[Swipernoswiping]

this is the JRT log

and when I tried to turn on avast! again I clicked on resolve and avast! downloaded some things but I guess it is safe right?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x86
Ran by User on Wed 10/02/2013 at 17:45:21.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4023481543-1795576847-700335304-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bittorrent_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bittorrent_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windirstat_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windirstat_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_EN_1-5-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_EN_1-5-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1006A95B-A573-4A3C-9E07-40FCFA7944DF}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\metacrawler"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\mixidj"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Failed to delete: [Folder] "C:\Program Files\secure speed dial"
Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/02/2013 at 17:48:33.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Advertisements]

otl fix log





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Update lucky leap was found to stop!
Service\Driver key Update lucky leap not found.
File C:\Program Files\lucky leap\updateluckyleap.exe not found.
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5BFEFF94-6411-4B74-A947-4969134B24DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ deleted successfully.
C:\Program Files\Vtools Toolbar\IE\7.9\vtoolsToolbarIE.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1006A95B-A573-4A3C-9E07-40FCFA7944DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1006A95B-A573-4A3C-9E07-40FCFA7944DF}\ not found.
Prefs.js: "http://mixidj.delta-...21134&tsp=5012" removed from browser.startup.homepage
Prefs.js: WebSiteRecommendation%40weliketheweb.com:1.0.6 removed from extensions.enabledAddons
Prefs.js: speeddial%40instair.net:1.4.0 removed from extensions.enabledAddons
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wad9qqli.default\extensions\[email protected]\ not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wad9qqli.default\extensions\[email protected] not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wad9qqli.default\searchplugins\mixidj.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ not found.
File C:\Program Files\Vtools Toolbar\IE\7.9\vtoolsToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BFEFF94-6411-4B74-A947-4969134B24DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ not found.
File C:\Program Files\Vtools Toolbar\IE\7.9\vtoolsToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
File C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe not found.
File move failed. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
Folder C:\Users\User\AppData\Roaming\Wise Disk Cleaner\ not found.
Folder C:\Program Files\lucky leap\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner\ not found.
Folder C:\Program Files\Wise\ not found.
Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\ not found.
C:\Program Files\Vtools Toolbar\Res\Lang folder moved successfully.
C:\Program Files\Vtools Toolbar\Res folder moved successfully.
C:\Program Files\Vtools Toolbar\IE\7.9 folder moved successfully.
C:\Program Files\Vtools Toolbar\IE folder moved successfully.
C:\Program Files\Vtools Toolbar\FF\components folder moved successfully.
C:\Program Files\Vtools Toolbar\FF\chrome folder moved successfully.
C:\Program Files\Vtools Toolbar\FF folder moved successfully.
C:\Program Files\Vtools Toolbar folder moved successfully.
C:\Users\User\AppData\Roaming\Vtools\Windows Cleaner folder moved successfully.
C:\Users\User\AppData\Roaming\Vtools folder moved successfully.
Folder C:\Users\User\AppData\Roaming\Babylon\ not found.
Folder C:\ProgramData\Babylon\ not found.
C:\ProgramData\IObit folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\User\AppData\Roaming\IObit folder moved successfully.
File C:\Users\User\AppData\Local\metacrawler_speedial_v9.0.2.crx not found.
Folder C:\Users\User\AppData\Roaming\MetaCrawler\ not found.
C:\Users\User\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 3057485 bytes
->Temporary Internet Files folder emptied: 2578076 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13883559 bytes
->Google Chrome cache emptied: 9477504 bytes
->Apple Safari cache emptied: 118436864 bytes
->Flash cache emptied: 651 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10022013_175823

Files\Folders moved on Reboot...
File\Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Swipernoswiping]

otl fix log





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Update lucky leap was found to stop!
Service\Driver key Update lucky leap not found.
File C:\Program Files\lucky leap\updateluckyleap.exe not found.
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5BFEFF94-6411-4B74-A947-4969134B24DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ deleted successfully.
C:\Program Files\Vtools Toolbar\IE\7.9\vtoolsToolbarIE.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1006A95B-A573-4A3C-9E07-40FCFA7944DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1006A95B-A573-4A3C-9E07-40FCFA7944DF}\ not found.
Prefs.js: "http://mixidj.delta-...21134&tsp=5012" removed from browser.startup.homepage
Prefs.js: WebSiteRecommendation%40weliketheweb.com:1.0.6 removed from extensions.enabledAddons
Prefs.js: speeddial%40instair.net:1.4.0 removed from extensions.enabledAddons
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wad9qqli.default\extensions\[email protected]\ not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wad9qqli.default\extensions\[email protected] not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wad9qqli.default\searchplugins\mixidj.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ not found.
File C:\Program Files\Vtools Toolbar\IE\7.9\vtoolsToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BFEFF94-6411-4B74-A947-4969134B24DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFEFF94-6411-4B74-A947-4969134B24DE}\ not found.
File C:\Program Files\Vtools Toolbar\IE\7.9\vtoolsToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
File C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe not found.
File move failed. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
Folder C:\Users\User\AppData\Roaming\Wise Disk Cleaner\ not found.
Folder C:\Program Files\lucky leap\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner\ not found.
Folder C:\Program Files\Wise\ not found.
Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\ not found.
C:\Program Files\Vtools Toolbar\Res\Lang folder moved successfully.
C:\Program Files\Vtools Toolbar\Res folder moved successfully.
C:\Program Files\Vtools Toolbar\IE\7.9 folder moved successfully.
C:\Program Files\Vtools Toolbar\IE folder moved successfully.
C:\Program Files\Vtools Toolbar\FF\components folder moved successfully.
C:\Program Files\Vtools Toolbar\FF\chrome folder moved successfully.
C:\Program Files\Vtools Toolbar\FF folder moved successfully.
C:\Program Files\Vtools Toolbar folder moved successfully.
C:\Users\User\AppData\Roaming\Vtools\Windows Cleaner folder moved successfully.
C:\Users\User\AppData\Roaming\Vtools folder moved successfully.
Folder C:\Users\User\AppData\Roaming\Babylon\ not found.
Folder C:\ProgramData\Babylon\ not found.
C:\ProgramData\IObit folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\User\AppData\Roaming\IObit folder moved successfully.
File C:\Users\User\AppData\Local\metacrawler_speedial_v9.0.2.crx not found.
Folder C:\Users\User\AppData\Roaming\MetaCrawler\ not found.
C:\Users\User\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 3057485 bytes
->Temporary Internet Files folder emptied: 2578076 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13883559 bytes
->Google Chrome cache emptied: 9477504 bytes
->Apple Safari cache emptied: 118436864 bytes
->Flash cache emptied: 651 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10022013_175823

Files\Folders moved on Reboot...
File\Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Valinorum]

and when I tried to turn on avast! again I clicked on resolve and avast! downloaded some things but I guess it is safe right?

Is Avast running? Shouldn't be a problem.

Also, do the other steps I mentioned in my previous post and post the logs for my viewing pleasure.

Regards,
Valinorum

[Swipernoswiping]

OTL quick scan

can I use Bittorrent after this because I have to admit that I'm a pirate

so I can delete the backup file right? (just to make it clear)


OTL logfile created on: 10/2/2013 6:08:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.57% Memory free
4.00 Gb Paging File | 2.83 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.73 Gb Total Space | 6.73 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 100.21 Gb Total Space | 5.20 Gb Free Space | 5.19% Space Free | Partition Type: NTFS

Computer Name: DATAVISION | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/30 21:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/09/22 22:35:48 | 000,037,048 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/08/30 15:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 15:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/21 17:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/06/21 17:52:51 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/18 15:58:10 | 000,526,248 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2013/06/18 15:58:08 | 003,505,048 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files\Sony\Content Manager Assistant\CMA.exe
PRC - [2013/05/16 22:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 22:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/16 22:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/19 22:46:12 | 006,155,336 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2012/04/24 20:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/05/30 09:21:42 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2008/06/04 02:05:37 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE


========== Modules (No Company Name) ==========

MOD - [2013/09/22 22:35:48 | 000,037,048 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2013/09/22 22:35:46 | 000,619,192 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2013/09/22 22:31:58 | 000,053,248 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2013/09/22 22:31:54 | 000,023,040 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.dll
MOD - [2013/09/22 22:31:50 | 000,020,480 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WifiStatus.dll
MOD - [2013/09/22 22:31:30 | 000,010,752 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
MOD - [2013/09/22 22:31:22 | 000,020,992 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
MOD - [2013/09/22 22:30:28 | 000,010,240 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
MOD - [2013/09/22 22:30:00 | 000,024,064 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\iTunesPlugin.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/04/24 20:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 20:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\libxml2.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2008/06/04 02:06:14 | 000,351,000 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\MSENCXML.DLL
MOD - [2008/06/04 02:06:14 | 000,269,080 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\ERSREGPR.DLL
MOD - [2008/06/04 02:06:14 | 000,228,120 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\MSENCDAT.DLL
MOD - [2008/06/04 02:06:14 | 000,178,968 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\ENCCONT.DLL
MOD - [2008/06/04 02:05:37 | 000,068,376 | ---- | M] () -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICTEIT.EBK
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/09/20 22:56:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/07 19:00:19 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/02 20:58:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/08/30 15:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/09 09:36:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/16 22:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/30 15:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 15:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 15:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 15:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 15:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/08/30 15:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 15:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 15:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/08/18 01:01:19 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/06/21 20:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/03/04 12:42:06 | 000,108,624 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012/12/04 09:21:12 | 000,016,440 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2011/05/18 17:49:32 | 000,054,784 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GeneStor.sys -- (GeneStor)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/07/16 18:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {09D79313-3069-42DD-83A3-F6EA5D0DF23B}
IE - HKCU\..\SearchScopes\{09D79313-3069-42DD-83A3-F6EA5D0DF23B}: "URL" = http://ph.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "http://ph.search.yah...type=407956&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/02 17:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/07/16 11:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2013/08/17 17:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profileswad9qqli.default\extensions
[2013/08/17 17:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profileswad9qqli.default\extensions\staged
[2013/09/21 13:11:30 | 000,000,911 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x3zlhiro.default-1380627269560\searchplugins\yahoo_ff.xml
[2013/09/07 19:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/07 19:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/07 19:00:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3ZLHIRO.DEFAULT-1380627269560\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U40 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.400.43 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

O1 HOSTS File: ([2013/09/30 18:35:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [L09AXLRD_6560107] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF09C0F1-C128-474E-896A-7FB36E546CBF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/09/21 13:54:21 | 000,000,150 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 17:58:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/02 17:45:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/01 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/10/01 19:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/10/01 19:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2013/10/01 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Old Firefox Data
[2013/09/30 19:40:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/30 18:31:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/30 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2013/09/30 18:18:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/29 20:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/29 11:28:12 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Rainmeter
[2013/09/29 11:28:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Rainmeter
[2013/09/29 11:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2013/09/29 11:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/09/27 13:23:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/09/27 11:39:34 | 000,000,000 | RH-D | C] -- C:\Users\User\AppData\Roaming\SecuROM
[2013/09/27 10:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV Vehicle Mod Installer
[2013/09/27 10:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\GTA IV Vehicle Mod Installer
[2013/09/27 09:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2013/09/26 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Rockstar Games
[2013/09/26 17:56:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Rockstar Games
[2013/09/26 17:49:50 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013/09/26 17:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013/09/24 21:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/24 21:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/24 21:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/21 13:58:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2013/09/21 13:58:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2013/09/21 13:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013/09/21 13:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2013/09/21 13:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2013/09/21 13:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/09/21 13:36:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2013/09/21 13:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/09/21 13:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/09/21 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Razer
[2013/09/21 13:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/09/21 13:11:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Razer
[2013/09/21 13:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Vtools
[2013/09/21 13:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/21 13:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Speed Dial
[2013/09/20 21:11:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Urban Trial Freestyle
[2013/09/20 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tate Multimedia
[2013/09/20 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Sony Corporation
[2013/09/20 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\PS Vita
[2013/09/20 19:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/09/20 16:40:42 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\NFS SHIFT
[2013/09/20 15:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\NFS SHIFT
[2013/09/16 21:28:28 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Bully Scholarship Edition
[2013/09/16 21:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
[2013/09/16 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bully. Scholarship Edition
[2013/09/16 21:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bully
[2013/09/15 17:54:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Criterion Games
[2013/09/15 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013/09/15 11:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013/09/15 11:33:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/09/14 10:05:18 | 000,000,000 | ---D | C] -- C:\ATI
[2013/09/13 20:56:55 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\NBA Live 2003
[2013/09/13 20:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2013/09/13 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Need for Speed World
[2013/09/12 21:14:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Electronic_Arts_Inc
[2013/09/12 19:08:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Square Enix
[2013/09/07 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/07 17:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2013/09/05 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2013/09/05 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\2K Games
[2013/09/05 21:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2013/09/04 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\NVIDIA
[2013/09/04 18:06:55 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Arkham City Cutscenes
[2013/09/03 21:55:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/09/03 21:54:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/09/03 19:20:48 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2013/09/03 18:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/09/03 18:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/09/03 18:05:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/09/02 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

========== Files - Modified Within 30 Days ==========

[2013/10/02 18:08:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/02 18:08:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/02 18:00:49 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/02 18:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/02 18:00:30 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/02 17:57:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/10/02 17:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 21:23:15 | 000,000,995 | ---- | M] () -- C:\Users\User\Desktop\WinDirStat.lnk
[2013/10/01 21:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/30 18:35:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/30 16:04:19 | 000,660,618 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/30 16:04:19 | 000,121,016 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/30 15:24:17 | 000,002,231 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/30 15:24:02 | 001,786,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/29 20:24:07 | 000,129,088 | ---- | M] () -- C:\Users\User\Documents\BACKUP.reg
[2013/09/29 11:28:07 | 000,001,889 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/09/26 17:49:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013/09/21 13:39:01 | 000,002,503 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/09/20 19:51:50 | 000,002,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
[2013/09/19 18:22:09 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2013/09/18 14:24:12 | 000,268,968 | ---- | M] () -- C:\Windows\System32\sqlite3.dll
[2013/09/13 20:54:00 | 000,000,513 | ---- | M] () -- C:\Windows\eReg.dat
[2013/09/12 19:56:35 | 000,000,258 | RHS- | M] () -- C:\Users\User\ntuser.pol
[2013/09/04 17:19:41 | 000,001,413 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/03 21:48:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2013/10/01 19:58:50 | 000,000,995 | ---- | C] () -- C:\Users\User\Desktop\WinDirStat.lnk
[2013/09/30 15:23:45 | 001,786,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/29 20:23:50 | 000,129,088 | ---- | C] () -- C:\Users\User\Documents\BACKUP.reg
[2013/09/29 20:06:27 | 000,002,231 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/29 20:02:21 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/29 20:02:12 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/29 11:28:07 | 000,001,889 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/09/29 11:28:07 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2013/09/21 13:39:01 | 000,002,503 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/09/21 13:39:01 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013/09/21 13:36:29 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/09/21 13:10:23 | 000,268,968 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2013/09/20 19:51:51 | 000,001,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Content Manager Assistant for PlayStation®.lnk
[2013/09/20 19:51:50 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
[2013/09/19 18:22:09 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2013/09/13 20:54:00 | 000,000,513 | ---- | C] () -- C:\Windows\eReg.dat
[2013/09/04 17:19:41 | 000,001,419 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/03 21:48:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/09/03 19:24:17 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013/09/03 19:19:41 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2013/09/03 19:18:58 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2013/09/03 18:29:09 | 000,016,437 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/09/02 21:11:21 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/02 21:10:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/08/18 00:42:43 | 000,000,258 | RHS- | C] () -- C:\Users\User\ntuser.pol
[2013/08/16 18:06:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/16 18:06:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/16 18:06:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/16 18:06:32 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/16 18:06:31 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/25 18:05:50 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/09 10:21:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/07/09 10:21:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/07/09 10:21:07 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/07/09 10:21:06 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/07/09 10:21:04 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/07/09 10:12:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2013/07/09 09:09:14 | 003,155,536 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/07/09 09:09:14 | 000,424,769 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/07/09 09:09:01 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/09 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\2K Sports
[2013/10/01 19:22:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2013/09/16 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bully. Scholarship Edition
[2013/09/29 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013/09/13 18:41:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Need for Speed World
[2013/08/18 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerISO
[2013/09/29 11:28:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rainmeter
[2013/08/17 17:51:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SimilarSites
[2013/09/15 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013/08/25 15:37:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2013/07/23 11:33:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wildfire
[2013/07/09 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Zbshareware Lab

========== Purity Check ==========



< End of report >

[Swipernoswiping]

security check log



Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 40
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox 23.0.1 Firefox out of Date!
Google Chrome 29.0.1547.76
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

[Valinorum]

Hi Swipernoswiping,

so I can delete the backup file right? (just to make it clear)

If it does not contain any important file, you can delete it to free up some space.

can I use Bittorrent after this because I have to admit that I'm a pirate

The program itself is clean so I have no issue on keeping it in your PC. But we do not condone piracy. Be sure to acknowledge yourself about the risks of P2P program which I posted earlier and do know that if you are ever infected by pirated programs, we will not be providing further assistance.

Let me check if there are any remnants.

• Step #1 Java Issue
  Java is currently one of the most targeted program by the Malware writers. The Department of Homeland Security recommends that computer users disable Java. Please acknowledge yourself the following articles.
• Article #1
• Article #2

I would suggest that you completely uninstall Java unless you need it for important software to run. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. Please read the following --

• How to diasble Java in your web browser;
• How to unplug Java from the browser

 

• Step #2 Update Firefox
  Your Firefox is out of date. Older versions contain vulnerabilities. Please follow the process--
• Download the latest version of the Firefox from here;
• Uninstall your current version of Firefox;
• Right click on the newly downloaded program and choose Run as administrator and follow the on-screen instruction to install firefox.

 

• Step #3 Scan with ESET Online Scanner
  Run ESET online Scanner:
  
  Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  
  Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on:
    

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

• If No Threats Were Found:
  
  
  • Put a checkmark in "Uninstall application on close"
  • Close the program
  • Report to me that nothing was found
• If Threats Were Found:
  
  • Click on "list of threats found"
  • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a check mark in "Uninstall application on close" (Be sure you have saved the file first)
  • Click on Finish
  • Close the program
  • Copy and paste the report here

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

• Step #4 Scan with Malwarebytes Anti-malware
  Please download Malwarebytes' Anti-Malware 'here'.
  
  
• Double-click mbam-setup.exe to install the application.
• Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Full Scan, then click Scan. The scan may take some time to finish, so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
• The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the Logs tab in the interface.
• Copy and paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 

• Required Log(s):
• ESET log;
• MBAM log.

Regards,
Valinorum

[Swipernoswiping]

my internet has been soooooooooooooooooooooooo slow for the past few days and I am still gonna try to those


now I am starting to wonder if all those OTLs, JRTs caused it

[Valinorum]

Please do the above steps. OTL and JRT can't cause an internet issue.

[Valinorum]

Hi Swipernoswiping,

Please do the following steps after you have done ESET and MBAM part.

• Step #1
  Please download MiniToolBox, save it to your desktop and run it.
  
  Checkmark the following checkboxes:
  
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

• Step #2 Scan with Farbar Service Scanner
  
  • Please download Farbar Service Scanner by Farbar to your Desktop from the link below.
    Download Link
  • Right-click and choose Run as Administrator;
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

• Required Log(s):
  
• MiniToolBox log;
• FSS.txt

Regards,
Valinorum

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.