Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer blocked`registry editor message followed by ukash ransome vir

Started by MARKTEN , Oct 24 2013 06:10 PM

  • Please log in to reply

#1
MARKTEN
Posted 24 October 2013 - 06:10 PM

MARKTEN

    Member

  • Member
  • PipPip
  • 26 posts
Whilst on the internet up popped a request to edit the computer's registry
The publisher was microsoft windows
it gave informtion "C:windows ergedit.exe"-S'C\program~2\\3ulvf2r.reg

I clicked on no several times but the message instantly reappeared locking the computer then after a time the Ransome screen appreared demanding money from the Australian Communications and media authority

I have run the MBAM Chamelian in safe mode with networking and although Malwarebytes picked up 15 infections on reboot the situation was the same

I ran OTL in safe mode and attached are the files OTL created

Your assistance will be greatly appreciated


Mark

OTL logfile created on: 25/10/2013 10:52:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.73 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 83.96% Memory free
5.45 Gb Paging File | 5.04 Gb Available in Paging File | 92.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 917.42 Gb Total Space | 867.19 Gb Free Space | 94.52% Space Free | Partition Type: NTFS
Drive E: | 3.60 Gb Total Space | 3.33 Gb Free Space | 92.49% Space Free | Partition Type: FAT32

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/25 10:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/10/09 20:05:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/07 21:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/07/25 10:10:04 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/25 10:00:59 | 000,193,264 | ---- | M] (Stonesoft) [Auto | Stopped] -- C:\Program Files\Stonesoft\Access Client\AccessClient-Service.exe -- (sgsslvpnClientService)
SRV - [2013/06/19 21:22:25 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\APlusGamer_63\bar\1.bin\63barsvc.exe -- (APlusGamer_63Service)
SRV - [2013/05/27 15:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/21 15:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/04 21:53:36 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/01/31 11:02:52 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/01/28 15:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/12/27 13:47:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/27 12:32:22 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/12/19 06:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/07 09:17:52 | 000,267,264 | R--- | M] (3S-Smart Software Solutions GmbH) [Auto | Stopped] -- C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3S CoDeSys\GatewayPLC\ServiceControl.exe -- (CoDeSys ServiceControl)
SRV - [2012/08/07 09:17:20 | 000,595,456 | R--- | M] (3S-Smart Software Solutions GmbH) [Auto | Stopped] -- C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3S CoDeSys\GatewayPLC\GatewayService.exe -- (CoDeSys Gateway V3)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/02/29 23:19:16 | 000,070,496 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/02/29 12:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/29 12:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/22 07:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/22 07:29:28 | 000,128,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/02/03 17:25:30 | 000,458,464 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/01/20 23:27:18 | 000,163,328 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/16 18:15:30 | 000,534,448 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2011/12/15 10:02:42 | 000,690,104 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2011/11/26 13:48:58 | 000,112,552 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2011/11/25 08:18:04 | 000,210,880 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2011/09/14 05:45:55 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/12 12:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/08 07:07:36 | 000,186,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2011/06/08 07:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2010/10/21 09:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010/10/13 04:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/10 12:26:34 | 000,133,640 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010/05/04 17:47:18 | 002,044,248 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 05:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/10/21 05:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/04/01 08:47:40 | 000,033,280 | ---- | M] (Eurotherm Limited) [Disabled | Stopped] -- C:\Program Files\Eurotherm\iTools\iToolsService.exe -- (iToolsOPCService)
SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/23 10:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/10/17 15:26:41 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131023.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/08/29 18:22:02 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131023.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/29 18:22:02 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131023.024\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 21:35:53 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/06/25 10:01:07 | 000,046,320 | ---- | M] (Stonesoft) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\waclient.sys -- (waclient)
DRV - [2013/06/18 12:52:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 16:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 16:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 16:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 11:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)
DRV - [2013/04/16 13:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/05 12:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 12:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/11/01 13:41:18 | 000,010,584 | ---- | M] (Red Lion Controls Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\g3usb.sys -- (HMI)
DRV - [2012/01/20 23:52:16 | 009,074,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/01/20 22:34:14 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/01/05 22:58:50 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/01/05 22:58:50 | 000,347,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/01/05 22:58:50 | 000,013,592 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2011/12/30 19:21:40 | 002,229,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/12/17 12:24:00 | 000,065,600 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2011/11/10 19:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/10/18 07:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/08/18 09:27:04 | 000,197,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2011/08/09 12:53:26 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/02/09 14:08:00 | 000,033,616 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2010/11/21 08:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 08:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 08:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/06/19 11:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/10/21 05:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/15 09:12:46 | 000,080,896 | ---- | M] (ATEN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2at.sys -- (ser2at)
DRV - [2009/07/31 12:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/15 10:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/20 14:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2008/03/21 14:42:52 | 000,004,211 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alertdrv.sys -- (AlertDrv)
DRV - [2008/03/21 08:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{70a02aa7-2f3f-41d4-97da-b9db0de80624}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
IE - HKCU\..\URLSearchHook: {34114ac1-b899-4a25-a167-cb054d5025f3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NOOH_enAU516
IE - HKCU\..\SearchScopes\{70a02aa7-2f3f-41d4-97da-b9db0de80624}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@APlusGamer_63.com/Plugin: C:\Program Files\APlusGamer_63\bar\1.bin\NP63Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/10/25 10:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/10 08:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\63ffxtbr@APlusGamer_63.com: C:\Program Files\APlusGamer_63\bar\1.bin [2013/10/01 08:33:00 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Free Smileys & Emoticons = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.8.0_0\
CHR - Extension: Free Smileys & Emoticons = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.9.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Assistant BHO) - {27768dfb-5333-4f5b-aedf-34316b6dfaf0} - C:\Program Files\APlusGamer_63\bar\1.bin\63SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {2b43b65c-bec7-4cd5-9fdf-9a68e6fcb276} - C:\Program Files\APlusGamer_63\bar\1.bin\63bar.dll (MindSpark)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (APlusGamer) - {8945176c-2823-4272-9735-873e75bfe1b4} - C:\Program Files\APlusGamer_63\bar\1.bin\63bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (APlusGamer) - {8945176C-2823-4272-9735-873E75BFE1B4} - C:\Program Files\APlusGamer_63\bar\1.bin\63bar.dll (MindSpark)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APlusGamer Search Scope Monitor] C:\Program Files\APlusGamer_63\bar\1.bin\63SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [APlusGamer_63 Browser Plugin Loader] C:\Program Files\APlusGamer_63\bar\1.bin\63brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GatewaySysTray] C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3s CoDeSys\GatewayPLC\GatewaySysTray.exe (3S-Smart Software Solutions GmbH)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe (SRS Labs, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSCMain] C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} https://topsaccess.p...lientLoader.cab (Access Client web loader)
O16 - DPF: {48989C74-D5FC-4F17-BA40-3D825C716836} http://search-ext.ab...ltidownldr6.cab (clMultiDownLoader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {92E2CE49-7294-11D2-BC1A-0020182BD6F6} https://topsaccess.p...ry/ttax5250.cab (Century Software Te5250 Terminal Emulation Control)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {FF445149-7294-11D2-BC1A-0020182BD6F6} https://topsaccess.p...ry/ttax5250.cab (Century Software Te5250 Terminal Emulation Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.134.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A040755-3B5A-4F98-99C2-F48C9A9C21C3}: DhcpNameServer = 61.9.134.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FAD0D7B-1B2B-4787-837C-6C67B5A134B4}: DhcpNameServer = 61.9.133.193 61.9.188.33
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 10:44:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/10/25 10:27:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2013/10/25 10:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2013/10/25 09:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/25 09:03:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/10/25 09:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/25 08:14:14 | 000,172,032 | ---- | C] (Sekizenkan Company) -- C:\ProgramData\r2fvlw3.dss
[2013/10/09 20:24:07 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\FLEXnet
[2013/10/09 20:13:57 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\System32\BrWi209d.dll
[2013/10/09 20:13:56 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\System32\BrJDec.dll
[2013/10/09 20:13:41 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- C:\windows\System32\BRRBI100.EXE
[2013/10/09 20:13:41 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- C:\windows\System32\BRPRTINK.DLL
[2013/10/09 20:13:38 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\System32\BROSNMP.DLL
[2013/10/09 20:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2013/10/09 20:10:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Nuance
[2013/10/09 20:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2013/10/09 20:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2013/10/09 20:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2013/10/09 20:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/10/09 20:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2013/10/09 20:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2013/10/09 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\MyWebPages
[2013/10/01 20:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/01 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/01 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/01 11:49:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\ControlCenter4
[2013/10/01 11:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013/10/01 11:42:55 | 000,000,000 | ---D | C] -- C:\Brother
[2013/10/01 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2013/10/01 11:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2013/10/01 11:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/10/01 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2013/10/01 11:42:21 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\System32\BrfxD05c.dll
[2013/10/01 11:42:18 | 000,180,224 | R--- | C] (Brother Industries, Ltd.) -- C:\windows\System32\BrMuSNMP.dll
[2013/10/01 11:42:18 | 000,075,264 | R--- | C] (Brother Industries, Ltd.) -- C:\windows\System32\BrNetSti.dll
[2013/10/01 11:42:18 | 000,074,752 | ---- | C] (Brother Industries,Ltd.) -- C:\windows\System32\BrWiaNCp.dll
[2013/10/01 11:42:18 | 000,051,200 | ---- | C] (Brother Industries,Ltd) -- C:\windows\System32\Brnsplg.dll
[2013/10/01 11:41:54 | 000,245,760 | ---- | C] (brother) -- C:\windows\System32\NSSearch.dll
[2013/10/01 11:41:54 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\windows\System32\BrDctF2.dll
[2013/10/01 11:41:54 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\windows\System32\BrDctF2S.dll
[2013/10/01 11:41:54 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\windows\System32\BrDctF2L.dll
[2013/10/01 11:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/10/01 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\install
[2013/09/28 14:57:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2013/09/28 14:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/26 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\gormani

========== Files - Modified Within 30 Days ==========

[2013/10/25 10:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/10/25 10:49:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/25 10:49:06 | 2195,562,496 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 10:36:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\3wlvf2r.bxx
[2013/10/25 10:35:33 | 000,000,279 | ---- | M] () -- C:\ProgramData\3wlvf2r.reg
[2013/10/25 10:33:28 | 000,000,000 | ---- | M] () -- C:\ProgramData\3wlvf2r.fvv
[2013/10/25 10:33:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 10:32:54 | 000,000,816 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/10/25 10:13:02 | 000,025,120 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 10:13:02 | 000,025,120 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 10:04:07 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/10/25 09:03:06 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 08:14:17 | 000,001,048 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wlvf2r.lnk
[2013/10/25 08:14:14 | 000,172,032 | ---- | M] (Sekizenkan Company) -- C:\ProgramData\r2fvlw3.dss
[2013/10/25 08:03:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 07:29:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 07:16:54 | 000,674,134 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/25 07:16:54 | 000,129,992 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/24 12:02:00 | 000,000,818 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/10/22 16:46:41 | 001,566,397 | ---- | M] () -- C:\Users\Mark\Desktop\plutofunctions.pdf
[2013/10/22 16:18:36 | 001,306,838 | ---- | M] () -- C:\Users\Mark\Desktop\plutohardware.pdf
[2013/10/18 08:30:27 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/17 23:15:08 | 002,647,119 | ---- | M] () -- C:\Users\Mark\Desktop\02_Pluto_2TLC172001C0202.pdf
[2013/10/14 08:11:01 | 000,010,122 | ---- | M] () -- C:\Users\Mark\Desktop\Detmold.pdf
[2013/10/11 12:22:18 | 383,981,745 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/10/09 20:22:47 | 000,498,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/10/09 20:16:19 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013/10/09 20:15:55 | 000,002,944 | ---- | M] () -- C:\windows\BRPARAM.INI
[2013/10/09 20:15:51 | 000,000,294 | ---- | M] () -- C:\windows\Brpfx04a.ini
[2013/10/09 20:15:51 | 000,000,065 | ---- | M] () -- C:\windows\brpcfx.ini
[2013/10/07 13:40:34 | 000,045,311 | ---- | M] () -- C:\Users\Mark\Desktop\inv 158.pdf
[2013/10/04 09:33:00 | 000,093,506 | ---- | M] () -- C:\Users\Mark\Documents\rectifer diodes.jpg
[2013/10/04 09:33:00 | 000,085,995 | ---- | M] () -- C:\Users\Mark\Documents\rectifer diode.jpg
[2013/10/01 11:42:55 | 000,000,066 | ---- | M] () -- C:\windows\Brfaxrx.ini

========== Files Created - No Company Name ==========

[2013/10/25 10:33:28 | 000,000,279 | ---- | C] () -- C:\ProgramData\3wlvf2r.reg
[2013/10/25 10:04:07 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/10/25 09:03:06 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 08:14:17 | 000,001,048 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wlvf2r.lnk
[2013/10/25 08:14:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\3wlvf2r.fvv
[2013/10/25 08:14:15 | 095,025,368 | ---- | C] () -- C:\ProgramData\3wlvf2r.bxx
[2013/10/22 16:52:47 | 001,566,397 | ---- | C] () -- C:\Users\Mark\Desktop\plutofunctions.pdf
[2013/10/22 16:23:44 | 001,306,838 | ---- | C] () -- C:\Users\Mark\Desktop\plutohardware.pdf
[2013/10/17 23:21:34 | 002,647,119 | ---- | C] () -- C:\Users\Mark\Desktop\02_Pluto_2TLC172001C0202.pdf
[2013/10/14 08:11:14 | 000,010,122 | ---- | C] () -- C:\Users\Mark\Desktop\Detmold.pdf
[2013/10/09 20:15:32 | 000,002,944 | ---- | C] () -- C:\windows\BRPARAM.INI
[2013/10/07 13:40:58 | 000,045,311 | ---- | C] () -- C:\Users\Mark\Desktop\inv 158.pdf
[2013/10/04 09:33:00 | 000,093,506 | ---- | C] () -- C:\Users\Mark\Documents\rectifer diodes.jpg
[2013/10/04 09:33:00 | 000,085,995 | ---- | C] () -- C:\Users\Mark\Documents\rectifer diode.jpg
[2013/10/01 11:45:44 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013/10/01 11:45:19 | 000,000,294 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2013/10/01 11:45:19 | 000,000,065 | ---- | C] () -- C:\windows\brpcfx.ini
[2013/10/01 11:42:35 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2013/10/01 11:42:21 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2013/10/01 11:41:57 | 000,000,050 | ---- | C] () -- C:\windows\System32\BRADM10A.DAT
[2013/09/02 15:09:06 | 000,040,960 | ---- | C] () -- C:\windows\ModemServ.exe
[2013/07/10 07:55:46 | 000,000,058 | ---- | C] () -- C:\windows\System32\qbw.ini
[2013/03/24 09:29:40 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2013/03/20 17:53:47 | 000,088,688 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2013/01/22 11:55:25 | 000,000,302 | ---- | C] () -- C:\windows\fw.ini
[2013/01/22 11:55:25 | 000,000,025 | ---- | C] () -- C:\windows\propbldr.ini
[2013/01/22 11:52:06 | 000,001,111 | ---- | C] () -- C:\windows\IAB.ini
[2013/01/22 11:49:39 | 000,245,760 | ---- | C] () -- C:\windows\System32\ABECADDll.dll
[2012/12/27 16:02:58 | 001,040,839 | ---- | C] () -- C:\Users\Mark\AppData\Local\Default_1_1.project
[2012/12/27 16:02:58 | 000,021,278 | ---- | C] () -- C:\Users\Mark\AppData\Local\Default_1_1-Mark-Mark-PC.opt
[2012/12/27 09:24:44 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/12/27 08:54:02 | 000,133,640 | ---- | C] () -- C:\windows\System32\GFNEXSrv.exe
[2012/12/27 08:54:02 | 000,128,312 | ---- | C] () -- C:\windows\System32\GFNEX.dll
[2012/12/27 08:52:18 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2012/12/27 08:45:11 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/12/27 08:45:09 | 000,251,068 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/12/27 08:43:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/12/27 08:41:28 | 000,608,507 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2012/12/27 08:41:28 | 000,204,960 | ---- | C] () -- C:\windows\System32\ativvsvl.dat
[2012/12/27 08:41:28 | 000,157,152 | ---- | C] () -- C:\windows\System32\ativvsva.dat
[2012/12/27 08:41:28 | 000,003,917 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2012/12/27 08:39:19 | 000,015,128 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2012/11/12 07:42:12 | 000,045,056 | ---- | C] () -- C:\windows\System32\BRTCPCON.DLL
[2012/11/12 07:42:12 | 000,000,114 | ---- | C] () -- C:\windows\System32\BRLMW03A.INI
[2012/11/12 07:42:12 | 000,000,050 | ---- | C] () -- C:\windows\System32\BRADC08A.DAT
[2012/02/03 17:08:06 | 000,001,536 | ---- | C] () -- C:\windows\System32\IusEventLog.dll
[2012/01/20 23:49:58 | 000,059,904 | ---- | C] () -- C:\windows\System32\OpenVideo.dll
[2012/01/20 23:49:48 | 000,054,784 | ---- | C] () -- C:\windows\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 08:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/27 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Autodesk
[2013/10/09 20:24:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ControlCenter4
[2013/07/23 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Eurotherm
[2013/05/19 08:55:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Foxit Software
[2013/10/09 20:10:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nuance
[2012/12/27 16:11:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Parker Drive Quicktool
[2013/05/22 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PCCUStubInstaller
[2013/06/21 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PeaZip
[2013/01/22 11:56:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Rockwell Automation
[2012/12/27 10:34:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Splashtop Remote Client
[2012/12/27 16:13:15 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Toshiba

========== Purity Check ==========



< End of report >

Attached Files


Edited by RKinner, 24 October 2013 - 10:39 PM.

  • 0

Advertisements

#2
RKinner
Posted 24 October 2013 - 10:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2013/10/25 08:14:17 | 000,001,048 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3wlvf2r.lnk
[2013/10/25 08:14:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\3wlvf2r.fvv
[2013/10/25 08:14:15 | 095,025,368 | ---- | C] () -- C:\ProgramData\3wlvf2r.bxx
[2013/10/25 08:14:14 | 000,172,032 | ---- | M] (Sekizenkan Company) -- C:\ProgramData\r2fvlw3.dss
[2013/10/25 08:03:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 07:29:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 10:33:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 10:32:54 | 000,000,816 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

:Files
type C:\ProgramData\3wlvf2r.reg /c
C:\ProgramData\3wlvf2r.reg

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10242013-some number.log so look there if you don't see it.

Did that get it?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Run OTl, Quickscan and post the log.
  • 0

#3
MARKTEN
Posted 24 October 2013 - 11:31 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

Awesome it is looking clear Thanks a lot

please find logs attached

Mark

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Mark (administrator) on MARK-PC on 25-10-2013 16:15:21
Running from C:\Users\Mark\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\windows\system32\atiesrxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(COMPANYVERS_NAME) C:\PROGRA~1\APLUSG~2\bar\1.bin\63barsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(3S-Smart Software Solutions GmbH) C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3s CoDeSys\GatewayPLC\GatewayService.exe
(AMD) C:\windows\system32\atieclxx.exe
(3S-Smart Software Solutions GmbH) C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3s CoDeSys\GatewayPLC\ServiceControl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Stonesoft) C:\Program Files\Stonesoft\Access Client\AccessClient-Service.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(3S-Smart Software Solutions GmbH) C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3S CoDeSys\GatewayPLC\GatewaySysTray.exe
(VER_COMPANY_NAME) C:\Program Files\APlusGamer_63\bar\1.bin\63brmon.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\NuanceWDS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223180 2012-03-23] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2321680 2011-12-20] (Synaptics Incorporated)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM\...\Run: [USB3MON] - C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [542640 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [854400 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1370032 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [612256 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] - C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-22] (TOSHIBA)
HKLM\...\Run: [TPSCMain] - C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [632760 2011-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [612256 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackup] - C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [923480 2010-05-04] (Symantec Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [32168 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\...\Run: [GatewaySysTray] - C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3s CoDeSys\GatewayPLC\GatewaySysTray.exe [566272 2012-08-07] (3S-Smart Software Solutions GmbH)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [APlusGamer Search Scope Monitor] - C:\PROGRA~1\APLUSG~2\bar\1.bin\63srchmn.exe [44784 2013-06-19] (MindSpark)
HKLM\...\Run: [APlusGamer_63 Browser Plugin Loader] - C:\PROGRA~1\APLUSG~2\bar\1.bin\63brmon.exe [30096 2013-06-19] (VER_COMPANY_NAME)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-27] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20681584 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
URLSearchHook: (No Name) - {34114ac1-b899-4a25-a167-cb054d5025f3} - C:\Program Files\APlusGamer_63\bar\1.bin\63SrcAs.dll (MindSpark)
SearchScopes: HKLM - {70a02aa7-2f3f-41d4-97da-b9db0de80624} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {70a02aa7-2f3f-41d4-97da-b9db0de80624} URL = http://search.mywebs...r={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Assistant BHO - {27768dfb-5333-4f5b-aedf-34316b6dfaf0} - C:\Program Files\APlusGamer_63\bar\1.bin\63SrcAs.dll (MindSpark)
BHO: Toolbar BHO - {2b43b65c-bec7-4cd5-9fdf-9a68e6fcb276} - C:\PROGRA~1\APLUSG~2\bar\1.bin\63bar.dll (MindSpark)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - APlusGamer - {8945176c-2823-4272-9735-873e75bfe1b4} - C:\Program Files\APlusGamer_63\bar\1.bin\63bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - APlusGamer - {8945176C-2823-4272-9735-873E75BFE1B4} - C:\Program Files\APlusGamer_63\bar\1.bin\63bar.dll (MindSpark)
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} https://topsaccess.p...lientLoader.cab
DPF: {48989C74-D5FC-4F17-BA40-3D825C716836} http://search-ext.ab...ltidownldr6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {92E2CE49-7294-11D2-BC1A-0020182BD6F6} https://topsaccess.p...ry/ttax5250.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {FF445149-7294-11D2-BC1A-0020182BD6F6} https://topsaccess.p...ry/ttax5250.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 61.9.134.49 61.9.195.193

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.8.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Mark\AppData\Local\Temp\bhfiles\smileyswelovetoolbar_3_0_8_0.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 APlusGamer_63Service; C:\PROGRA~1\APLUSG~2\bar\1.bin\63barsvc.exe [42504 2013-06-19] (COMPANYVERS_NAME)
S3 bepldr; C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [151552 2007-02-21] ()
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [186296 2011-06-08] (TOSHIBA CORPORATION)
R2 CoDeSys Gateway V3; C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3s CoDeSys\GatewayPLC\GatewayService.exe [595456 2012-08-07] (3S-Smart Software Solutions GmbH)
R2 CoDeSys ServiceControl; C:\Program Files\Parker Hannifin Manufacturing Ltd\PDQ\3s CoDeSys\GatewayPLC\ServiceControl.exe [267264 2012-08-07] (3S-Smart Software Solutions GmbH)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [47032 2011-06-08] (TOSHIBA CORPORATION)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [133640 2010-09-10] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-03] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
S4 iToolsOPCService; C:\Program Files\Eurotherm\iTools\iToolsService.exe [33280 2008-04-01] (Eurotherm Limited)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2044248 2010-05-04] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.15.77\diMaster.dll [132984 2011-09-14] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 sgsslvpnClientService; C:\Program Files\Stonesoft\Access Client\AccessClient-Service.exe [193264 2013-06-25] (Stonesoft)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [551264 2013-01-28] (Splashtop Inc.)
R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-12] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [210880 2011-11-25] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112552 2011-11-26] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [690104 2011-12-15] (TOSHIBA Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R3 AlertDrv; C:\Windows\System32\drivers\alertdrv.sys [4211 2008-03-21] (Windows ® 2000 DDK provider)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [38248 2011-08-09] (Atheros)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
S3 HMI; C:\Windows\System32\drivers\g3usb.sys [10584 2012-11-01] (Red Lion Controls Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131023.001\IDSvix86.sys [393816 2013-10-17] (Symantec Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-05] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [347928 2012-01-05] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [789272 2012-01-05] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131023.024\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131023.024\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-09] (TOSHIBA Corporation)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at.sys [80896 2009-10-15] (ATEN)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
R2 waclient; C:\Windows\System32\drivers\waclient.sys [46320 2013-06-25] (Stonesoft)
S3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 16:15 - 2013-10-25 16:15 - 00000000 ____D C:\FRST
2013-10-25 16:14 - 2013-10-25 16:36 - 01088113 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2013-10-25 16:05 - 2013-10-25 16:05 - 00000000 ____D C:\_OTL
2013-10-25 10:57 - 2013-10-25 10:57 - 00066058 _____ C:\Users\Mark\Desktop\Extras.Txt
2013-10-25 10:56 - 2013-10-25 10:56 - 00101762 _____ C:\Users\Mark\Desktop\OTL.Txt
2013-10-25 10:44 - 2013-10-25 10:58 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2013-10-25 10:27 - 2013-10-25 10:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-10-25 10:27 - 2013-10-25 10:27 - 00000000 ____D C:\Program Files\CleanUp!
2013-10-25 10:04 - 2013-10-25 10:04 - 00003288 ____N C:\bootsqm.dat
2013-10-25 09:03 - 2013-10-25 09:03 - 00000925 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 09:03 - 2013-10-25 09:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 09:03 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-11 12:22 - 2013-10-11 12:22 - 00570880 _____ C:\windows\Minidump\101113-42307-01.dmp
2013-10-10 10:32 - 2013-10-10 10:33 - 00257230 _____ C:\windows\msxml4-KB2758694-enu.LOG
2013-10-09 20:24 - 2013-10-09 20:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\FLEXnet
2013-10-09 20:15 - 2013-10-09 20:15 - 00002944 _____ C:\windows\BRPARAM.INI
2013-10-09 20:13 - 2012-07-31 18:38 - 01475072 _____ (Brother Industries, Ltd.) C:\windows\system32\BrWi209d.dll
2013-10-09 20:13 - 2010-05-20 16:33 - 00103792 _____ (Brother Industries Ltd) C:\windows\system32\BRRBI100.EXE
2013-10-09 20:13 - 2010-04-01 21:28 - 00217088 _____ (Brother Industries, Ltd.) C:\windows\system32\BrJDec.dll
2013-10-09 20:13 - 2010-03-16 03:20 - 00050176 _____ (Brother Industries Ltd.) C:\windows\system32\BRPRTINK.DLL
2013-10-09 20:13 - 2010-02-05 13:42 - 00180224 _____ (Brother Industries, Ltd.) C:\windows\system32\BROSNMP.DLL
2013-10-09 20:10 - 2013-10-09 20:10 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Nuance
2013-10-09 20:10 - 2013-10-09 20:10 - 00000000 ____D C:\ProgramData\zeon
2013-10-09 20:10 - 2013-10-09 20:10 - 00000000 ____D C:\ProgramData\ScanSoft
2013-10-09 20:09 - 2013-10-09 20:27 - 00000000 ____D C:\ProgramData\Nuance
2013-10-09 20:09 - 2013-10-09 20:11 - 00000000 ____D C:\Program Files\Nuance
2013-10-09 20:09 - 2013-10-09 20:09 - 00000000 ____D C:\Users\Mark\Documents\MyWebPages
2013-10-09 20:09 - 2013-10-09 20:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-10-09 20:09 - 2013-10-09 20:09 - 00000000 ____D C:\Program Files\Common Files\ScanSoft Shared
2013-10-09 14:21 - 2013-09-23 10:27 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-09 14:21 - 2013-09-23 10:27 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-09 14:21 - 2013-09-23 10:27 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-09 14:21 - 2013-09-21 14:30 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-09 14:20 - 2013-09-23 10:28 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-09 14:20 - 2013-09-23 10:28 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-09 14:20 - 2013-09-23 10:28 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-09 14:20 - 2013-09-23 10:27 - 14335488 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-09 14:20 - 2013-09-23 10:27 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-09 14:20 - 2013-09-21 13:39 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-09 08:24 - 2013-09-14 11:48 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 08:24 - 2013-09-08 13:07 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 08:24 - 2013-09-08 13:03 - 00231424 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 08:24 - 2013-09-04 12:15 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 08:24 - 2013-09-04 12:14 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 08:24 - 2013-09-04 12:14 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 08:24 - 2013-09-04 12:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 08:24 - 2013-09-04 12:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 08:24 - 2013-09-04 12:14 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-09 08:24 - 2013-09-04 12:14 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 08:24 - 2013-08-29 12:51 - 03969472 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2013-10-09 08:24 - 2013-08-29 12:51 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 08:24 - 2013-08-29 12:50 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 08:24 - 2013-08-29 12:50 - 00619520 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 08:24 - 2013-08-29 12:48 - 00640512 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 08:24 - 2013-08-28 12:04 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 08:24 - 2013-08-28 11:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 08:24 - 2013-08-01 22:03 - 00729024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 08:24 - 2013-07-20 21:33 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:24 - 2013-07-12 21:08 - 00146816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 08:24 - 2013-07-12 21:07 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 08:24 - 2013-07-04 22:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 08:24 - 2013-07-04 22:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 08:24 - 2013-07-04 22:50 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 08:24 - 2013-07-04 20:48 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 08:24 - 2013-07-03 15:02 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-09 08:24 - 2013-07-03 14:36 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 08:24 - 2013-07-03 14:36 - 00025728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 08:24 - 2013-06-26 09:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 08:24 - 2013-06-06 15:52 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 08:24 - 2013-06-06 15:51 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 08:24 - 2013-06-06 15:50 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 08:24 - 2013-06-06 14:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 08:24 - 2013-06-06 14:01 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-02 17:53 - 2013-10-02 17:54 - 00565864 _____ C:\windows\Minidump\100213-40919-01.dmp
2013-10-01 20:30 - 2013-10-01 20:30 - 00216833 _____ C:\Users\Mark\Downloads\savedmessages (1).zip
2013-10-01 20:21 - 2013-10-01 20:38 - 00000000 ____D C:\Program Files\iPod
2013-10-01 20:21 - 2013-10-01 20:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-01 11:49 - 2013-10-09 20:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\ControlCenter4
2013-10-01 11:45 - 2013-10-09 20:16 - 00002101 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2013-10-01 11:45 - 2013-10-09 20:15 - 00000294 _____ C:\windows\Brpfx04a.ini
2013-10-01 11:45 - 2013-10-09 20:15 - 00000065 _____ C:\windows\brpcfx.ini
2013-10-01 11:42 - 2013-10-01 11:42 - 00000066 _____ C:\windows\Brfaxrx.ini
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\ProgramData\ControlCenter4
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Program Files\ControlCenter4
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Program Files\Browny02
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Brother
2013-10-01 11:42 - 2012-07-05 22:32 - 00075264 ____R (Brother Industries, Ltd.) C:\windows\system32\BrNetSti.dll
2013-10-01 11:42 - 2010-09-23 19:13 - 00074752 _____ (Brother Industries,Ltd.) C:\windows\system32\BrWiaNCp.dll
2013-10-01 11:42 - 2010-09-23 19:12 - 00051200 _____ (Brother Industries,Ltd) C:\windows\system32\Brnsplg.dll
2013-10-01 11:42 - 2010-03-16 10:04 - 00180224 ____R (Brother Industries, Ltd.) C:\windows\system32\BrMuSNMP.dll
2013-10-01 11:42 - 2009-12-08 17:17 - 00225280 ____N (Brother Industries, Ltd.) C:\windows\system32\BrfxD05c.dll
2013-10-01 11:42 - 2003-11-28 19:57 - 00000000 _____ C:\windows\brdfxspd.dat
2013-10-01 11:41 - 2013-10-09 20:13 - 00000000 ____D C:\Program Files\Brother
2013-10-01 11:41 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\windows\system32\NSSearch.dll
2013-10-01 11:41 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\windows\system32\BrDctF2S.dll
2013-10-01 11:41 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\windows\system32\BrDctF2.dll
2013-10-01 11:41 - 2007-12-13 23:16 - 00005120 ____N (Brother Industries Ltd.) C:\windows\system32\BrDctF2L.dll
2013-10-01 11:41 - 1999-10-27 03:00 - 00000050 _____ C:\windows\system32\BRADM10A.DAT
2013-10-01 11:39 - 2013-10-01 11:39 - 00000000 ____D C:\Users\Mark\Desktop\install
2013-10-01 11:33 - 2013-10-01 11:39 - 126514424 _____ (A.I.SOFT,INC.) C:\Users\Mark\Downloads\MFC-7362N-inst-C1-EU.EXE
2013-09-28 14:57 - 2013-09-28 14:57 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2013-09-28 14:57 - 2013-09-28 14:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 18:05 - 2013-09-26 18:23 - 00014485 _____ C:\Users\Mark\Documents\brownbros.xlsx
2013-09-26 16:59 - 2013-09-26 17:02 - 00000000 ____D C:\Users\Mark\Desktop\gormani

==================== One Month Modified Files and Folders =======

2013-10-25 16:36 - 2013-10-25 16:14 - 01088113 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2013-10-25 16:15 - 2013-10-25 16:15 - 00000000 ____D C:\FRST
2013-10-25 16:11 - 2013-08-02 11:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-10-25 16:11 - 2012-12-27 08:35 - 01326997 _____ C:\windows\WindowsUpdate.log
2013-10-25 16:07 - 2009-07-14 15:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-25 16:07 - 2009-07-14 15:39 - 00080815 _____ C:\windows\setupact.log
2013-10-25 16:05 - 2013-10-25 16:05 - 00000000 ____D C:\_OTL
2013-10-25 10:58 - 2013-10-25 10:44 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2013-10-25 10:57 - 2013-10-25 10:57 - 00066058 _____ C:\Users\Mark\Desktop\Extras.Txt
2013-10-25 10:56 - 2013-10-25 10:56 - 00101762 _____ C:\Users\Mark\Desktop\OTL.Txt
2013-10-25 10:46 - 2013-01-22 11:55 - 00000325 _____ C:\windowsPODIUM.LOG
2013-10-25 10:27 - 2013-10-25 10:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2013-10-25 10:27 - 2013-10-25 10:27 - 00000000 ____D C:\Program Files\CleanUp!
2013-10-25 10:13 - 2009-07-14 15:34 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 10:13 - 2009-07-14 15:34 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 10:04 - 2013-10-25 10:04 - 00003288 ____N C:\bootsqm.dat
2013-10-25 09:12 - 2010-11-21 08:48 - 00340548 _____ C:\windows\PFRO.log
2013-10-25 09:12 - 2009-07-14 13:37 - 00000000 ____D C:\windows\security
2013-10-25 09:03 - 2013-10-25 09:03 - 00000925 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 09:03 - 2013-10-25 09:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 08:24 - 2013-05-28 15:25 - 00600576 ___SH C:\Users\Mark\Desktop\Thumbs.db
2013-10-25 08:08 - 2013-01-07 14:20 - 00000000 ____D C:\Users\Mark\Documents\Outlook Files
2013-10-25 07:16 - 2010-11-21 08:01 - 00793214 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-24 12:02 - 2012-12-27 08:39 - 00000818 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-22 15:07 - 2009-07-14 13:37 - 00000000 ____D C:\windows\system32\NDF
2013-10-21 14:30 - 2013-03-20 17:56 - 00000000 ____D C:\Users\Mark\AppData\Local\CutePDF Writer
2013-10-20 12:28 - 2013-03-05 06:14 - 00000000 ____D C:\Users\Mark\AppData\Local\Windows Live
2013-10-20 12:10 - 2013-04-26 20:44 - 01824739 _____ C:\Users\Mark\Documents\vsdsolutions.pptx
2013-10-18 16:28 - 2013-08-06 17:18 - 00000000 ___RD C:\Program Files\Skype
2013-10-18 08:30 - 2012-12-27 09:05 - 00002140 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-17 23:59 - 2012-12-27 16:58 - 00015894 _____ C:\Users\Mark\Documents\julesotang.xlsx
2013-10-11 12:22 - 2013-10-11 12:22 - 00570880 _____ C:\windows\Minidump\101113-42307-01.dmp
2013-10-11 12:22 - 2013-06-03 14:37 - 383981745 _____ C:\windows\MEMORY.DMP
2013-10-11 12:22 - 2013-04-30 20:13 - 00000000 ____D C:\windows\Minidump
2013-10-10 10:33 - 2013-10-10 10:32 - 00257230 _____ C:\windows\msxml4-KB2758694-enu.LOG
2013-10-10 09:23 - 2009-07-14 13:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-09 20:27 - 2013-10-09 20:09 - 00000000 ____D C:\ProgramData\Nuance
2013-10-09 20:24 - 2013-10-09 20:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\FLEXnet
2013-10-09 20:24 - 2013-10-01 11:49 - 00000000 ____D C:\Users\Mark\AppData\Roaming\ControlCenter4
2013-10-09 20:24 - 2012-12-26 16:29 - 00146400 _____ C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-09 20:22 - 2009-07-14 15:33 - 00498560 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-09 20:16 - 2013-10-01 11:45 - 00002101 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2013-10-09 20:15 - 2013-10-09 20:15 - 00002944 _____ C:\windows\BRPARAM.INI
2013-10-09 20:15 - 2013-10-01 11:45 - 00000294 _____ C:\windows\Brpfx04a.ini
2013-10-09 20:15 - 2013-10-01 11:45 - 00000065 _____ C:\windows\brpcfx.ini
2013-10-09 20:14 - 2009-07-14 15:52 - 00000000 ____D C:\windows\twain_32
2013-10-09 20:13 - 2013-10-01 11:41 - 00000000 ____D C:\Program Files\Brother
2013-10-09 20:13 - 2012-04-10 14:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-09 20:11 - 2013-10-09 20:09 - 00000000 ____D C:\Program Files\Nuance
2013-10-09 20:10 - 2013-10-09 20:10 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Nuance
2013-10-09 20:10 - 2013-10-09 20:10 - 00000000 ____D C:\ProgramData\zeon
2013-10-09 20:10 - 2013-10-09 20:10 - 00000000 ____D C:\ProgramData\ScanSoft
2013-10-09 20:09 - 2013-10-09 20:09 - 00000000 ____D C:\Users\Mark\Documents\MyWebPages
2013-10-09 20:09 - 2013-10-09 20:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-10-09 20:09 - 2013-10-09 20:09 - 00000000 ____D C:\Program Files\Common Files\ScanSoft Shared
2013-10-09 20:08 - 2012-04-10 14:18 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-09 20:06 - 2013-01-04 17:54 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-10-09 20:03 - 2012-04-10 14:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 20:03 - 2012-04-10 14:18 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 19:45 - 2009-07-14 15:53 - 00032582 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-09 19:44 - 2012-12-27 09:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 14:26 - 2012-12-27 10:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 14:25 - 2013-07-22 14:06 - 00000000 ____D C:\windows\system32\MRT
2013-10-09 14:23 - 2013-03-11 09:25 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-09 14:08 - 2012-12-27 17:30 - 00070144 _____ C:\Users\Mark\Documents\METALCENTRIICmetals reviewed.xls
2013-10-05 10:54 - 2013-02-02 15:51 - 00000000 ____D C:\Users\Mark\Documents\vsdsolutionsbusdocs
2013-10-04 15:05 - 2013-03-07 20:50 - 00000000 ____D C:\Users\Mark\Documents\ssd
2013-10-03 09:34 - 2013-01-11 06:31 - 00000000 ____D C:\Users\Mark\Documents\vsdsolutionsjobs
2013-10-02 17:54 - 2013-10-02 17:53 - 00565864 _____ C:\windows\Minidump\100213-40919-01.dmp
2013-10-01 20:38 - 2013-10-01 20:21 - 00000000 ____D C:\Program Files\iPod
2013-10-01 20:30 - 2013-10-01 20:30 - 00216833 _____ C:\Users\Mark\Downloads\savedmessages (1).zip
2013-10-01 20:21 - 2013-10-01 20:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-01 20:21 - 2013-02-24 19:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-01 11:42 - 2013-10-01 11:42 - 00000066 _____ C:\windows\Brfaxrx.ini
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\ProgramData\ControlCenter4
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Program Files\ControlCenter4
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Program Files\Browny02
2013-10-01 11:42 - 2013-10-01 11:42 - 00000000 ____D C:\Brother
2013-10-01 11:40 - 2013-03-24 09:29 - 00000000 ____D C:\ProgramData\Brother
2013-10-01 11:39 - 2013-10-01 11:39 - 00000000 ____D C:\Users\Mark\Desktop\install
2013-10-01 11:39 - 2013-10-01 11:33 - 126514424 _____ (A.I.SOFT,INC.) C:\Users\Mark\Downloads\MFC-7362N-inst-C1-EU.EXE
2013-10-01 08:34 - 2013-02-28 16:50 - 00000000 ____D C:\windows\softwaredistribution.bak4
2013-09-28 14:57 - 2013-09-28 14:57 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2013-09-28 14:57 - 2013-09-28 14:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 18:23 - 2013-09-26 18:05 - 00014485 _____ C:\Users\Mark\Documents\brownbros.xlsx
2013-09-26 17:02 - 2013-09-26 16:59 - 00000000 ____D C:\Users\Mark\Desktop\gormani

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-04-10 13:57] - [2011-03-01 19:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-04-10 13:57] - [2011-02-25 16:40] - 0246144 ____A (Microsoft Corporation) C37AEE5966EB5929E2051AC7409B5730



LastRegBack: 2013-05-27 18:31

==================== End Of Log ============================

Attached Files


  • 0

#4
RKinner
Posted 25 October 2013 - 12:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Did you not get a log after running the OTL, Run Fix? Please look in C:\_OTL\MovedFiles\10242013-some number.log (Maybe 10252013 where you are)

I see some adware so we might as well get rid of it:


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Going to bed now.
  • 0

#5
MARKTEN
Posted 25 October 2013 - 06:51 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

I could have sworn I attached that file I remember finding it, any how please find attached

Thanks for all your help

Mark

Attached Files


  • 0

#6
RKinner
Posted 25 October 2013 - 08:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
OK. The reason I wanted the OTL fix file was because I had asked OTL to tell me what the
3wlvf2r.reg said. Turned out it was just calling its friend: r2fvlw3.dss which we have already deleted but it did modify a legitimate registry entry so we need to fix it. Download the attached winmgmt.reg file and save it then right click on it and merge.

FRST shows some adware that I don't think adwarecleaner got all of so also download and save the fixlist.txt file to the same folder where frst.exe lives.

Run FRST (right click and Run As Admin.) and press Fix
A fix log will be generated please post that.

That should be all of it. I think it would be wise to run ESET's free online scan tho it will take several hours:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Unless it finds something I think we can clean up:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#7
MARKTEN
Posted 26 October 2013 - 08:38 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey Ron,

Where do I get file fixlist.txt from?

Mark
  • 0

#8
MARKTEN
Posted 26 October 2013 - 10:39 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Ron,

Eset picked up something at the last minute

I have not done the farbar thing as I cannott find the fix text file

I thought I'd leave the last OTL cleanup until all is done

Best Regards

Mark

Attached Files


  • 0

#9
RKinner
Posted 27 October 2013 - 12:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Sorry. Here it is:
  • 0

#10
MARKTEN
Posted 28 October 2013 - 04:27 AM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Ron,

Attached is the fixit log, I really appreciate your help

Best Regards

Mark

Attached Files


  • 0

#11
RKinner
Posted 28 October 2013 - 09:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
ESET just found something we had already removed. How is it running now?
  • 0

#12
MARKTEN
Posted 30 October 2013 - 02:51 AM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi sorry for the delay in replying

It is running well, once again Thanks for your efforts

Best Regards

Mark
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP