Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware all over the PC. [Closed]


  • This topic is locked This topic is locked

#1
Down_with_malware

Down_with_malware

    Member

  • Member
  • PipPipPip
  • 152 posts
My siblings computer which is on the same network as us is having LOTS of problems. I did a malwarebytes scan, but when I try to log into the other PC the antivirus warns of pshing actives. This has been going on for days now. The computer keeps locking up, acting weird and stuff. The malwarebyte scan did come back with some trojans but I am unable to post anything on that pc. Any advice? Thanks in advanced! :)
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi and welcome back to Geeks to Go. :)

What Operating System is in use on the infected machine and on the one you used to create this topic/will be utilising too reply to this topic etc ?

Also do you have a USB Flash type drive ?
  • 0

#3
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
After restarting I am able to function on this pc now. Here is the malwarebytes log. :) Thanks for your reply.

Database version: v2013.07.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Angelina :: ANGELINA-PC [administrator]

Protection: Enabled

7/1/2013 8:53:21 PM
mbam-log-2013-07-01 (20-53-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212303
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.

Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.

(end)
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

After restarting I am able to function on this pc now. Here is the malwarebytes log. :) Thanks for your reply.

Acknowledged and you're welcome!

Scan with aswMBR:

Please download aswMBR to the desktop.

  • Right-click on aswMBR.exe and select Run as Administrator to start aswMBR.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with OTL:

Please download OTL and save it to the desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
%systemdrive%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CreateRestorePoint
dir "%systemdrive%\*" /S /A:L /C


  • Now click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • aswMBR Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I got some bad news. OTL crashed when I tried to run it. When it was scanning firefox it just stopped and completely crashed. I followed your instructions carefully. I got the aswMBR log.


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-02 11:43:20
-----------------------------
11:43:20.541 OS Version: Windows x64 6.1.7601 Service Pack 1
11:43:20.541 Number of processors: 4 586 0x2A07
11:43:20.541 ComputerName: ANGELINA-PC UserName: Angelina
11:43:22.085 Initialize success
11:43:52.914 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:43:52.914 Disk 0 Vendor: ST31000524AS JC4A Size: 953869MB BusType: 3
11:43:52.976 Disk 0 MBR read successfully
11:43:52.992 Disk 0 MBR scan
11:43:52.992 Disk 0 Windows VISTA default MBR code
11:43:52.992 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
11:43:53.008 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
11:43:53.008 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938660 MB offset 31145984
11:43:53.023 Disk 0 scanning C:\Windows\system32\drivers
11:44:01.012 Service scanning
11:44:05.100 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
11:44:05.178 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
11:44:05.209 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
11:44:05.224 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
11:44:05.256 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
11:44:05.287 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
11:44:11.543 Modules scanning
11:44:11.543 Disk 0 trace - called modules:
11:44:11.575 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
11:44:11.575 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b3060]
11:44:11.590 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80062fcca0]
11:44:11.590 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800634b060]
11:44:11.606 Scan finished successfully
11:44:18.470 Disk 0 MBR has been saved successfully to "C:\Users\Angelina\Desktop\MBR.dat"
11:44:18.470 The log file has been saved successfully to "C:\Users\Angelina\Desktop\aswMBR.txt"

Want me to try again?
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I got some bad news. OTL crashed when I tried to run it. When it was scanning firefox it just stopped and completely crashed.

This can occur upon occasion and is not a cause for concern I will further add. Can you recall which particular Firefox setting the scan stalled on at all ? If you cannot, not a problem...do however leave OTL on the desktop for the time being.

Next:

I notice form the awsMBR log that it appears the machine has a Vista MBR(master boot record) but the Operating System in use is the 64 bit version of Windows 7. Was the computer upgraded from Vista ?

As technically the MBR for Vista has a different trusted platform module code section as opposed to Windows 7. Now concerning the version of the Operating System in use at present, this should not be a problem in theory however I would like to check out the MBR to err on the side of caution.

So please attach MBR.dat file in your next reply please(it is currently on the desktop).

How to add an attachment to a new topic or reply

Next:

Want me to try again?

No need thank you, we will merely use a alterative scan as follows...

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to the desktop.

  • Right-click on FRST.exe and select Run as Administrator to start FRST.
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • Answer to my MBR query.
  • Both FRST Logs.

  • 0

#7
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Alright, as far as the computer is concerned I am getting redirects, and firefox tabs open with advertisements. I am sure more is going on then I can see. OTL crashed

just when it got to Firefox.exe that is all. Also, bad news again I cannot download Farbar recovery tool. When I first tried to download it I got this error:

getsav-in Setup: Error serializing preferences


The second time I tried it I get this error before it hit 100%

Line 7748 (File "C:\Users\Angelina\AppData\Local\Temp\is19718795378_Setup.

EXE"):

Error: The request action with this object has failed.


Important to note, we never upgraded this system. We bought this from dell with Windows 7 currently on it. Was suppose to be their latest and greatest so they say. My father

bought it. Do you think that this computer is just a refurbished PC? What do you suspect? I attached the file you requested by the way.
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Important to note, we never upgraded this system. We bought this from dell with Windows 7 currently on it. Was suppose to be their latest and greatest so they say. My father bought it. Do you think that this computer is just a refurbished PC? What do you suspect?

Feasible it was merely shipped with the incorrect MBR and or say something else has tampered with it...however as too how this occurred I can only speculate at this point in time as I do need to actually review the contents of the MBR.dat file itself first before any meaningful diagnosis about it.

Next:

I attached the file you requested by the way.

Does not appears to be so, merely copy it to the USB Drive I will be asking you to use shortly and then attach it in your next reply please.

Next:

Do you have a Windows 7 Installation DVD for the computer and or did you create some Recovery Media using the Dell DataSafe software for example ?

Next:

Now with regard to the problems downloading and others you mentioned, probably due to malware so we will employ a different methodology to download/run FRST as follows...

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Then insert the Flash/USB drive into the infected machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter[/list] Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.

  • 0

#9
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here it is. :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2013 02
Ran by SYSTEM on 03-07-2013 14:47:00
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [356968 2012-12-20] (Kaspersky Lab ZAO)
HKU\Angelina\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Angelina\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\Angelina\...\Run: [SearchProtect] C:\Users\Angelina\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
Startup: C:\Users\Angelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-07] (Conduit)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()
S2 DefaultTabUpdate; C:\Users\Angelina\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-06-08] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [34320 2012-06-15] (MyWebSearch.com)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-06-06] ()

==================== Drivers (Whitelisted) ====================

S3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-03-16] (Windows ® Codename Longhorn DDK provider)
S0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2012-11-02] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-10-18] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 uqk; C:\koramgame\STOnline\avital\wyqku64.sys [50608 2012-07-10] ()
S3 uqk; C:\koramgame\STOnline\avital\wyqku64.sys [50608 2012-07-10] ()
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 14:46 - 2013-07-03 14:46 - 00000000 ____D C:\FRST
2013-07-03 10:15 - 2013-07-03 13:22 - 00000850 ____A C:\Windows\setupact.log
2013-07-03 10:15 - 2013-07-03 10:15 - 00006682 ____A C:\Windows\PFRO.log
2013-07-03 10:15 - 2013-07-03 10:15 - 00000000 ____A C:\Windows\setuperr.log
2013-07-03 08:49 - 2013-07-03 08:49 - 00001048 ____A C:\Users\Angelina\Desktop\Continue Download Helper Installation.lnk
2013-07-03 08:46 - 2013-07-03 08:47 - 00000000 ____D C:\Users\Angelina\Local Settings\getsav-in
2013-07-03 08:46 - 2013-07-03 08:47 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\getsav-in
2013-07-03 08:46 - 2013-07-03 08:47 - 00000000 ____D C:\Users\Angelina\AppData\Local\getsav-in
2013-07-03 08:44 - 2013-07-03 08:44 - 00654904 ____A C:\Users\Angelina\Downloads\setup.exe
2013-07-02 11:37 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-07-02 11:37 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-07-02 11:37 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-07-02 11:37 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-07-02 11:37 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-07-02 11:37 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-07-02 11:37 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-07-02 11:37 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-02 11:37 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-07-02 11:37 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-07-02 11:37 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-02 10:44 - 2013-07-02 10:44 - 00602112 ____A (OldTimer Tools) C:\Users\Angelina\Desktop\OTL.exe
2013-07-02 10:44 - 2013-07-02 10:44 - 00002243 ____A C:\Users\Angelina\Desktop\aswMBR.txt
2013-07-02 10:44 - 2013-07-02 10:44 - 00000512 ____A C:\Users\Angelina\Desktop\MBR.dat
2013-07-02 10:40 - 2013-07-02 10:42 - 04745728 ____A (AVAST Software) C:\Users\Angelina\Desktop\aswMBR.exe
2013-07-01 19:52 - 2013-07-01 19:52 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Angelina\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 19:52 - 2013-07-01 19:52 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 19:52 - 2013-07-01 19:52 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\Users\Angelina\Application Data\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 19:52 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 19:44 - 2013-07-02 03:40 - 00000000 ____D C:\ProgramData\PC1Data
2013-07-01 19:44 - 2013-07-02 03:40 - 00000000 ____D C:\ProgramData\Application Data\PC1Data
2013-07-01 19:44 - 2013-07-01 19:44 - 05401808 ____A (PC Cleaners) C:\Users\Angelina\Downloads\PC_Pro_Installer2.exe
2013-07-01 19:44 - 2013-07-01 19:44 - 05401808 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
2013-07-01 19:44 - 2013-07-01 19:44 - 05401808 ____A (PC Cleaners) C:\ProgramData\Application Data\pclunst.exe
2013-07-01 19:34 - 2013-07-03 02:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-01 19:34 - 2013-07-01 19:44 - 00001089 ____A C:\Users\Angelina\Desktop\MyPC Backup.lnk
2013-07-01 19:33 - 2013-07-01 20:33 - 00000000 ____D C:\Users\Angelina\Application Data\Systweak
2013-07-01 19:33 - 2013-07-01 20:33 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\Systweak
2013-07-01 19:33 - 2013-05-27 15:01 - 00020312 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-07-01 19:32 - 2013-07-01 19:32 - 04679432 ____A (Systweak Inc ) C:\Users\Angelina\Downloads\rcpsetup_dcnew_300_new.exe
2013-07-01 18:53 - 2013-07-01 19:17 - 00000000 ____D C:\Users\Angelina\Local Settings\LogMeIn Rescue Applet
2013-07-01 18:53 - 2013-07-01 19:17 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 18:53 - 2013-07-01 19:17 - 00000000 ____D C:\Users\Angelina\AppData\Local\LogMeIn Rescue Applet
2013-07-01 18:42 - 2013-07-03 10:15 - 00000500 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-07-01 18:42 - 2013-07-03 08:32 - 00000448 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-07-01 18:42 - 2013-07-02 17:17 - 00000474 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-07-01 18:42 - 2013-07-02 03:41 - 00000416 ____A C:\Windows\Tasks\RegCure Pro.job
2013-07-01 18:42 - 2013-07-01 18:42 - 00001192 ____A C:\Users\Angelina\Desktop\RegCure Pro.lnk
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\Application Data\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\Application Data\DriverCure
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\DriverCure
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\ProgramData\Application Data\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-07-01 18:40 - 2013-07-01 18:40 - 05799944 ____A (ParetoLogic, Inc.) C:\Users\Angelina\Downloads\RegCureProSetup_RW.exe
2013-07-01 18:01 - 2013-07-01 18:01 - 00002218 ____A C:\Users\Angelina\Desktop\Safe Money.lnk
2013-07-01 17:57 - 2013-07-01 17:57 - 00001080 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-07-01 17:57 - 2013-07-01 17:57 - 00001080 ____A C:\ProgramData\Desktop\Kaspersky PURE 3.0.lnk
2013-07-01 17:57 - 2013-07-01 17:57 - 00000000 ___SD C:\Users\Angelina\My Documents\Passwords Database
2013-07-01 17:57 - 2013-07-01 17:57 - 00000000 ___SD C:\Users\Angelina\Documents\Passwords Database
2013-07-01 17:57 - 2012-07-11 16:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-07-01 17:56 - 2013-07-01 17:56 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-01 17:56 - 2011-06-02 13:39 - 00084536 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2013-07-01 17:56 - 2011-06-02 13:39 - 00066616 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2013-07-01 17:52 - 2013-07-01 17:54 - 188248208 ____A (Kaspersky Lab ZAO) C:\Users\Angelina\Downloads\pure13.0.2.558EN_4227(1).exe
2013-07-01 17:18 - 2013-07-01 17:18 - 00519384 ____A C:\Users\Angelina\Downloads\Player_Setup.exe
2013-07-01 17:18 - 2013-07-01 17:18 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
2013-07-01 17:18 - 2013-07-01 17:18 - 00001177 ____A C:\Users\Angelina\Desktop\System Checkup.lnk
2013-07-01 17:18 - 2013-07-01 17:18 - 00000000 ____D C:\ProgramData\iolo
2013-07-01 17:18 - 2013-07-01 17:18 - 00000000 ____D C:\ProgramData\Application Data\iolo
2013-07-01 17:18 - 2013-07-01 17:18 - 00000000 ____D C:\Program Files (x86)\iolo
2013-07-01 17:16 - 2013-07-01 17:16 - 06511536 ____A C:\Users\Angelina\Downloads\SCUDownloader.exe
2013-06-30 19:17 - 2013-06-30 19:17 - 00004455 ____A C:\Users\Angelina\Desktop\Attachtext.rar
2013-06-30 19:12 - 2013-06-30 19:12 - 00013896 ____A C:\Users\Angelina\Desktop\Attachtext.txt
2013-06-30 19:11 - 2013-06-30 19:11 - 00026153 ____A C:\Users\Angelina\Desktop\DDStext.txt
2013-06-30 19:10 - 2013-06-30 19:10 - 00013896 ____A C:\Users\Angelina\Desktop\attach.txt
2013-06-30 19:10 - 2013-06-30 19:09 - 00026153 ____A C:\Users\Angelina\Desktop\dds.txt
2013-06-30 19:06 - 2013-06-30 19:06 - 00688992 ____R (Swearware) C:\Users\Angelina\Desktop\dds.com
2013-06-30 18:39 - 2013-06-30 18:39 - 00000000 ____D C:\Windows\pss
2013-06-26 19:30 - 2013-07-01 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 02:00 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 02:00 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 02:00 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 02:00 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 02:00 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 02:00 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 02:00 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 02:00 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 02:00 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 02:00 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 02:00 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 02:00 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 11:42 - 2013-06-14 11:42 - 00008489 ____A C:\Users\Angelina\Local Settings\recently-used.xbel
2013-06-14 11:42 - 2013-06-14 11:42 - 00008489 ____A C:\Users\Angelina\Local Settings\Application Data\recently-used.xbel
2013-06-14 11:42 - 2013-06-14 11:42 - 00008489 ____A C:\Users\Angelina\AppData\Local\recently-used.xbel
2013-06-13 20:00 - 2013-06-14 20:00 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\{C226125D-397C-49B6-A196-95A935F88995}
2013-06-13 20:00 - 2013-06-14 20:00 - 00000000 ____D C:\Users\Angelina\Local Settings\{C226125D-397C-49B6-A196-95A935F88995}
2013-06-13 20:00 - 2013-06-14 20:00 - 00000000 ____D C:\Users\Angelina\AppData\Local\{C226125D-397C-49B6-A196-95A935F88995}
2013-06-13 02:01 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 02:01 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 02:01 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 02:01 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 02:01 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 02:01 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 02:01 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 02:01 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 02:01 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 02:01 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 02:01 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 02:01 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 02:01 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:26 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:26 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:26 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 11:25 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:25 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:25 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:25 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:25 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:25 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:25 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:25 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:25 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:25 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:25 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:25 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 11:25 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 11:25 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 11:25 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 11:25 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 23:43 - 2013-06-11 23:43 - 01100539 ____A C:\Users\Angelina\Desktop\aww song.wma
2013-06-11 23:34 - 2013-06-11 23:34 - 00476429 ____A C:\Users\Angelina\Desktop\chips.wma
2013-06-10 21:10 - 2013-06-10 21:10 - 03601469 ____A C:\Users\Angelina\Desktop\pets 2.wma
2013-06-10 20:57 - 2013-06-10 20:57 - 01675259 ____A C:\Users\Angelina\Desktop\pets.wma
2013-06-10 11:30 - 2013-06-12 23:32 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
2013-06-10 11:30 - 2013-06-12 23:32 - 00000000 ____D C:\Users\Angelina\Local Settings\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
2013-06-10 11:30 - 2013-06-12 23:32 - 00000000 ____D C:\Users\Angelina\AppData\Local\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
2013-06-08 15:00 - 2013-06-08 15:00 - 02982744 ____A (Boost Software Inc.) C:\Users\Angelina\Downloads\PCHealthBoost_Setup.exe
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Users\Angelina\Local Settings\Wajam
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\Wajam
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Users\Angelina\AppData\Local\Wajam
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-06-08 14:44 - 2013-06-08 14:44 - 00000000 ____D C:\Program Files (x86)\InternetHelper3.1
2013-06-08 14:43 - 2013-06-08 14:49 - 00000000 ____D C:\Users\Angelina\Application Data\SearchProtect
2013-06-08 14:43 - 2013-06-08 14:49 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\SearchProtect
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\Local Settings\CRE
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\CRE
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\AppData\Local\CRE
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-06-08 14:42 - 2013-07-03 08:47 - 00000000 ____A C:\END
2013-06-08 14:41 - 2013-06-08 14:41 - 01125288 ____A (AirInstaller Inc.) C:\Users\Angelina\Downloads\Java.exe
2013-06-08 13:16 - 2013-06-08 13:16 - 00000258 _RASH C:\Users\Angelina\ntuser.pol
2013-06-08 13:16 - 2013-06-08 13:16 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-06-08 13:15 - 2013-06-08 13:15 - 00000000 ____D C:\Users\Angelina\Application Data\DefaultTab
2013-06-08 13:15 - 2013-06-08 13:15 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\DefaultTab
2013-06-04 02:03 - 2013-06-04 02:03 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-04 02:03 - 2013-06-04 02:03 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-04 02:03 - 2013-06-04 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-04 02:03 - 2013-06-04 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-04 02:03 - 2013-06-04 02:03 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-04 02:03 - 2013-06-04 02:03 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-04 02:03 - 2013-06-04 02:03 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-04 02:03 - 2013-06-04 02:03 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-04 02:03 - 2013-06-04 02:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

2013-07-03 14:46 - 2013-07-03 14:46 - 00000000 ____D C:\FRST
2013-07-03 13:41 - 2012-05-29 19:02 - 01866973 ____A C:\Windows\WindowsUpdate.log
2013-07-03 13:33 - 2012-09-19 17:11 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 13:33 - 2012-09-19 17:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 13:25 - 2012-05-29 17:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 13:25 - 2009-07-13 21:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 13:22 - 2013-07-03 10:15 - 00000850 ____A C:\Windows\setupact.log
2013-07-03 13:20 - 2012-11-18 20:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-03 13:20 - 2012-11-18 20:12 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-07-03 13:03 - 2012-08-26 13:32 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-139958153-1293919107-277672395-1000UA.job
2013-07-03 13:03 - 2012-08-26 13:32 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-139958153-1293919107-277672395-1000Core.job
2013-07-03 13:03 - 2012-06-20 20:14 - 00000000 ____D C:\Users\Angelina\Application Data\Skype
2013-07-03 13:03 - 2012-06-20 20:14 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\Skype
2013-07-03 10:23 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 10:23 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 10:16 - 2012-05-29 17:29 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-07-03 10:16 - 2012-05-29 17:29 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-07-03 10:16 - 2012-05-29 17:29 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-07-03 10:16 - 2012-05-29 17:29 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-07-03 10:16 - 2012-05-29 17:29 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-07-03 10:16 - 2012-05-29 17:29 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-07-03 10:16 - 2012-05-29 17:25 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-03 10:15 - 2013-07-03 10:15 - 00006682 ____A C:\Windows\PFRO.log
2013-07-03 10:15 - 2013-07-03 10:15 - 00000000 ____A C:\Windows\setuperr.log
2013-07-03 10:15 - 2013-07-01 18:42 - 00000500 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-07-03 10:15 - 2013-03-17 14:52 - 00000031 ____A C:\Windows\System32\bbcap.err
2013-07-03 10:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 09:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-03 08:49 - 2013-07-03 08:49 - 00001048 ____A C:\Users\Angelina\Desktop\Continue Download Helper Installation.lnk
2013-07-03 08:47 - 2013-07-03 08:46 - 00000000 ____D C:\Users\Angelina\Local Settings\getsav-in
2013-07-03 08:47 - 2013-07-03 08:46 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\getsav-in
2013-07-03 08:47 - 2013-07-03 08:46 - 00000000 ____D C:\Users\Angelina\AppData\Local\getsav-in
2013-07-03 08:47 - 2013-06-08 14:42 - 00000000 ____A C:\END
2013-07-03 08:44 - 2013-07-03 08:44 - 00654904 ____A C:\Users\Angelina\Downloads\setup.exe
2013-07-03 08:32 - 2013-07-01 18:42 - 00000448 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-07-03 02:17 - 2013-07-01 19:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-03 02:00 - 2012-06-25 18:54 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\Adobe
2013-07-03 02:00 - 2012-06-25 18:54 - 00000000 ____D C:\Users\Angelina\Local Settings\Adobe
2013-07-03 02:00 - 2012-06-25 18:54 - 00000000 ____D C:\Users\Angelina\AppData\Local\Adobe
2013-07-02 17:17 - 2013-07-01 18:42 - 00000474 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-07-02 10:44 - 2013-07-02 10:44 - 00602112 ____A (OldTimer Tools) C:\Users\Angelina\Desktop\OTL.exe
2013-07-02 10:44 - 2013-07-02 10:44 - 00002243 ____A C:\Users\Angelina\Desktop\aswMBR.txt
2013-07-02 10:44 - 2013-07-02 10:44 - 00000512 ____A C:\Users\Angelina\Desktop\MBR.dat
2013-07-02 10:42 - 2013-07-02 10:40 - 04745728 ____A (AVAST Software) C:\Users\Angelina\Desktop\aswMBR.exe
2013-07-02 03:41 - 2013-07-01 18:42 - 00000416 ____A C:\Windows\Tasks\RegCure Pro.job
2013-07-02 03:40 - 2013-07-01 19:44 - 00000000 ____D C:\ProgramData\PC1Data
2013-07-02 03:40 - 2013-07-01 19:44 - 00000000 ____D C:\ProgramData\Application Data\PC1Data
2013-07-01 20:33 - 2013-07-01 19:33 - 00000000 ____D C:\Users\Angelina\Application Data\Systweak
2013-07-01 20:33 - 2013-07-01 19:33 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\Systweak
2013-07-01 20:06 - 2012-06-15 20:44 - 00000000 ____D C:\ProgramData\Symantec
2013-07-01 20:06 - 2012-06-15 20:44 - 00000000 ____D C:\ProgramData\Application Data\Symantec
2013-07-01 20:06 - 2012-06-15 20:42 - 00000000 ____D C:\ProgramData\Norton
2013-07-01 20:06 - 2012-06-15 20:42 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-07-01 19:52 - 2013-07-01 19:52 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Angelina\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 19:52 - 2013-07-01 19:52 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 19:52 - 2013-07-01 19:52 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\Users\Angelina\Application Data\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-07-01 19:52 - 2013-07-01 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 19:48 - 2013-05-19 08:40 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-07-01 19:44 - 2013-07-01 19:44 - 05401808 ____A (PC Cleaners) C:\Users\Angelina\Downloads\PC_Pro_Installer2.exe
2013-07-01 19:44 - 2013-07-01 19:44 - 05401808 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
2013-07-01 19:44 - 2013-07-01 19:44 - 05401808 ____A (PC Cleaners) C:\ProgramData\Application Data\pclunst.exe
2013-07-01 19:44 - 2013-07-01 19:34 - 00001089 ____A C:\Users\Angelina\Desktop\MyPC Backup.lnk
2013-07-01 19:32 - 2013-07-01 19:32 - 04679432 ____A (Systweak Inc ) C:\Users\Angelina\Downloads\rcpsetup_dcnew_300_new.exe
2013-07-01 19:17 - 2013-07-01 18:53 - 00000000 ____D C:\Users\Angelina\Local Settings\LogMeIn Rescue Applet
2013-07-01 19:17 - 2013-07-01 18:53 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 19:17 - 2013-07-01 18:53 - 00000000 ____D C:\Users\Angelina\AppData\Local\LogMeIn Rescue Applet
2013-07-01 19:15 - 2013-06-26 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-01 19:15 - 2013-02-01 14:45 - 00000000 ____D C:\Users\Angelina\Application Data\Sony
2013-07-01 19:15 - 2013-02-01 14:45 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\Sony
2013-07-01 19:15 - 2013-01-18 20:00 - 00000000 ____D C:\Program Files (x86)\Ride!
2013-07-01 19:15 - 2012-11-08 12:19 - 00000000 ____D C:\Windows\Minidump
2013-07-01 19:15 - 2012-08-27 19:06 - 00000000 ____D C:\Users\Angelina\Application Data\.minecraft
2013-07-01 19:15 - 2012-08-27 19:06 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\.minecraft
2013-07-01 19:15 - 2012-07-10 13:05 - 00000000 ____D C:\Users\Angelina\Local Settings\PMB Files
2013-07-01 19:15 - 2012-07-10 13:05 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\PMB Files
2013-07-01 19:15 - 2012-07-10 13:05 - 00000000 ____D C:\Users\Angelina\AppData\Local\PMB Files
2013-07-01 19:15 - 2012-05-29 17:44 - 00000000 ____D C:\ProgramData\Roxio
2013-07-01 19:15 - 2012-05-29 17:44 - 00000000 ____D C:\ProgramData\Application Data\Roxio
2013-07-01 19:15 - 2012-05-29 17:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-01 19:15 - 2012-05-29 17:27 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-07-01 19:15 - 2011-02-10 06:02 - 00000000 ____D C:\Windows\panther
2013-07-01 19:15 - 2009-07-13 19:20 - 00000000 ____D C:\users\Default
2013-07-01 18:42 - 2013-07-01 18:42 - 00001192 ____A C:\Users\Angelina\Desktop\RegCure Pro.lnk
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\Application Data\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\Application Data\DriverCure
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\DriverCure
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\ProgramData\Application Data\ParetoLogic
2013-07-01 18:42 - 2013-07-01 18:42 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-07-01 18:40 - 2013-07-01 18:40 - 05799944 ____A (ParetoLogic, Inc.) C:\Users\Angelina\Downloads\RegCureProSetup_RW.exe
2013-07-01 18:01 - 2013-07-01 18:01 - 00002218 ____A C:\Users\Angelina\Desktop\Safe Money.lnk
2013-07-01 17:58 - 2012-11-18 20:12 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-01 17:57 - 2013-07-01 17:57 - 00001080 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-07-01 17:57 - 2013-07-01 17:57 - 00001080 ____A C:\ProgramData\Desktop\Kaspersky PURE 3.0.lnk
2013-07-01 17:57 - 2013-07-01 17:57 - 00000000 ___SD C:\Users\Angelina\My Documents\Passwords Database
2013-07-01 17:57 - 2013-07-01 17:57 - 00000000 ___SD C:\Users\Angelina\Documents\Passwords Database
2013-07-01 17:56 - 2013-07-01 17:56 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-01 17:54 - 2013-07-01 17:52 - 188248208 ____A (Kaspersky Lab ZAO) C:\Users\Angelina\Downloads\pure13.0.2.558EN_4227(1).exe
2013-07-01 17:18 - 2013-07-01 17:18 - 00519384 ____A C:\Users\Angelina\Downloads\Player_Setup.exe
2013-07-01 17:18 - 2013-07-01 17:18 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
2013-07-01 17:18 - 2013-07-01 17:18 - 00001177 ____A C:\Users\Angelina\Desktop\System Checkup.lnk
2013-07-01 17:18 - 2013-07-01 17:18 - 00000000 ____D C:\ProgramData\iolo
2013-07-01 17:18 - 2013-07-01 17:18 - 00000000 ____D C:\ProgramData\Application Data\iolo
2013-07-01 17:18 - 2013-07-01 17:18 - 00000000 ____D C:\Program Files (x86)\iolo
2013-07-01 17:16 - 2013-07-01 17:16 - 06511536 ____A C:\Users\Angelina\Downloads\SCUDownloader.exe
2013-06-30 19:17 - 2013-06-30 19:17 - 00004455 ____A C:\Users\Angelina\Desktop\Attachtext.rar
2013-06-30 19:12 - 2013-06-30 19:12 - 00013896 ____A C:\Users\Angelina\Desktop\Attachtext.txt
2013-06-30 19:11 - 2013-06-30 19:11 - 00026153 ____A C:\Users\Angelina\Desktop\DDStext.txt
2013-06-30 19:10 - 2013-06-30 19:10 - 00013896 ____A C:\Users\Angelina\Desktop\attach.txt
2013-06-30 19:09 - 2013-06-30 19:10 - 00026153 ____A C:\Users\Angelina\Desktop\dds.txt
2013-06-30 19:06 - 2013-06-30 19:06 - 00688992 ____R (Swearware) C:\Users\Angelina\Desktop\dds.com
2013-06-30 18:39 - 2013-06-30 18:39 - 00000000 ____D C:\Windows\pss
2013-06-30 17:04 - 2013-01-20 22:27 - 00000000 ____D C:\Users\Angelina\Local Settings\Nero
2013-06-30 17:04 - 2013-01-20 22:27 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\Nero
2013-06-30 17:04 - 2013-01-20 22:27 - 00000000 ____D C:\Users\Angelina\AppData\Local\Nero
2013-06-27 13:45 - 2012-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-14 20:00 - 2013-06-13 20:00 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\{C226125D-397C-49B6-A196-95A935F88995}
2013-06-14 20:00 - 2013-06-13 20:00 - 00000000 ____D C:\Users\Angelina\Local Settings\{C226125D-397C-49B6-A196-95A935F88995}
2013-06-14 20:00 - 2013-06-13 20:00 - 00000000 ____D C:\Users\Angelina\AppData\Local\{C226125D-397C-49B6-A196-95A935F88995}
2013-06-14 11:42 - 2013-06-14 11:42 - 00008489 ____A C:\Users\Angelina\Local Settings\recently-used.xbel
2013-06-14 11:42 - 2013-06-14 11:42 - 00008489 ____A C:\Users\Angelina\Local Settings\Application Data\recently-used.xbel
2013-06-14 11:42 - 2013-06-14 11:42 - 00008489 ____A C:\Users\Angelina\AppData\Local\recently-used.xbel
2013-06-13 22:50 - 2012-11-07 10:11 - 00000000 ____D C:\Users\Angelina\.gimp-2.8
2013-06-13 02:20 - 2013-05-24 17:04 - 00000000 ____D C:\Users\Angelina\Desktop\PaintToolSAI
2013-06-13 02:02 - 2012-09-19 17:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 23:32 - 2013-06-10 11:30 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
2013-06-12 23:32 - 2013-06-10 11:30 - 00000000 ____D C:\Users\Angelina\Local Settings\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
2013-06-12 23:32 - 2013-06-10 11:30 - 00000000 ____D C:\Users\Angelina\AppData\Local\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
2013-06-12 09:25 - 2012-05-29 17:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 09:25 - 2012-05-29 17:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 - 2013-06-11 23:43 - 01100539 ____A C:\Users\Angelina\Desktop\aww song.wma
2013-06-11 23:34 - 2013-06-11 23:34 - 00476429 ____A C:\Users\Angelina\Desktop\chips.wma
2013-06-10 21:10 - 2013-06-10 21:10 - 03601469 ____A C:\Users\Angelina\Desktop\pets 2.wma
2013-06-10 20:57 - 2013-06-10 20:57 - 01675259 ____A C:\Users\Angelina\Desktop\pets.wma
2013-06-08 15:00 - 2013-06-08 15:00 - 02982744 ____A (Boost Software Inc.) C:\Users\Angelina\Downloads\PCHealthBoost_Setup.exe
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Users\Angelina\Local Settings\Wajam
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\Wajam
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Users\Angelina\AppData\Local\Wajam
2013-06-08 14:52 - 2013-06-08 14:52 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-06-08 14:49 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\Application Data\SearchProtect
2013-06-08 14:49 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\SearchProtect
2013-06-08 14:44 - 2013-06-08 14:44 - 00000000 ____D C:\Program Files (x86)\InternetHelper3.1
2013-06-08 14:44 - 2012-06-24 08:50 - 00000000 ____D C:\Users\Angelina\Local Settings\Conduit
2013-06-08 14:44 - 2012-06-24 08:50 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\Conduit
2013-06-08 14:44 - 2012-06-24 08:50 - 00000000 ____D C:\Users\Angelina\AppData\Local\Conduit
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\Local Settings\CRE
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\CRE
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Users\Angelina\AppData\Local\CRE
2013-06-08 14:43 - 2013-06-08 14:43 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-06-08 14:41 - 2013-06-08 14:41 - 01125288 ____A (AirInstaller Inc.) C:\Users\Angelina\Downloads\Java.exe
2013-06-08 13:16 - 2013-06-08 13:16 - 00000258 _RASH C:\Users\Angelina\ntuser.pol
2013-06-08 13:16 - 2013-06-08 13:16 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-06-08 13:16 - 2012-06-15 14:43 - 00000000 ____D C:\users\Angelina
2013-06-08 13:16 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-08 13:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-06-08 13:15 - 2013-06-08 13:15 - 00000000 ____D C:\Users\Angelina\Application Data\DefaultTab
2013-06-08 13:15 - 2013-06-08 13:15 - 00000000 ____D C:\Users\Angelina\AppData\Roaming\DefaultTab
2013-06-08 06:08 - 2013-06-15 02:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-15 02:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-15 02:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-15 02:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-15 02:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-15 02:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-15 02:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-15 02:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-15 02:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-15 02:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-15 02:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-15 02:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-04 02:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-04 02:03 - 2013-06-04 02:03 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-04 02:03 - 2013-06-04 02:03 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-04 02:03 - 2013-06-04 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-04 02:03 - 2013-06-04 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-04 02:03 - 2013-06-04 02:03 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-04 02:03 - 2013-06-04 02:03 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-04 02:03 - 2013-06-04 02:03 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-04 02:03 - 2013-06-04 02:03 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-04 02:03 - 2013-06-04 02:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-04 02:03 - 2013-06-04 02:03 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-04 02:03 - 2013-06-04 02:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-03 21:33 - 2013-06-02 21:32 - 00000000 ____D C:\Users\Angelina\Local Settings\Application Data\{9A347BA2-2637-4A46-AFDE-0E1126A0B256}
2013-06-03 21:33 - 2013-06-02 21:32 - 00000000 ____D C:\Users\Angelina\Local Settings\{9A347BA2-2637-4A46-AFDE-0E1126A0B256}
2013-06-03 21:33 - 2013-06-02 21:32 - 00000000 ____D C:\Users\Angelina\AppData\Local\{9A347BA2-2637-4A46-AFDE-0E1126A0B256}
2013-06-03 10:20 - 2013-02-01 14:47 - 00000000 ____D C:\Users\Angelina\My Documents\Vegas Movie Studio HD 11.0 Projects
2013-06-03 10:20 - 2013-02-01 14:47 - 00000000 ____D C:\Users\Angelina\Documents\Vegas Movie Studio HD 11.0 Projects

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\ProgramData\ntuser.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-28 09:07:08
Restore point made on: 2013-07-01 19:15:16
Restore point made on: 2013-07-01 19:36:15
Restore point made on: 2013-07-02 02:00:35
Restore point made on: 2013-07-02 03:40:29
Restore point made on: 2013-07-03 02:00:30
Restore point made on: 2013-07-03 10:13:53

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6126.64 MB
Available physical RAM: 5422.84 MB
Total Pagefile: 6124.84 MB
Available Pagefile: 5413.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:738.09 GB) NTFS (Disk=0 Partition=3)
Drive f: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.55 GB) FAT32 (Disk=2 Partition=1)
Drive g: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.56 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: F74704D0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-07-03 09:50

==================== End Of Log ============================
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Here it is. :)

Good, lets proceed as follows shall we. Also please do answer my prior query:-

Do you have a Windows 7 Installation DVD for the computer and or did you create some Recovery Media using the Dell DataSafe software for example ?

And attach the requested MBR.dat in your next reply. Now if you are unsure how to attach have a read of this again:-

How to add an attachment to a new topic or reply

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save it to your flash drive.



  • Now please enter System Recovery Options on the infected machine again and then select Command Prompt.
  • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
  • Reboot the machine back into Normal Mode.
Note: This above custom script has been created specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your Operating System!

Scan with AdwCleaner:

Note: You should be able to carry out the below using the infected machine, if not merely stop what you are doing and inform myself please.

Please download adwcleaner from here and save to the desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab >> follow the prompts and reboot your machine if not advised to do so.
  • Please post the contents of the log file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any other symptoms and or problems encountered ?
  • Answer to my prior query.
  • Attach the requested MBR.dat file.
  • New FRST(Fixlog.txt) Log
  • AdwCleaner Log.

  • 0

Advertisements


#11
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
To answer your first question; whenever I try to go to a website popup tabs still come up. Even when I try to make a reply here they pop up. Not sure about the rest of the PC.

The second answer; I have no Windows 7 disk or any recovery media for it. Here are the files. :) I am sure what we did created a lack of slack for us. Happy Forth of July!

Attached Files


  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I have no Windows 7 disk or any recovery media for it.

OK, I advise when I give the all clear you create some recovery media with:-

Dell Backup & Recovery Manager.

Plus be a good idea to follow this tutorial of mine also:-

How to create a Windows 7 Startup Repair Disk

Next:

To answer your first question; whenever I try to go to a website popup tabs still come up. Even when I try to make a reply here they pop up. Not sure about the rest of the PC.

Acknowledged...

Download/Run ComboFix:

Please visit this web-page for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.


Next:

Click on Start(Windows 7 Orb) >> Run...(or launch the Run box via depressing both the Windows key and R together)

Copy and paste the following into the Run box:-

C:\QooBox\Add-Remove Programs.txt
And click on OK, post the contents of the notepad file that appears in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • The contents of QooBox\Add-Remove Programs.txt

  • 0

#13
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I am still getting those pop up ads on my web browser. Also, I noticed my downloads on this PC can get hijacked. It will try to download something completely differnet from what you are really trying to download. I had to put combo fix on a thumb drive disk and put it on the PC. Here is what you requested. :)

Combo Fix Log

ComboFix 13-07-04.01 - Angelina 07/04/2013 20:01:05.1.4 - x64
Running from: c:\users\Angelina\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-06-05 to 2013-07-05 )))))))))))))))))))))))))))))))
.
.
2013-07-05 03:05 . 2013-07-05 03:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-03 22:46 . 2013-07-03 22:46 -------- d-----w- C:\FRST
2013-07-02 19:37 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-07-02 19:37 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2013-07-02 19:37 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2013-07-02 19:37 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2013-07-02 19:37 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-07-02 19:37 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-07-02 19:37 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2013-07-02 19:37 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2013-07-02 19:37 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2013-07-02 19:37 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-07-02 19:37 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2013-07-02 19:37 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62E65C53-902F-4EB7-B3B9-0683CE323265}\mpengine.dll
2013-07-02 03:52 . 2013-07-02 03:52 -------- d-----w- c:\users\Angelina\AppData\Roaming\Malwarebytes
2013-07-02 03:52 . 2013-07-02 03:52 -------- d-----w- c:\programdata\Malwarebytes
2013-07-02 03:52 . 2013-07-02 03:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 03:52 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 03:34 . 2013-07-02 03:34 -------- d-----w- c:\users\Angelina\AppData\Local\Programs
2013-07-02 02:53 . 2013-07-02 03:17 -------- d-----w- c:\users\Angelina\AppData\Local\LogMeIn Rescue Applet
2013-07-02 01:57 . 2012-07-12 00:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-07-02 01:56 . 2011-06-02 21:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-07-02 01:56 . 2011-06-02 21:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2013-07-02 01:56 . 2013-07-02 01:56 -------- d-----w- c:\windows\ELAMBKUP
2013-07-02 01:18 . 2013-07-02 01:18 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2013-06-12 19:26 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 19:26 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 19:26 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 10:02 . 2012-09-20 01:29 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 17:25 . 2012-05-30 01:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 17:25 . 2012-05-30 01:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-04 10:03 . 2013-06-04 10:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-04 10:03 . 2013-06-04 10:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-04 10:03 . 2013-06-04 10:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-04 10:03 . 2013-06-04 10:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-04 10:03 . 2013-06-04 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-04 10:03 . 2013-06-04 10:03 441856 ----a-w- c:\windows\system32\html.iec
2013-06-04 10:03 . 2013-06-04 10:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-04 10:03 . 2013-06-04 10:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-04 10:03 . 2013-06-04 10:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-04 10:03 . 2013-06-04 10:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-04 10:03 . 2013-06-04 10:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-04 10:03 . 2013-06-04 10:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-04 10:03 . 2013-06-04 10:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-04 10:03 . 2013-06-04 10:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-04 10:03 . 2013-06-04 10:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-04 10:03 . 2013-06-04 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-04 10:03 . 2013-06-04 10:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-04 10:03 . 2013-06-04 10:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-04 10:03 . 2013-06-04 10:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-04 10:03 . 2013-06-04 10:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-04 10:03 . 2013-06-04 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-04 10:03 . 2013-06-04 10:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-04 10:03 . 2013-06-04 10:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-04 10:03 . 2013-06-04 10:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-04 10:03 . 2013-06-04 10:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-04 10:03 . 2013-06-04 10:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-04 10:03 . 2013-06-04 10:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-04 10:03 . 2013-06-04 10:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-04 10:03 . 2013-06-04 10:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-04 10:03 . 2013-06-04 10:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-04 10:03 . 2013-06-04 10:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-04 10:03 . 2013-06-04 10:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-04 10:03 . 2013-06-04 10:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-04 10:03 . 2013-06-04 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-04 10:03 . 2013-06-04 10:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-04 10:03 . 2013-06-04 10:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-04 10:03 . 2013-06-04 10:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-04 10:03 . 2013-06-04 10:03 235008 ----a-w- c:\windows\system32\url.dll
2013-06-04 10:03 . 2013-06-04 10:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-04 10:03 . 2013-06-04 10:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-04 10:03 . 2013-06-04 10:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 10:03 . 2013-06-04 10:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-04 10:03 . 2013-06-04 10:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-04 10:03 . 2013-06-04 10:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-04 10:03 . 2013-06-04 10:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-04 10:03 . 2013-06-04 10:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-04 10:03 . 2013-06-04 10:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-04 10:03 . 2013-06-04 10:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-04 10:03 . 2013-06-04 10:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-19 16:39 . 2013-05-19 16:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-19 16:39 . 2012-06-26 20:13 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-19 16:39 . 2012-06-26 20:13 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-19 06:50 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 09:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 08:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 08:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 08:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 08:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 08:33 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 08:33 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 08:33 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 08:32 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-21 01:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-21 356968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 uqk;uqk;c:\koramgame\STOnline\avital\wyqku64.sys;c:\koramgame\STOnline\avital\wyqku64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 13:34 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 17:25]
.
2013-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-139958153-1293919107-277672395-1000Core.job
- c:\users\Angelina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26 21:12]
.
2013-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-139958153-1293919107-277672395-1000UA.job
- c:\users\Angelina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26 21:12]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 01:11]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 01:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-21 01:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Angelina\AppData\Roaming\Mozilla\Firefox\Profiles\oupu947a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=B99DB5E188E649269B8B1E896A54A795&tb_oid=04-07-2013&tb_mrud=04-07-2013
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023
FF - ExtSQL: 2013-06-08 14:15; {494C52B1-9CE9-4A5A-B18B-4EC234EA4F61}; c:\users\Angelina\AppData\Roaming\Mozilla\Firefox\Profiles\oupu947a.default\extensions\{494C52B1-9CE9-4A5A-B18B-4EC234EA4F61}
FF - ExtSQL: 2013-07-01 18:56; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF - ExtSQL: 2013-07-01 18:56; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF - ExtSQL: 2013-07-01 18:56; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF - ExtSQL: 2013-07-01 18:56; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF - ExtSQL: 2013-07-01 18:56; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF - ExtSQL: 1969-12-31 16:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\users\Angelina\AppData\Roaming\Mozilla\Firefox\Profiles\oupu947a.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{779B8AAB-11D0-4FD8-BA7D-6DE8481402E3} - c:\users\Angelina\AppData\Local\getsav-in\ie\getsav-in_1372869902.dll
BHO-{878B8524-AED5-4870-9A96-A515440DAC75} - c:\program files (x86)\OApps\SelectionLinks.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-getsav-in - c:\users\Angelina\AppData\Local\getsav-in\uninst.exe
AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe
AddRemove-sl-cb - c:\program files (x86)\OApps\sl-cb_uninstall.exe
AddRemove-{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1 - c:\program files (x86)\iolo\System Checkup\uninstscu.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-04 20:06:53
ComboFix-quarantined-files.txt 2013-07-05 03:06
.
Pre-Run: 792,462,204,928 bytes free
Post-Run: 792,074,018,816 bytes free
.
- - End Of File - - 5028780F0568E3D9FF00043885D9F0F0
5C616939100B85E558DA92B899A0FC36


Add-Remove list


Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 11
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 11.6
AOL Toolbar
BB FlashBack Express
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bing Bar
Blackhawk Striker 2
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell VideoStage
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Disney Toontown Online
Dora's World Adventure
eBay
Elements 11 Organizer
Escape Whisper Valley ™
Facebook Video Calling 1.2.0.287
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Free Realms
getsav-in
Google Chrome
Google Update Helper
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Kaspersky PURE 3.0
Luxor
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MixPad
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OpenAL
PaintTool SAI Ver.1
Pando Media Booster
Penguins!
PhotoShowExpress
Pirate101
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PRE11 STI 64Installer
PSE11 STI Installer
Puppy Luv
Purrfect Pet Shop
RecordPad Sound Recorder
RegCure Pro
Ride!
ROBLOX Player for Angelina
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SelectionLinks
Skype Click to Call
Skype™ 6.3
Sonic CinePlayer Decoder Pack
STOnline
Super Granny 4
swMSM
SyncUP
System Checkup 3.4
The Endless Forest
TrustedID
TrustedID IDMonitor Identity Protection
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vegas Movie Studio HD 11.0
Virtual Families
Virtual Villagers 4 - The Tree of Life
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Wizard101
Wonder Pets Save the Puppy
Zhu Zhu Pets
Zinio Reader 4
Zoo Vet 2: Endangered Animals
Zuma Deluxe
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I am still getting those pop up ads on my web browser. Also, I noticed my downloads on this PC can get hijacked. It will try to download something completely differnet from what you are really trying to download.

Which browser does this occur with...is it Google Chrome, Mozilla Firefox, Internet Explorer and or all three ?

I had to put combo fix on a thumb drive disk and put it on the PC

Fair play, can you inform myself which Operating System is on the machine used please to download, as it would be prudent to secure the USB Drive so no infection is spread. Please do not be alarmed by this and merely view it as myself erring on the side of caution.

Java Advice:

There has been a recent severe exploitation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Jave related:-

Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1


So you need to uninstall all(if still present via Programs and Features located in the Control Panel))...Your choice if you wish to go ahead and reinstall but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

Pando Media Booster Advice:

I see Pando Media Booster installed, maybe intentionally and or came with one of the installed games for example. Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

My friendly advice is if you do not really use it, merely uninstall. However this is your choice to do so or not and end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

AOL Toolbar <-- No real need for this and personally I deem it undesirable to have.
RegCure Pro <-- This type of software can cause more problems than purportedly fix and has the potential of rendering a machine little more than a expensive door-stop!
System Checkup 3.4 <-- As above.
TrustedID <-- Not required as the presently installed Kaspersky PURE 3.0 has similar features plus it will cause a system conflict with the aforementioned.
TrustedID IDMonitor Identity Protection <-- As above.

To do so click once on each of the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.
  • 0

#15
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Alright, I will follow all your advice and instructions. This happens in Firefox, we don't use any other web browser.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP