Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Luhe.sirefef and trojan horse BHO & generic...help please!


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Not that one. The first one we did:

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

  • 0

Advertisements


#17
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Oops, sorry my mistake...try again:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by lynny (administrator) on JO on 28-09-2013 20:43:03
Running from C:\Users\lynny\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\Default User\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1} URL = http://slirsredirect...hpcnnbie7-en-gb
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = http://uk.kelkoopart...tnerId=96913936
SearchScopes: HKLM - {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1} URL = http://slirsredirect...hpcnnbie7-en-gb
SearchScopes: HKLM - {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yah...p06&type=ie2008
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = http://uk.kelkoopart...tnerId=96913936
SearchScopes: HKLM-x32 - {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yah...p06&type=ie2008
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.c...q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.c...q={searchTerms}
SearchScopes: HKCU - {AC3F49B1-2912-4F76-81AB-624EA7E8F491} URL = http://uk.kelkoopart...tnerId=96913936
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...box_im2_test_v2
SearchScopes: HKCU - {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yah...p06&type=ie2008
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper - {4DB74D06-491C-440D-305E-012400990F3E} - C:\Windows\SysWOW64\D3DCCompiler_37.dll ()
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Chuzzle%20Deluxe/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.ne...yerAX_Win32.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Chuzzle%20Deluxe/Images/armhelper.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: https://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (HP Product Detection Plugin) - C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.28.1_0
CHR Extension: (YouTube) - C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (New Tab Redirect!) - C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.)
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-09-25] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-09-25] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-28 20:42 - 2013-09-28 20:42 - 01953880 _____ (Farbar) C:\Users\lynny\Downloads\FRST64.exe
2013-09-28 19:59 - 2013-09-28 19:59 - 00000296 _____ C:\Users\lynny\Downloads\filelist.txt
2013-09-28 18:23 - 2013-09-28 18:24 - 04009167 _____ C:\Users\lynny\Downloads\ServicesRepair (1).exe
2013-09-28 17:12 - 2013-09-28 17:12 - 00037992 _____ C:\Users\lynny\Downloads\junk.txt
2013-09-28 17:07 - 2013-09-28 18:36 - 00000465 _____ C:\VEW.txt
2013-09-28 17:03 - 2013-09-28 17:03 - 00061440 _____ ( ) C:\Users\lynny\Downloads\VEW.exe
2013-09-28 15:28 - 2013-09-28 15:28 - 00000618 _____ C:\Windows\PFRO.log
2013-09-28 15:26 - 2013-09-28 15:27 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-28 15:26 - 2013-09-28 15:26 - 04009167 _____ C:\Users\lynny\Downloads\ServicesRepair.exe
2013-09-28 00:36 - 2013-09-28 00:36 - 00000000 ____D C:\FRST
2013-09-27 23:10 - 2013-09-27 23:10 - 00000000 ____D C:\Users\lynny\Downloads\Bridesmaids[2011][Unrated Edition]DvDrip[Eng]-FXG
2013-09-27 23:06 - 2013-09-27 23:07 - 00000000 ____D C:\Users\lynny\Downloads\Pain and Gain (2013) DVDRip XviD-MAXSPEED
2013-09-27 20:34 - 2013-09-28 18:26 - 00000280 _____ C:\Windows\setupact.log
2013-09-27 20:34 - 2013-09-27 20:34 - 00000000 _____ C:\Windows\setuperr.log
2013-09-27 18:19 - 2013-09-28 18:44 - 00002540 _____ C:\Users\lynny\Desktop\Homework.txt
2013-09-27 16:27 - 2013-09-27 16:37 - 183543808 _____ C:\Users\lynny\Downloads\Parks.and.Recreation.S03E08.HDTV.XviD-LOL.avi
2013-09-27 16:26 - 2013-09-27 16:40 - 183440048 _____ C:\Users\lynny\Downloads\Parks.and.Recreation.S03E09.HDTV.XviD-LOL.avi
2013-09-27 16:24 - 2013-09-27 16:24 - 00000000 ____D C:\Users\lynny\AppData\Roaming\OpenOffice
2013-09-27 16:23 - 2013-09-27 16:23 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-27 16:22 - 2013-09-27 16:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 16:20 - 2013-09-27 16:20 - 00000000 ____D C:\Users\lynny\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2013-09-27 16:14 - 2013-09-27 16:18 - 143436858 _____ C:\Users\lynny\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2013-09-27 15:48 - 2013-09-27 15:57 - 183492460 _____ C:\Users\lynny\Downloads\Parks.and.Recreation.S03E10.HDTV.XviD-LOL.avi
2013-09-27 10:55 - 2013-09-27 11:06 - 00000000 ____D C:\Users\lynny\Downloads\WWE Monday Night Raw 23rd Sept 2013 PDTV x264-Sir Paul
2013-09-27 10:44 - 2013-09-27 10:44 - 00000825 _____ C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-27 10:42 - 2013-09-28 00:46 - 00000000 ____D C:\Users\lynny\AppData\Roaming\uTorrent
2013-09-27 10:42 - 2013-09-27 10:42 - 01130576 _____ (BitTorrent Inc.) C:\Users\lynny\Downloads\utorrent.exe
2013-09-27 08:49 - 2013-09-28 15:20 - 00063912 _____ C:\Users\lynny\Downloads\Extras.Txt
2013-09-27 08:47 - 2013-09-28 15:20 - 00231846 _____ C:\Users\lynny\Downloads\OTL.Txt
2013-09-27 08:33 - 2013-09-27 08:33 - 00001216 _____ C:\Users\lynny\Downloads\cc_20130927_083301.reg
2013-09-27 08:32 - 2013-09-27 08:32 - 00030116 _____ C:\Users\lynny\Downloads\cc_20130927_083229.reg
2013-09-27 08:19 - 2013-09-27 08:19 - 00602112 _____ (OldTimer Tools) C:\Users\lynny\Downloads\OTL.exe
2013-09-26 22:51 - 2013-09-26 22:53 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z.Z......Z
2013-09-26 22:25 - 2013-09-26 22:25 - 00984576 _____ C:\Users\lynny\Downloads\MicrosoftFixit50906.msi
2013-09-26 21:40 - 2013-09-26 22:50 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-09-26 21:28 - 2013-09-26 21:28 - 00000000 ____D C:\Users\lynny\Downloads\Kaspersky Rescue2Usb
2013-09-26 21:22 - 2013-09-26 21:22 - 00387584 _____ C:\Users\lynny\Downloads\rescue2usb.exe
2013-09-26 21:21 - 2013-09-26 21:25 - 00000000 ____D C:\Users\lynny\Desktop\New folder
2013-09-26 21:19 - 2013-09-26 21:24 - 339615744 _____ C:\Users\lynny\Downloads\kav_rescue_10.iso
2013-09-26 19:08 - 2013-09-26 19:08 - 00001890 _____ C:\Windows\diagwrn.xml
2013-09-26 19:08 - 2013-09-26 19:08 - 00001890 _____ C:\Windows\diagerr.xml
2013-09-26 10:44 - 2013-09-26 10:47 - 00000000 ____D C:\Users\lynny\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-09-26 10:44 - 2013-09-26 10:44 - 00002512 _____ C:\Users\lynny\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-09-26 10:44 - 2013-09-26 10:44 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2013-09-26 09:38 - 2013-09-26 10:16 - 3320903680 _____ C:\Users\lynny\Downloads\X17-58997.iso
2013-09-26 09:02 - 2013-09-26 09:13 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-26 00:45 - 2013-09-26 00:45 - 00002119 _____ C:\Users\lynny\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-26 00:45 - 2013-09-26 00:45 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-09-26 00:20 - 2013-09-26 00:21 - 00000000 ____D C:\AdwCleaner
2013-09-26 00:17 - 2013-09-26 00:34 - 00000000 ___SD C:\32788R22FWJFW
2013-09-26 00:17 - 2013-09-26 00:17 - 00000000 ____D C:\Windows\erdnt
2013-09-25 23:53 - 2013-09-25 23:53 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-25 12:11 - 2013-09-25 12:11 - 00040669 _____ C:\Users\lynny\Desktop\bookmarks_9_25_13.html
2013-09-25 11:55 - 2013-09-25 11:55 - 00000000 _____ C:\Users\lynny\Desktop\SharePodSettings.xml
2013-09-25 11:30 - 2013-09-25 11:30 - 00000000 ____D C:\Users\lynny\AppData\Roaming\SharePod
2013-09-25 11:28 - 2013-09-25 11:40 - 00020853 _____ C:\Users\lynny\Desktop\SharePod.log
2013-09-25 10:55 - 2013-09-25 10:55 - 00010674 _____ C:\Users\lynny\Desktop\install.txt
2013-09-24 23:43 - 2013-09-24 23:43 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-24 23:33 - 2013-09-25 12:43 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-24 23:31 - 2013-09-24 23:31 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-09-24 22:03 - 2013-09-25 12:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-24 22:03 - 2013-09-24 22:03 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-24 22:03 - 2013-09-24 22:03 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Malwarebytes
2013-09-24 22:03 - 2013-09-24 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 22:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-23 11:52 - 2013-09-23 11:52 - 00000000 ____D C:\Program Files (x86)\Abyssmedia
2013-09-23 11:31 - 2013-09-23 11:33 - 00000000 ____D C:\Users\lynny\Downloads\Love Is a Four Letter Word (Deluxe Edition)
2013-09-23 11:29 - 2013-09-25 12:43 - 00000000 ____D C:\Users\lynny\Downloads\Jason Mraz Discography (iTunes Edition) [theLEAK]
2013-09-21 20:20 - 2013-09-21 20:21 - 00000000 ____D C:\Users\lynny\Desktop\blackberry stuff
2013-09-21 15:34 - 2013-09-25 12:43 - 00000000 ____D C:\ProgramData\Applications
2013-09-19 11:01 - 2013-09-28 18:25 - 00907463 _____ C:\Windows\WindowsUpdate.log
2013-09-14 23:41 - 2013-09-15 06:58 - 00000000 ____D C:\Users\lynny\Downloads\The School of Rock (2003)
2013-09-14 22:19 - 2013-09-15 14:30 - 00000000 ____D C:\Users\lynny\Downloads\Dire Straits-Sultans Of Swing The Very Best Of KompletlyWyred DHZ Inc Release
2013-09-14 22:03 - 2013-09-25 12:43 - 00000000 ____D C:\Users\lynny\Downloads\Foo Fighters - Greatest Hits 320 kbps {vigoni} {PURE RG}
2013-09-14 11:21 - 2013-09-14 11:21 - 00000000 ____D C:\Users\lynny\Downloads\WWE.Bret.Hitman.Hart.The.Dungeon.Collection.2013.DVDRip.x264-UWT
2013-09-12 21:44 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 21:44 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 21:44 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 21:44 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 21:44 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 21:44 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 21:44 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 21:44 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 21:44 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 21:44 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 21:44 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 21:44 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 21:44 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 21:44 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 13:31 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 13:31 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 13:31 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 13:31 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 13:31 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 13:31 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 13:31 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 13:31 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 13:31 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 13:31 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 13:31 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 13:31 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 13:31 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 13:31 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 13:31 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 13:31 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 13:31 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 13:31 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 13:31 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 13:31 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 13:31 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 13:31 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 13:31 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 13:31 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 13:31 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 13:31 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 13:31 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 10:39 - 2013-09-11 11:18 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Jane s Realty hitzwarez net
2013-09-11 10:39 - 2013-09-11 10:39 - 00000000 ____D C:\Windows\Jane's Realty
2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Windows\Wonderburg
2013-09-10 21:22 - 2013-09-10 21:23 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Janes Realty2
2013-09-10 21:22 - 2013-09-10 21:22 - 00000000 ____D C:\Windows\SysWOW64\3045
2013-09-09 10:03 - 2013-09-09 10:03 - 00000000 ____D C:\Windows\Be Richest
2013-09-06 13:36 - 2013-09-10 16:26 - 00000000 ____D C:\Users\lynny\AppData\Roaming\DivoGames
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-04 14:32 - 2013-09-04 14:32 - 00001045 _____ C:\Users\lynny\Desktop\Music - Shortcut.lnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\ProgramData\DivoGames
2013-09-04 07:17 - 2013-09-26 20:52 - 00000000 ____D C:\Program Files (x86)\MjM Free Photo Recovery Software
2013-09-04 07:17 - 2013-09-04 07:17 - 00000000 ____D C:\Windows\MjM Free Photo Recovery Software
2013-09-04 07:16 - 2009-08-14 18:08 - 03642014 _____ C:\Users\lynny\Desktop\photorecovery_setup.exe
2013-09-02 18:39 - 2013-09-02 18:39 - 00000000 ____D C:\Users\lynny\AppData\Roaming\HipSoft
2013-09-02 13:57 - 2013-09-03 12:21 - 00000000 ____D C:\Users\lynny\Downloads\Haven - Season 3 [HDTV][XviD] & Theme Song - cOOt

==================== One Month Modified Files and Folders =======

2013-09-28 20:42 - 2013-09-28 20:42 - 01953880 _____ (Farbar) C:\Users\lynny\Downloads\FRST64.exe
2013-09-28 20:08 - 2013-09-19 11:01 - 00907463 _____ C:\Windows\WindowsUpdate.log
2013-09-28 19:59 - 2013-09-28 19:59 - 00000296 _____ C:\Users\lynny\Downloads\filelist.txt
2013-09-28 18:52 - 2010-03-03 13:53 - 00000000 ____D C:\Users\lynny\AppData\Roaming\vlc
2013-09-28 18:44 - 2013-09-27 18:19 - 00002540 _____ C:\Users\lynny\Desktop\Homework.txt
2013-09-28 18:42 - 2009-07-14 06:13 - 00779116 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 18:36 - 2013-09-28 17:07 - 00000465 _____ C:\VEW.txt
2013-09-28 18:34 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 18:34 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 18:26 - 2013-09-27 20:34 - 00000280 _____ C:\Windows\setupact.log
2013-09-28 18:26 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-28 18:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 18:24 - 2013-09-28 18:23 - 04009167 _____ C:\Users\lynny\Downloads\ServicesRepair (1).exe
2013-09-28 18:21 - 2010-11-02 18:32 - 00000000 ____D C:\ProgramData\MFAData
2013-09-28 17:12 - 2013-09-28 17:12 - 00037992 _____ C:\Users\lynny\Downloads\junk.txt
2013-09-28 17:03 - 2013-09-28 17:03 - 00061440 _____ ( ) C:\Users\lynny\Downloads\VEW.exe
2013-09-28 15:28 - 2013-09-28 15:28 - 00000618 _____ C:\Windows\PFRO.log
2013-09-28 15:28 - 2009-07-14 05:45 - 00374144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 15:27 - 2013-09-28 15:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-28 15:26 - 2013-09-28 15:26 - 04009167 _____ C:\Users\lynny\Downloads\ServicesRepair.exe
2013-09-28 15:26 - 2010-01-05 18:52 - 00089784 _____ C:\Users\lynny\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-28 15:20 - 2013-09-27 08:49 - 00063912 _____ C:\Users\lynny\Downloads\Extras.Txt
2013-09-28 15:20 - 2013-09-27 08:47 - 00231846 _____ C:\Users\lynny\Downloads\OTL.Txt
2013-09-28 00:46 - 2013-09-27 10:42 - 00000000 ____D C:\Users\lynny\AppData\Roaming\uTorrent
2013-09-28 00:36 - 2013-09-28 00:36 - 00000000 ____D C:\FRST
2013-09-27 23:10 - 2013-09-27 23:10 - 00000000 ____D C:\Users\lynny\Downloads\Bridesmaids[2011][Unrated Edition]DvDrip[Eng]-FXG
2013-09-27 23:07 - 2013-09-27 23:06 - 00000000 ____D C:\Users\lynny\Downloads\Pain and Gain (2013) DVDRip XviD-MAXSPEED
2013-09-27 20:34 - 2013-09-27 20:34 - 00000000 _____ C:\Windows\setuperr.log
2013-09-27 16:40 - 2013-09-27 16:26 - 183440048 _____ C:\Users\lynny\Downloads\Parks.and.Recreation.S03E09.HDTV.XviD-LOL.avi
2013-09-27 16:37 - 2013-09-27 16:27 - 183543808 _____ C:\Users\lynny\Downloads\Parks.and.Recreation.S03E08.HDTV.XviD-LOL.avi
2013-09-27 16:24 - 2013-09-27 16:24 - 00000000 ____D C:\Users\lynny\AppData\Roaming\OpenOffice
2013-09-27 16:23 - 2013-09-27 16:23 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-27 16:23 - 2013-09-27 16:22 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 16:20 - 2013-09-27 16:20 - 00000000 ____D C:\Users\lynny\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2013-09-27 16:18 - 2013-09-27 16:14 - 143436858 _____ C:\Users\lynny\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe
2013-09-27 15:57 - 2013-09-27 15:48 - 183492460 _____ C:\Users\lynny\Downloads\Parks.and.Recreation.S03E10.HDTV.XviD-LOL.avi
2013-09-27 11:06 - 2013-09-27 10:55 - 00000000 ____D C:\Users\lynny\Downloads\WWE Monday Night Raw 23rd Sept 2013 PDTV x264-Sir Paul
2013-09-27 10:44 - 2013-09-27 10:44 - 00000825 _____ C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-27 10:42 - 2013-09-27 10:42 - 01130576 _____ (BitTorrent Inc.) C:\Users\lynny\Downloads\utorrent.exe
2013-09-27 08:33 - 2013-09-27 08:33 - 00001216 _____ C:\Users\lynny\Downloads\cc_20130927_083301.reg
2013-09-27 08:33 - 2011-12-19 13:08 - 00000000 ____D C:\Users\lynny\AppData\Local\CrashDumps
2013-09-27 08:32 - 2013-09-27 08:32 - 00030116 _____ C:\Users\lynny\Downloads\cc_20130927_083229.reg
2013-09-27 08:19 - 2013-09-27 08:19 - 00602112 _____ (OldTimer Tools) C:\Users\lynny\Downloads\OTL.exe
2013-09-26 22:53 - 2013-09-26 22:51 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z.Z......Z
2013-09-26 22:50 - 2013-09-26 21:40 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-09-26 22:25 - 2013-09-26 22:25 - 00984576 _____ C:\Users\lynny\Downloads\MicrosoftFixit50906.msi
2013-09-26 21:28 - 2013-09-26 21:28 - 00000000 ____D C:\Users\lynny\Downloads\Kaspersky Rescue2Usb
2013-09-26 21:25 - 2013-09-26 21:21 - 00000000 ____D C:\Users\lynny\Desktop\New folder
2013-09-26 21:24 - 2013-09-26 21:19 - 339615744 _____ C:\Users\lynny\Downloads\kav_rescue_10.iso
2013-09-26 21:22 - 2013-09-26 21:22 - 00387584 _____ C:\Users\lynny\Downloads\rescue2usb.exe
2013-09-26 20:52 - 2013-09-04 07:17 - 00000000 ____D C:\Program Files (x86)\MjM Free Photo Recovery Software
2013-09-26 19:08 - 2013-09-26 19:08 - 00001890 _____ C:\Windows\diagwrn.xml
2013-09-26 19:08 - 2013-09-26 19:08 - 00001890 _____ C:\Windows\diagerr.xml
2013-09-26 12:01 - 2013-07-25 12:15 - 00000000 ____D C:\ProgramData\saFFe SSavoe
2013-09-26 10:47 - 2013-09-26 10:44 - 00000000 ____D C:\Users\lynny\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-09-26 10:44 - 2013-09-26 10:44 - 00002512 _____ C:\Users\lynny\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-09-26 10:44 - 2013-09-26 10:44 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2013-09-26 10:16 - 2013-09-26 09:38 - 3320903680 _____ C:\Users\lynny\Downloads\X17-58997.iso
2013-09-26 09:17 - 2009-09-25 10:15 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-26 09:13 - 2013-09-26 09:02 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-26 09:10 - 2009-07-14 03:34 - 00000439 _____ C:\Windows\win.ini
2013-09-26 00:45 - 2013-09-26 00:45 - 00002119 _____ C:\Users\lynny\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-26 00:45 - 2013-09-26 00:45 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-09-26 00:44 - 2012-07-08 19:37 - 00000000 ____D C:\Windows\Minidump
2013-09-26 00:34 - 2013-09-26 00:17 - 00000000 ___SD C:\32788R22FWJFW
2013-09-26 00:21 - 2013-09-26 00:20 - 00000000 ____D C:\AdwCleaner
2013-09-26 00:17 - 2013-09-26 00:17 - 00000000 ____D C:\Windows\erdnt
2013-09-25 23:53 - 2013-09-25 23:53 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-25 12:43 - 2013-09-24 23:33 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-25 12:43 - 2013-09-24 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-25 12:43 - 2013-09-23 11:29 - 00000000 ____D C:\Users\lynny\Downloads\Jason Mraz Discography (iTunes Edition) [theLEAK]
2013-09-25 12:43 - 2013-09-21 15:34 - 00000000 ____D C:\ProgramData\Applications
2013-09-25 12:43 - 2013-09-14 22:03 - 00000000 ____D C:\Users\lynny\Downloads\Foo Fighters - Greatest Hits 320 kbps {vigoni} {PURE RG}
2013-09-25 12:43 - 2010-01-05 18:40 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2013-09-25 12:43 - 2010-01-05 18:40 - 00000000 ____D C:\Users\lynny
2013-09-25 12:43 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-25 12:43 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-25 12:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-09-25 12:11 - 2013-09-25 12:11 - 00040669 _____ C:\Users\lynny\Desktop\bookmarks_9_25_13.html
2013-09-25 11:55 - 2013-09-25 11:55 - 00000000 _____ C:\Users\lynny\Desktop\SharePodSettings.xml
2013-09-25 11:40 - 2013-09-25 11:28 - 00020853 _____ C:\Users\lynny\Desktop\SharePod.log
2013-09-25 11:30 - 2013-09-25 11:30 - 00000000 ____D C:\Users\lynny\AppData\Roaming\SharePod
2013-09-25 10:55 - 2013-09-25 10:55 - 00010674 _____ C:\Users\lynny\Desktop\install.txt
2013-09-25 10:30 - 2013-03-09 23:47 - 00000000 ____D C:\Users\lynny\Documents\all photos
2013-09-25 10:26 - 2013-01-20 18:19 - 00000000 ____D C:\Users\lynny\Desktop\moovies
2013-09-25 08:01 - 2013-01-01 23:19 - 00000000 ____D C:\Users\lynny\Desktop\moosic
2013-09-25 01:16 - 2011-01-13 16:30 - 00000000 ____D C:\Users\lynny\AppData\Roaming\64890D2E193F1B106FE37CD6D06609C0
2013-09-24 23:43 - 2013-09-24 23:43 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-24 23:31 - 2013-09-24 23:31 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-09-24 22:03 - 2013-09-24 22:03 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-24 22:03 - 2013-09-24 22:03 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Malwarebytes
2013-09-24 22:03 - 2013-09-24 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-23 12:00 - 2011-06-20 13:26 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-09-23 11:56 - 2010-02-16 20:57 - 00000000 ____D C:\Users\lynny\AppData\Local\Google
2013-09-23 11:56 - 2010-02-16 20:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-23 11:52 - 2013-09-23 11:52 - 00000000 ____D C:\Program Files (x86)\Abyssmedia
2013-09-23 11:33 - 2013-09-23 11:31 - 00000000 ____D C:\Users\lynny\Downloads\Love Is a Four Letter Word (Deluxe Edition)
2013-09-22 14:13 - 2011-02-05 13:11 - 00765218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-21 20:21 - 2013-09-21 20:20 - 00000000 ____D C:\Users\lynny\Desktop\blackberry stuff
2013-09-19 11:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-18 22:02 - 2010-01-19 21:46 - 00000000 ____D C:\ProgramData\HipSoft
2013-09-17 23:22 - 2013-01-27 00:13 - 00000000 ____D C:\Users\lynny\AppData\Roaming\dvdcss
2013-09-16 20:22 - 2010-08-30 13:40 - 00000021 _____ C:\ProgramData\hpqp.txt
2013-09-15 14:30 - 2013-09-14 22:19 - 00000000 ____D C:\Users\lynny\Downloads\Dire Straits-Sultans Of Swing The Very Best Of KompletlyWyred DHZ Inc Release
2013-09-15 06:58 - 2013-09-14 23:41 - 00000000 ____D C:\Users\lynny\Downloads\The School of Rock (2003)
2013-09-14 11:21 - 2013-09-14 11:21 - 00000000 ____D C:\Users\lynny\Downloads\WWE.Bret.Hitman.Hart.The.Dungeon.Collection.2013.DVDRip.x264-UWT
2013-09-13 21:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 19:52 - 2009-07-25 07:11 - 00000000 ____D C:\Windows\Panther
2013-09-13 09:02 - 2011-11-30 08:28 - 00000000 ___RD C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 09:02 - 2010-01-05 18:53 - 00000000 ___RD C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 21:44 - 2013-08-14 22:04 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 21:42 - 2010-01-15 18:58 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 11:18 - 2013-09-11 10:39 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Jane s Realty hitzwarez net
2013-09-11 10:39 - 2013-09-11 10:39 - 00000000 ____D C:\Windows\Jane's Realty
2013-09-10 21:27 - 2010-04-05 15:00 - 00000000 ____D C:\Users\lynny\AppData\Roaming\ShinyTales
2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Windows\Wonderburg
2013-09-10 21:23 - 2013-09-10 21:22 - 00000000 ____D C:\Users\lynny\AppData\Roaming\Janes Realty2
2013-09-10 21:22 - 2013-09-10 21:22 - 00000000 ____D C:\Windows\SysWOW64\3045
2013-09-10 21:22 - 2013-03-22 15:46 - 00000000 ____D C:\Windows\SysWOW64\1056
2013-09-10 21:21 - 2013-04-11 06:07 - 00000000 ____D C:\Program Files (x86)\Games
2013-09-10 16:26 - 2013-09-06 13:36 - 00000000 ____D C:\Users\lynny\AppData\Roaming\DivoGames
2013-09-09 10:03 - 2013-09-09 10:03 - 00000000 ____D C:\Windows\Be Richest
2013-09-05 16:13 - 2013-07-17 18:53 - 00000000 ____D C:\Users\lynny\Downloads\photos recovered from camera
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-04 14:32 - 2013-09-04 14:32 - 00001045 _____ C:\Users\lynny\Desktop\Music - Shortcut.lnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\ProgramData\DivoGames
2013-09-04 07:17 - 2013-09-04 07:17 - 00000000 ____D C:\Windows\MjM Free Photo Recovery Software
2013-09-03 12:21 - 2013-09-02 13:57 - 00000000 ____D C:\Users\lynny\Downloads\Haven - Season 3 [HDTV][XviD] & Theme Song - cOOt
2013-09-02 18:39 - 2013-09-02 18:39 - 00000000 ____D C:\Users\lynny\AppData\Roaming\HipSoft

Some content of TEMP:
====================
C:\Users\lynny\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 09:24

==================== End Of Log ============================


Hope thats it!
thanks again...
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Copy the next line:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue:

Right click and Paste (or Edit then Paste) and the copied line should appear. Hit Enter.

This should create a file winsock2.reg on your desktop. It's insurance in case things go wrong. Make sure it shows up before going on.


Now go back to the Command window and type:

netsh  winsock reset catalog


Reboot. If you lose connectivity, right click on winsock2.reg (should be on your desktop) and select Merge and allow it to merge. Then reboot. If all else fails do a System Restore to the last available Restore Point.

IF you have connectivity run OTL again, Quickscan and post the log.

This attempts to correct the errors still reported in FRST. If this works then go back to the Command Window and type:

sc  start  bfe

Does it give you an error? What does it say. (You can copy the error: Right click and hit Mark then highlight the error and hit Enter. Move to a reply and Ctrl + v to paste it in to the reply.)
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
IN addition to the previous post I have another program for you recommended by one of my colleagues.:

http://download.blee.../RestoreBFE.exe

Download and Save RestoreBFE.exe and then right click on it and Run As Admin. I presume it will need to reboot when done.
  • 0

#20
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okey dokey, I've attached the OTL log, hopefully i did it correctly...
I'm going to go through the other steps?
And then try the software your colleague suggested...
Thanks

OTL logfile created on: 9/28/2013 9:28:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lynny\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 61.09% Memory free
7.81 Gb Paging File | 6.18 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 120.71 Gb Free Space | 42.31% Space Free | Partition Type: NTFS
Drive D: | 12.59 Gb Total Space | 3.74 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

Computer Name: JO | User Name: lynny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/27 10:44:49 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\lynny\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/09/27 08:19:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lynny\Downloads\OTL.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/08/09 06:27:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/25 23:53:30 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/11 01:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/04/12 11:45:50 | 000,018,432 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPub4DE3.sys -- (HPub4DE3)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 10:44:44 | 000,025,088 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPMo4DE3.sys -- (HPMo4DE3)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
IE:64bit: - HKLM\..\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE:64bit: - HKLM\..\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE:64bit: - HKLM\..\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}: "URL" = http://uk.search.yah...p06&type=ie2008
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
IE - HKLM\..\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}: "URL" = http://www.google.co...|_&cr=548301370
IE - HKLM\..\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}: "URL" = http://uk.search.yah...p06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}: "URL" = http://www.google.co...|_&cr=548301370
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...box_im2_test_v2
IE - HKCU\..\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/06/23 14:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lynny\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: https://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.28.1_0\
CHR - Extension: YouTube = C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: New Tab Redirect! = C:\Users\lynny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\

O1 HOSTS File: ([2013/09/26 09:10:34 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {4DB74D06-491C-440D-305E-012400990F3E} - C:\Windows\SysWOW64\D3DCCompiler_37.dll ()
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [uTorrent] C:\Users\lynny\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Chuzzle%20Deluxe/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.ne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Chuzzle%20Deluxe/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0985480C-B9DE-442A-B6E8-415D3C5ED732}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/28 15:26:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/09/28 00:36:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/27 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\OpenOffice
[2013/09/27 16:23:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/09/27 16:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/09/27 16:20:35 | 000,000,000 | ---D | C] -- C:\Users\lynny\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
[2013/09/27 10:42:45 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\uTorrent
[2013/09/26 22:51:00 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z.Z......Z
[2013/09/26 21:40:50 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
[2013/09/26 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\lynny\Desktop\New folder
[2013/09/26 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/09/26 10:44:45 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Local\Apps
[2013/09/26 09:25:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/26 09:11:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/09/26 09:02:19 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/26 00:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/09/26 00:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/09/26 00:30:14 | 000,000,000 | -HSD | C] -- C:\$Recycle.Bin
[2013/09/26 00:20:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/26 00:17:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/26 00:17:19 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/25 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\SharePod
[2013/09/24 23:43:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/09/24 23:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/24 22:03:59 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\Malwarebytes
[2013/09/24 22:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/24 22:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/24 22:03:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/24 22:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/23 11:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abyssmedia
[2013/09/21 20:20:40 | 000,000,000 | ---D | C] -- C:\Users\lynny\Desktop\blackberry stuff
[2013/09/21 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2013/09/13 09:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/11 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\Jane s Realty hitzwarez net
[2013/09/11 10:39:12 | 000,000,000 | ---D | C] -- C:\Windows\Jane's Realty
[2013/09/10 21:23:10 | 000,000,000 | ---D | C] -- C:\Windows\Wonderburg
[2013/09/10 21:22:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3045
[2013/09/10 21:22:49 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\Janes Realty2
[2013/09/09 10:03:37 | 000,000,000 | ---D | C] -- C:\Windows\Be Richest
[2013/09/06 13:36:04 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\DivoGames
[2013/09/05 01:43:42 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/04 14:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DivoGames
[2013/09/04 07:17:21 | 000,000,000 | ---D | C] -- C:\Windows\MjM Free Photo Recovery Software
[2013/09/04 07:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MjM Free Photo Recovery Software
[2013/09/02 18:39:29 | 000,000,000 | ---D | C] -- C:\Users\lynny\AppData\Roaming\HipSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/28 21:32:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 21:32:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 21:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/28 21:23:57 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/28 21:19:53 | 000,144,044 | ---- | M] () -- C:\Users\lynny\Desktop\winsock2.reg
[2013/09/28 18:42:20 | 000,779,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/28 18:42:20 | 000,649,472 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/28 18:42:20 | 000,118,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/28 15:28:35 | 000,374,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/27 18:18:41 | 000,010,568 | ---- | M] () -- C:\Users\lynny\Documents\Homework.rtf
[2013/09/27 16:23:47 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/09/27 11:32:47 | 000,000,325 | ---- | M] () -- C:\Users\lynny\Desktop\VERY ACCOUNT.rtf
[2013/09/27 11:30:37 | 000,103,651 | ---- | M] () -- C:\Users\lynny\Desktop\Returns Note.pdf
[2013/09/27 10:44:52 | 000,000,825 | ---- | M] () -- C:\Users\lynny\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/09/26 19:08:44 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/09/26 19:08:44 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/09/26 10:44:48 | 000,002,512 | ---- | M] () -- C:\Users\lynny\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/09/26 09:13:33 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/26 09:10:34 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/26 00:45:35 | 000,002,119 | ---- | M] () -- C:\Users\lynny\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/09/25 23:53:30 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/25 23:41:38 | 000,192,097 | ---- | M] () -- C:\Users\lynny\Desktop\oldring.mp3
[2013/09/25 12:11:23 | 000,040,669 | ---- | M] () -- C:\Users\lynny\Desktop\bookmarks_9_25_13.html
[2013/09/25 11:55:13 | 000,000,000 | ---- | M] () -- C:\Users\lynny\Desktop\SharePodSettings.xml
[2013/09/24 23:43:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/09/24 22:03:42 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/23 12:42:18 | 000,003,260 | ---- | M] () -- C:\Users\lynny\Documents\songs for kids.rtf
[2013/09/23 12:00:06 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/09/22 14:13:58 | 000,765,218 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/17 12:58:11 | 000,000,283 | ---- | M] () -- C:\Users\lynny\Documents\adidas order.rtf
[2013/09/16 14:31:31 | 000,000,503 | ---- | M] () -- C:\Users\lynny\Desktop\healthy eating!!!.rtf
[2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/04 14:32:37 | 000,001,045 | ---- | M] () -- C:\Users\lynny\Desktop\Music - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/28 21:19:53 | 000,144,044 | ---- | C] () -- C:\Users\lynny\Desktop\winsock2.reg
[2013/09/27 16:28:05 | 000,010,568 | ---- | C] () -- C:\Users\lynny\Documents\Homework.rtf
[2013/09/27 16:23:47 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/09/27 11:30:37 | 000,103,651 | ---- | C] () -- C:\Users\lynny\Desktop\Returns Note.pdf
[2013/09/27 10:44:52 | 000,000,825 | ---- | C] () -- C:\Users\lynny\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/09/26 20:21:28 | 3144,880,128 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/26 19:08:33 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/09/26 19:08:33 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/09/26 10:44:48 | 000,002,512 | ---- | C] () -- C:\Users\lynny\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/09/26 00:45:35 | 000,002,119 | ---- | C] () -- C:\Users\lynny\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/09/25 23:53:30 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/25 23:41:36 | 000,192,097 | ---- | C] () -- C:\Users\lynny\Desktop\oldring.mp3
[2013/09/25 12:11:22 | 000,040,669 | ---- | C] () -- C:\Users\lynny\Desktop\bookmarks_9_25_13.html
[2013/09/25 11:55:13 | 000,000,000 | ---- | C] () -- C:\Users\lynny\Desktop\SharePodSettings.xml
[2013/09/24 22:03:42 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/23 12:42:18 | 000,003,260 | ---- | C] () -- C:\Users\lynny\Documents\songs for kids.rtf
[2013/09/20 11:18:25 | 000,000,325 | ---- | C] () -- C:\Users\lynny\Desktop\VERY ACCOUNT.rtf
[2013/09/17 12:58:11 | 000,000,283 | ---- | C] () -- C:\Users\lynny\Documents\adidas order.rtf
[2013/09/15 22:03:01 | 000,000,503 | ---- | C] () -- C:\Users\lynny\Desktop\healthy eating!!!.rtf
[2013/09/04 14:32:37 | 000,001,045 | ---- | C] () -- C:\Users\lynny\Desktop\Music - Shortcut.lnk
[2013/09/04 07:16:23 | 003,642,014 | ---- | C] () -- C:\Users\lynny\Desktop\photorecovery_setup.exe
[2013/04/12 18:46:44 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/09/09 20:13:18 | 000,027,520 | ---- | C] () -- C:\Users\lynny\AppData\Local\dt.dat
[2011/10/01 17:35:26 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\accessibillitycpl.dll
[2011/04/06 22:31:14 | 000,001,854 | ---- | C] () -- C:\Users\lynny\AppData\Roaming\GhostObjGAFix.xml
[2010/05/11 22:44:41 | 000,000,244 | ---- | C] () -- C:\Users\lynny\AppData\Roaming\wklnhst.dat
[2009/09/25 09:47:12 | 000,000,292 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/25 01:16:59 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\64890D2E193F1B106FE37CD6D06609C0
[2013/06/19 15:13:23 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\AVG
[2012/12/29 11:24:41 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\AVG2013
[2013/01/28 18:53:35 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Big Fish Games
[2011/12/01 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\coupons
[2013/07/02 12:57:02 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\DAEMON Tools Lite
[2013/09/10 16:26:05 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\DivoGames
[2013/04/10 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\ERS Game Studios
[2013/07/25 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\EZDownloader
[2012/06/27 17:37:41 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\FK_Monitor
[2010/01/20 12:28:25 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\funkitron
[2013/08/21 22:31:34 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Gogii Games
[2013/04/27 23:39:55 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\GreenSauceGames
[2013/09/02 18:39:29 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\HipSoft
[2010/01/20 00:26:57 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\iWin
[2013/09/11 11:18:59 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Jane s Realty hitzwarez net
[2013/09/10 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Janes Realty2
[2013/02/24 13:46:31 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\LegacyGames
[2010/03/15 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Ludia
[2010/01/22 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\muvee Technologies
[2013/08/08 20:51:50 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Mysteryville2
[2013/02/11 05:40:17 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\northern_tale_realore_en
[2013/09/27 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\OpenOffice
[2013/04/11 19:15:06 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Organic 2 Digital
[2013/06/27 10:42:34 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Origin
[2010/03/22 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\PlayFirst
[2013/04/13 12:16:27 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Playrix Entertainment
[2013/06/27 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\PowerISO
[2012/12/13 10:23:41 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Practical Scriptwriter
[2013/04/11 06:16:28 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\PuzzleLab
[2013/09/25 11:30:06 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\SharePod
[2013/09/10 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\ShinyTales
[2011/03/16 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\SpinTop
[2013/06/10 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\SpinTop Games
[2012/01/04 11:38:26 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\Template
[2012/12/29 11:20:48 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\TuneUp Software
[2013/09/28 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\uTorrent
[2013/01/25 09:58:50 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\WildTangent
[2013/03/22 15:48:53 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\YoudaGames
[2013/07/17 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\YourFileDownloader
[2010/01/14 14:25:27 | 000,000,000 | ---D | M] -- C:\Users\lynny\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z.Z......Z:1
@Alternate Data Stream - 440 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:8247A199
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:DF5D803F
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:CB0FEE2B
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:38D2EA83
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:91486201
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:67E674B0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A26AFC00
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:FDDD37E8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:7C60A173
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:CFFA5D33
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:663B62CA

< End of report >

Attached Files

  • Attached File  OTL.Txt   90.47KB   57 downloads

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
You can run the tool first if you like.
  • 0

#22
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I've just used the BFE software, it is in the list of services but says stopped as opposed to running. I'm going to reboot now.

The command prompt said 'The executable program that this service is configured to run in does not implement the service.'
  • 0

#23
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Wowswers! I rebooted, checked and the BFE is running...went to security centre and my firewall is turned on!!!!!!!

So this is looking good, is there anything i need to do now at all?

Seriously, thank you so much, its so generous of you to give your time to help people with your knowledge...genius! :thumbsup:
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
I would get rid of AVG and install the free Avast instead.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer. (They want you to buy the paid version but the free Basic program is what we want.)


http://www.avast.com...ivirus-download

(I think they may be including Chrome in the download. If you don't want it then uncheck it)

Uninstall AVG

Run the Avg Remover by right clicking and Run AS Admin

Reboot

Install Avast - I always right click and Run As Admin. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated (I usually do this at night while I sleep because it takes so long):


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
  • 0

#25
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Brilliant, I'm downloading Avast now and will install and update it...

This laptop is my lifeline, I have no television, no stereo or games consoles, so a massive THANK YOU for all your help...I will report back in the morning :happy:
  • 0

Advertisements


#26
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Morning Ron...
So the boot scan found a virus, unfortunately it didn't tell me where the log would be and when I open the program file that you specified there is no log folder in there...

This is what was in the log in the avast interface:

File name
C://System Volume Information\SystemRestore\FRStaging\ProgramData\saFFe SSavoe\51f108e1c1da7.dll
Status
PUP:Win32:MultiPlug-Y [PUP]

Thanks!
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
PUP is Possibly Unwanted Program. Usually this is not really a virus just some adware. The location: "System Volume Information" is where your System Restore files are hidden so it's not active and won't be unless you do a System Restore. We usually clean those up on the last step. If that's all that Avast found then we have killed off your malware.

We have two programs that we use to clean up most common adware. Let's run them now. We'll also run a final check for malware and finish with a new OTL log.



Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

(If you do not already have OTL then: Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.)

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Let's also check that all of the services are working now:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#28
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, that took a while, sorry...

attached them all apart from the VEW files which I've pasted here:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/09/2013 09:01:37

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/09/2013 09:07:46

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/09/2013 22:14:33
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7a8 Start Time: 01cebd5f51cfaf8e Termination Time: 4 Application Path: C:\Users\lynny\Downloads\OTL.exe Report Id:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

many thanks!

Attached Files


  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
No sign of malware and no boot errors. aswMBR doesn't recognize the mbr but that's not unusual. Can you submit the mbr.dat that aswMBR produced to http://virustotal.com:


Easiest way to submit a file is to copy the path:

C:\Users\lynny\Desktop\MBR.dat

Then
Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with spoolsv.exe chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 46 different anti-virus companies. In either case, If the Detection ratio: is not 0/46 (maybe 0/47 by now) then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.


Otherwise looks good except for the temps. Speccy says it is running hot. The processor is about 61 (we like to see 55 or lower so that's not too bad but your hard drive is reporting 51 and it does not like to be over 50). Your hard drive is also reporting several errors. Uninstall Speccy. Get Speedfan:

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps in real time. If they seem hot (over 55) then check Automatic Fan Speed.
Leave it running and see if the temps drop. Sometimes that seems to help.
Also prop up the back of the laptop with a book (don't block the vents). Propping it up in the back lets the heat rise to the heatsink which should make it cool a bit better. Always run it on a hard surface. Running on a bed or even your lap can block the air vents and cause it to overheat.

How is it running now? Any problems?

Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron (Going to bed now. It's way past my bedtime.)
  • 0

#30
joanna76

joanna76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Ron,

Well a big thank you for all your help, its so appreciated! Below is the virustotal report, it seems to be clear, every entry is ticked...I'm just about to go through the last clean-up and then I will absolutely donate to your great cause, its the least i could do :happy:

I do use utorrent for television programs as i have no TV (not an excuse but I'm disabled and spend most of my time indoors and in the UK we have to buy a TV license which I can't afford...) but I will only use names i trust from now on, this has been a hard lesson learned... :blush:

All the best Ron, thank you once again and take care :thumbsup: :notworthy:

Jo




Antivirus Result Update
Agnitum 20130930
AhnLab-V3 20130930
AntiVir 20130930
Antiy-AVL 20130930
Avast 20130930
AVG 20130930
Baidu-International 20130930
BitDefender 20130930
Bkav 20130927
ByteHero 20130924
CAT-QuickHeal 20130930
ClamAV 20130930
Commtouch 20130930
Comodo 20130930
DrWeb 20130930
Emsisoft 20130930
ESET-NOD32 20130930
F-Prot 20130930
F-Secure 20130930
Fortinet 20130930
GData 20130930
Ikarus 20130930
Jiangmin 20130903
K7AntiVirus 20130930
K7GW 20130930
Kaspersky 20130930
Kingsoft 20130829
Malwarebytes 20130930
McAfee 20130930
McAfee-GW-Edition 20130929
Microsoft 20130930
MicroWorld-eScan 20130930
NANO-Antivirus 20130930
Norman 20130930
nProtect 20130930
Panda 20130930
PCTools 20130930
Rising 20130930
Sophos 20130930
SUPERAntiSpyware 20130930
Symantec 20130930
TheHacker 20130930
TotalDefense 20130927
TrendMicro 20130930
TrendMicro-HouseCall 20130930
VBA32 20130930
VIPRE 20130930
ViRobot 20130930
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP