C:\Windows\IE10_main.log
2013-05-14 19:33 - 2013-05-14 19:33 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 19:33 - 2013-05-14 19:33 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 19:33 - 2013-05-14 19:33 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-14 19:33 - 2013-05-14 19:33 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-14 19:33 - 2013-05-14 19:33 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-14 19:33 - 2013-05-14 19:33 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-14 19:33 - 2013-05-14 19:33 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-14 19:33 - 2013-05-14 19:33 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-14 19:33 - 2013-05-14 19:33 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-14 19:33 - 2013-05-14 19:33 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-14 19:33 - 2013-05-14 19:33 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-14 19:32 - 2013-05-14 19:32 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-14 19:32 - 2013-05-14 19:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 23:50 - 2010-12-10 00:37 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-07 23:50 - 2010-12-10 00:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3308725556-3237180237-125601495-1000\$98b6b1bd2581720063b7b3bc2cc89f69

Files to move or delete:
====================
C:\Users\Owner\opera.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\ProgramData\1VjM2R.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-31 21:43

==================== End Of Log ============================

The Addition TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-06-2013 02
Ran by Owner at 2013-06-04 10:00:03 Run:
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.3.0.29342)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader XI (Version: 11.0.00)
Belkin Setup and Router Monitor
Best Buy Software Installer (Version: 2.1.0.29)
Citrix Presentation Server Web Client for Win32
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dropbox (Version: 2.0.6)
Google Chrome (Version: 27.0.1453.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
Lexmark 5600-6600 Series
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Toolbar (Version: 4.0.53.0)
Lexmark Tools for Office (Version: 1.24.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 13.0 (x86 en-US) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
OPSWAT AntiVirus and Firewall Integration Libraries
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Roxio Burn (Version: 1.2)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.1 (Version: 6.1.129)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SweetIM for Messenger 3.1 (Version: 3.1.0004)
SweetIM Toolbar for Internet Explorer 3.9 (Version: 3.9.0004)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA Media Controller (Version: 1.0.65)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA Service Station (Version: 2.1.33)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.63.0.7C)
TOSHIBA Value Added Package (Version: 1.2.26.64)
ToshibaRegistration (Version: 1.0.3)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.6)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.50.27C)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points =========================

15-05-2013 15:56:59 Windows Update
16-05-2013 01:45:30 Windows Defender Checkpoint
17-05-2013 02:29:02 Windows Defender Checkpoint
20-05-2013 22:57:40 Windows Defender Checkpoint
20-05-2013 23:06:07 Windows Update
22-05-2013 03:30:30 Windows Defender Checkpoint
25-05-2013 17:45:19 Windows Defender Checkpoint
25-05-2013 17:53:43 Windows Update
26-05-2013 19:07:44 Windows Defender Checkpoint
27-05-2013 23:05:10 Windows Defender Checkpoint
28-05-2013 17:59:24 Windows Update
29-05-2013 20:56:12 Windows Defender Checkpoint
30-05-2013 19:00:53 Windows Update
30-05-2013 21:09:36 Windows Update
04-06-2013 11:23:07 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2013 11:54:14 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16576 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16d0

Start Time: 01ce5f4321bd6cc1

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/03/2013 11:48:57 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Low-Mic Utility Tool because of this error.

Program: Internet Low-Mic Utility Tool
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (06/03/2013 11:48:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: IELowutil.exe, version: 10.0.9200.16521, time stamp: 0x51207c70
Faulting module name: eozpr.dll, version: 7.0.0.355, time stamp: 0x4bad0053
Exception code: 0xc0000096
Fault offset: 0x000010a5
Faulting process id: 0x5bc
Faulting application start time: 0xIELowutil.exe0
Faulting application path: IELowutil.exe1
Faulting module path: IELowutil.exe2
Report Id: IELowutil.exe3

Error: (06/03/2013 11:48:27 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Problem Reporting because of this error.

Program: Windows Problem Reporting
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (06/03/2013 11:48:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2d9
Faulting module name: eozpr.dll, version: 7.0.0.355, time stamp: 0x4bad0053
Exception code: 0xc0000096
Fault offset: 0x000010a5
Faulting process id: 0xb30
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report Id: WerFault.exe3

Error: (06/03/2013 11:48:27 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Low-Mic Utility Tool because of this error.

Program: Internet Low-Mic Utility Tool
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (06/03/2013 11:48:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: IELowutil.exe, version: 10.0.9200.16521, time stamp: 0x51207c70
Faulting module name: eozpr.dll, version: 7.0.0.355, time stamp: 0x4bad0053
Exception code: 0xc0000096
Fault offset: 0x000010a5
Faulting process id: 0x1b0
Faulting application start time: 0xIELowutil.exe0
Faulting application path: IELowutil.exe1
Faulting module path: IELowutil.exe2
Report Id: IELowutil.exe3

Error: (06/01/2013 02:31:42 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Problem Reporting because of this error.

Program: Windows Problem Reporting
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (06/01/2013 02:31:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2d9
Faulting module name: eozpr.dll, version: 7.0.0.355, time stamp: 0x4bad0053
Exception code: 0xc0000096
Fault offset: 0x000010a5
Faulting process id: 0x170c
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report Id: WerFault.exe3

Error: (06/01/2013 02:31:42 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Office Word because of this error.

Program: Microsoft Office Word
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0


System errors:
=============
Error: (05/30/2013 01:46:49 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (05/30/2013 01:46:49 PM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/30/2013 01:46:49 PM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/30/2013 00:33:59 PM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (05/30/2013 10:43:21 AM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (05/27/2013 07:07:09 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer BC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4D2E232-2484-4A25-89EF-33065004A193}.
The master browser is stopping or an election is being forced.

Error: (05/26/2013 07:47:28 PM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (05/20/2013 10:13:32 PM) (Source: DCOM) (User: Owner-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Owner-PCOwnerS-1-5-21-3308725556-3237180237-125601495-1000LocalHost (Using LRPC)

Error: (05/20/2013 10:13:32 PM) (Source: DCOM) (User: Owner-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Owner-PCOwnerS-1-5-21-3308725556-3237180237-125601495-1000LocalHost (Using LRPC)

Error: (05/20/2013 10:11:05 PM) (Source: DCOM) (User: Owner-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Owner-PCOwnerS-1-5-21-3308725556-3237180237-125601495-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-01-17 10:39:58.512
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-17 10:39:58.418
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-17 10:39:58.309
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-17 10:39:58.184
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-16 22:26:42.687
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-16 22:26:42.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3932.88 MB
Available physical RAM: 2169.69 MB
Total Pagefile: 7863.95 MB
Available Pagefile: 6054.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:287.64 GB) (Free:236.95 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================


Once again thank you for helping me.
Tim
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello timmyc6336,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Finally in this post

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]So when you return please post
  • Fixlog.txt
  • JRT.txt
  • FSS.txt

  • 0

#5
timmyc6336

timmyc6336

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-06-2013 02
Ran by Owner at 2013-06-04 13:43:37 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\VirtualStore => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PTP => Value deleted successfully.
HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-3308725556-3237180237-125601495-1000\$98b6b1bd2581720063b7b3bc2cc89f69 => Moved successfully.

==== End of Fixlog ====




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Tue 06/04/2013 at 14:00:49.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\kt_bho_dll.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Program Files (x86)\savevalet"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"



~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\pa5xlc7w.default\extensions\[email protected] [Tracur]



~~~ Chrome

Dumping contents of C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aaaaafgbdjdadidadedggcdfdddagddg
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aaaaafgbdjdadidadedggcdfdddagddg\background.js
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aaaaafgbdjdadidadedggcdfdddagddg\ContentScript.js
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aaaaafgbdjdadidadedggcdfdddagddg\manifest.json

Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/04/2013 at 14:09:48.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





Farbar Service Scanner Version: 16-01-2013
Ran by Owner (administrator) on 04-06-2013 at 14:15:25
Running from "C:\Users\Owner\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-16 12:51] - [2013-01-03 01:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello timmyc6336,

Looks like good progress.

Now

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles
  • 0

#7
timmyc6336

timmyc6336

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 6/4/2013 3:03:00 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 61.03% Memory free
7.68 Gb Paging File | 6.30 Gb Available in Paging File | 82.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.64 Gb Total Space | 236.45 Gb Free Space | 82.20% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/17 12:31:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/10/16 15:53:46 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2009/10/16 13:06:39 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 15:53:46 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/10/16 13:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/05 05:51:30 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E92A9D8-B92B-4DEA-8673-E0F93DDBED90}
IE:64bit: - HKLM\..\SearchScopes\{0E92A9D8-B92B-4DEA-8673-E0F93DDBED90}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{C9BBA2AE-8CCE-47EF-B00C-EDF83616FAE6}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...23,19891,0,25,0
IE - HKCU\..\SearchScopes,DefaultScope = {C9BBA2AE-8CCE-47EF-B00C-EDF83616FAE6}
IE - HKCU\..\SearchScopes\{C9BBA2AE-8CCE-47EF-B00C-EDF83616FAE6}: "URL" = http://www.google.co...1I7TSNA_enUS378
IE - HKCU\..\SearchScopes\{F5FA55D4-8AE7-43B3-9B28-A203A983B7F0}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKCU\..\SearchScopes\{FAFFE466-0B74-4BC2-98D5-98DA69543397}: "URL" = http://search.yahoo....23,19890,0,25,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2012.0213.2149
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/29 01:00:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/29 01:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/06/04 14:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions
[2013/05/30 16:53:25 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2013/05/14 22:50:03 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pa5xlc7w.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2011/10/02 12:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/30 13:57:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/30 01:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/30 13:57:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2013/04/21 19:01:37 | 000,000,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll File not found
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll File not found
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: rjet.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatcherslogin.com ([www] https in Trusted sites)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://online.rjet....achecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Owner\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Owner\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Owner\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} C:\Users\Owner\AppData\Local\Temp\f5tmp\vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Owner\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Owner\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4D2E232-2484-4A25-89EF-33065004A193}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 14:00:47 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/04 13:59:12 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/06/04 13:49:13 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/04 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/06/04 13:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/06/04 13:47:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\getsav-in
[2013/06/04 13:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/06/04 13:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/06/04 09:58:41 | 001,916,714 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64 (1).exe
[2013/06/04 09:58:00 | 001,916,714 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/05/30 15:33:34 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Users\Owner\opera.exe
[2013/05/22 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PTP
[2013/05/15 10:57:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/05/15 10:57:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/05/15 10:57:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/05/15 10:57:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/05/15 10:57:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/05/15 10:57:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/05/15 10:57:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/05/15 10:57:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 10:57:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/05/15 10:57:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/05/15 10:57:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/05/15 10:57:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/05/15 10:57:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/05/15 10:57:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/05/15 10:57:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/05/15 01:15:27 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 01:15:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013/05/15 01:15:20 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/05/15 01:15:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/05/15 01:15:18 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/05/15 01:15:18 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/05/15 01:15:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013/05/14 19:33:49 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/05/14 19:33:49 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/05/14 19:33:49 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/05/14 19:33:49 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/05/14 19:33:49 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/14 19:33:49 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/05/14 19:33:49 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/05/14 19:33:49 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/05/14 19:33:49 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/05/14 19:33:49 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/05/14 19:33:49 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/05/14 19:33:49 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/05/14 19:33:49 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/05/14 19:33:49 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/05/14 19:33:49 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/05/14 19:33:49 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/05/14 19:33:49 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/05/14 19:33:49 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/05/14 19:33:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/05/14 19:33:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/05/14 19:33:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/05/14 19:33:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/05/14 19:33:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/05/14 19:33:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/05/14 19:33:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/05/14 19:33:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/05/14 19:33:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/05/14 19:33:49 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/05/14 19:33:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/05/14 19:33:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/05/14 19:33:49 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/05/14 19:33:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/05/14 19:33:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/05/14 19:33:49 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/05/14 19:33:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/05/14 19:33:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/05/14 19:33:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/05/14 19:33:49 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/05/14 19:33:49 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/05/14 19:33:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/05/14 19:33:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/05/14 19:33:49 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/05/14 19:33:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/05/14 19:33:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/05/14 19:33:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/05/14 19:33:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/05/14 19:33:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/05/14 19:33:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/05/14 19:33:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/05/14 19:33:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/05/14 19:33:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/05/14 19:33:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/05/14 19:33:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/05/14 19:32:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/05/14 19:32:39 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/05/14 19:32:39 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/05/14 19:32:39 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/05/14 19:32:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/05/14 19:32:39 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/05/14 19:32:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/05/14 19:32:39 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/05/14 19:32:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/05/14 19:32:39 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/05/14 19:32:39 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/05/14 19:32:39 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/05/14 19:32:39 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/05/14 19:32:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/05/14 19:32:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/05/14 19:32:39 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/05/14 19:32:39 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/05/14 19:32:39 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/05/14 19:32:39 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/05/14 19:32:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/05/14 19:32:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/05/14 19:32:39 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/05/14 19:32:39 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/05/14 19:32:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/14 19:32:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/14 19:32:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/14 19:32:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2011/04/21 14:22:48 | 000,161,280 | ---- | C] (HSN Software LLC) -- C:\Users\Owner\AppData\Roaming\skype.dat
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/04 14:52:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 13:59:19 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/06/04 13:36:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/04 09:58:47 | 001,916,714 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64 (1).exe
[2013/06/04 09:58:15 | 001,916,714 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/04 06:27:29 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 06:27:29 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 23:55:46 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 16:10:59 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/30 16:10:59 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/30 16:10:59 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/05/30 16:05:03 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 15:33:42 | 000,161,280 | ---- | M] (HSN Software LLC) -- C:\Users\Owner\opera.exe
[2013/05/26 08:46:18 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/15 11:20:43 | 000,343,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/14 19:33:49 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/05/14 19:33:49 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/05/14 19:33:49 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/05/14 19:33:49 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/05/14 19:33:49 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/14 19:33:49 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/05/14 19:33:49 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/05/14 19:33:49 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/05/14 19:33:49 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/05/14 19:33:49 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/05/14 19:33:49 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/05/14 19:33:49 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/05/14 19:33:49 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/05/14 19:33:49 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/05/14 19:33:49 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/05/14 19:33:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/05/14 19:33:49 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/05/14 19:33:49 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/05/14 19:33:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/05/14 19:33:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/05/14 19:33:49 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/05/14 19:33:49 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/05/14 19:33:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/05/14 19:33:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/05/14 19:33:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/05/14 19:33:49 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/05/14 19:33:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/05/14 19:33:49 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/05/14 19:33:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/05/14 19:33:49 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/05/14 19:33:49 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/05/14 19:33:49 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/05/14 19:33:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/05/14 19:33:49 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/05/14 19:33:49 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/05/14 19:33:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/05/14 19:33:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/05/14 19:33:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/05/14 19:33:49 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/05/14 19:33:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/05/14 19:33:49 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/05/14 19:33:49 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/05/14 19:33:49 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/05/14 19:33:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/05/14 19:33:49 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/05/14 19:33:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/05/14 19:33:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/05/14 19:33:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/05/14 19:33:49 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/05/14 19:33:49 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/05/14 19:33:49 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/05/14 19:33:49 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/05/14 19:33:49 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/05/14 19:33:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/05/14 19:33:49 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/05/14 19:32:39 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/05/14 19:32:39 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/05/14 19:32:39 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/05/14 19:32:39 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/05/14 19:32:39 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/05/14 19:32:39 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/05/14 19:32:39 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/05/14 19:32:39 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/05/14 19:32:39 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/05/14 19:32:39 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/05/14 19:32:39 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/05/14 19:32:39 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/05/14 19:32:39 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/05/14 19:32:39 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/05/14 19:32:39 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/05/14 19:32:39 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/05/14 19:32:39 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/05/14 19:32:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/05/14 19:32:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/05/14 19:32:39 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/05/14 19:32:39 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/05/14 19:32:39 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/05/14 19:32:39 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/05/14 19:32:39 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/14 19:32:39 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/14 19:32:39 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/14 19:32:39 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/14 19:32:39 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/07 23:50:41 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/14 19:33:49 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/05/14 19:33:49 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/01/26 15:30:42 | 000,726,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/26 15:25:46 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-OWNER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/16 23:18:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/16 23:18:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/16 23:18:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/16 23:18:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/16 23:18:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/12/28 19:14:16 | 000,012,032 | -HS- | C] () -- C:\Users\Owner\AppData\Local\b6paykabaq456ddj
[2011/12/28 19:14:16 | 000,012,032 | -HS- | C] () -- C:\ProgramData\b6paykabaq456ddj
[2011/09/18 18:55:27 | 000,389,120 | ---- | C] () -- C:\windows\SysWow64\LXDUinst.dll
[2011/09/18 18:55:27 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxduinpa.dll
[2011/09/18 18:55:27 | 000,339,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxduiesc.dll
[2011/09/18 18:55:27 | 000,335,872 | ---- | C] () -- C:\windows\SysWow64\lxducomx.dll
[2011/09/18 18:55:26 | 000,651,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxdupmui.dll
[2011/09/18 18:55:25 | 001,069,056 | ---- | C] ( ) -- C:\windows\SysWow64\lxduserv.dll
[2011/09/18 18:55:25 | 000,860,160 | ---- | C] ( ) -- C:\windows\SysWow64\lxduusb1.dll
[2011/09/18 18:55:25 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxduhbn3.dll
[2011/09/18 18:55:25 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxdulmpm.dll
[2011/09/18 18:55:25 | 000,323,584 | ---- | C] ( ) -- C:\windows\SysWow64\lxduih.exe
[2011/09/18 18:55:24 | 000,761,856 | ---- | C] ( ) -- C:\windows\SysWow64\lxducomc.dll
[2011/09/18 18:55:24 | 000,589,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxducoms.exe
[2011/09/18 18:55:24 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lxducomm.dll
[2011/09/18 18:55:24 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxducfg.exe
[2011/09/18 18:50:25 | 001,036,288 | ---- | C] () -- C:\windows\SysWow64\lxdudrs.dll
[2011/09/18 18:50:25 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\lxducaps.dll
[2011/09/18 18:50:25 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\lxducnv4.dll
[2011/05/09 00:21:31 | 000,011,374 | -HS- | C] () -- C:\Users\Owner\AppData\Local\04573030yi177i63m056r15qr6
[2011/01/30 18:42:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\1VjM2R.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again timmyc6336,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll File not found
    O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll File not found
    O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll File not found
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell how the machine is now.

  • 0

#9
timmyc6336

timmyc6336

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F12903-DE76-4DF7-BCDC-0A0689151189}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F12903-DE76-4DF7-BCDC-0A0689151189}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 89769732 bytes
->Temporary Internet Files folder emptied: 2861517146 bytes
->Java cache emptied: 2780885 bytes
->FireFox cache emptied: 59521626 bytes
->Google Chrome cache emptied: 15388510 bytes
->Flash cache emptied: 127640 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 495 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186628623 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 109656585 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36033184 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,206.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06042013_165516

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


That was everything from the log.txt, it seemed a little short so I copied the threats found:


C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application deleted - quarantined
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Users\Owner\opera.exe Win32/LockScreen.APR trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Yahoo\VirtualStore\eozpr.dll Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\skype.dat Win32/LockScreen.APR trojan cleaned by deleting - quarantined
C:\Users\Owner\Downloads\mozilla-firefox.exe a variant of Win32/InstallCore.X application cleaned by deleting - quarantined


I have left the Online scanner window open. I didn't know if I was supposed to click the "Delete quarantined files" option along with the "Uninstall application on close" option.

I'll leave it open until you tell me what to do

Tim
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hi Tim,

Click the delete option.

After that tell me how the machine is now. :)
  • 0

#11
timmyc6336

timmyc6336

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

It seems to be working well. I am able to open all programs, before it was preventing me from opening Mozilla, Skype and Google Chrome. Do you have any recommendations on preventing further problems. My parents will click on any auto-update or anything that looks real. Should I hide IE so they are forced to use Mozilla or Chrome? Thank you again for your help.

Thanks
Tim
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again Tim,

Should I hide IE so they are forced to use Mozilla or Chrome?


Well the latest browsers or the three big ones have some good protections built in but I guess if you are going to click on anything it won't matter which one you use. See below for some information.

I think IE would be best hidden in some way (integrated with the OS so unless I am not up to date on something I don't think it can easily be completely deleted). Other browsers that are not needed can just be uninstalled.

Personally I like Firefox which I think does a pretty good job but really I think it is "6 of one and a half dozen of the other" lol. Important thing is to keep them updated.

There are other browsers and there are things you can do like download NoScripts and Adblock Plus see below but I am not sure a person that's not a bit of a geek will get the most out of them.

Now

I think you are good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known and has some good malware protection built in.

Firefox may be downloaded from Here. I use Firefox because I like it and it has some good security built in.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Download NoSript by Giorgio Maone.

Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

Windows Updates



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
timmyc6336

timmyc6336

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much for all of your help. Do you recommend any anti Mal Ware programs?

Tim
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Do you recommend any anti Mal Ware programs?


For what it's worth here are my thoughts on anti-virus programs.

Most of the well known anti-virus products are good. Some perform better in some aspects than others but if you were to look at the overall picture they are mostly good.

Sometimes one will be on top of the pops one month and another on another month. Of course there are some rogue programs out there too that you must steer clear of because they bring infection with them.

Some of the free ones are good but you do not get the full service. The sound "pay for products" out there have packages which include anti-spyware, firewalls and adware blocking so you get the whole lot in one go.

This link will take you to an independant site showing comparatives for Anti-virus products. Look at comparatives with caution because one month a program may do well and in another not so well.

http://www.av-comparatives.org/

All of the ones shown there are good products. Sometimes it comes down to your personal taste. In other words you like a particular product because to you it is user friendly or looks good.

Ones I personally like at the moment are Avast, Avira, ESET and Kaspersky but that is only a personal preference and my preferences do change as products undergo improvement.

Of the free ones, I recommend Avast, Avira and MSE. All are good.

If you are looking at free products Avast or Avira I would look at combining the anti-virus, with a free firewall and also look at and anti-spyware product (say the free versions Malwarebytes or SuperAntiSpyware) and update and run it once a week.

Note: Currently SuperAntiSpyware will install Google Chrome Browser at installation. It will do this even if you use Custom Install and uncheck Chrome (which in my opion is foistware) so the best option is to allow it and uninstall Chrome afterwards (unless of course you want it).

Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

Here are three good, free for personal, use antivirus :


Here are two good firewalls free for personal use:


Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP