Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware infection by opening junk email - IE running in background. [S

Started by Katiepotatie , Nov 02 2013 05:39 AM

  • This topic is locked This topic is locked

#1
Katiepotatie
Posted 02 November 2013 - 05:39 AM

Katiepotatie

    New Member

  • Member
  • Pip
  • 4 posts
Hey there!

Unfortunately I have forgotten the name of the virus that popped up.

It came about as I stupidly thought that a way to reduce my junk mail on my email would be to unsubscribe from some of the emails. Thus I went through and started doing this which is when this nasty virus popped up.

It kept openeing a 'Anti virus' window claiming that my computer was infected and I needed to pay to download this 'safe and secure programme'.

I originally had issues trying to remove it as it disabled my computer, I was unable to search anything on the internet due to it 'not being secure' and it was impossible to open up a task manager.

Thankfully I had the internet on my mobile phone, so I searched how to remove this issue, I found a forum like website which provided a few tips on how to remove it.

This involved downloading an anti malware programme and removing the problem.

I have since unistalled this secondary programme. However I believe that the issue was gone.

But recently I have noticed a few issues, firstly, I instictly uninstalled firefox in the hope that it would get rid of the unwanted date and then reinstalled it through internet explorer. However once I reinstalled firefox there have been a few problems, such as some advertisement websites popping up when I click on a search result from google.

Secondly, both google images and maps won't load, which is clearly quite annoying.

Finally I opened up the task manager a few days ago and noticed that there were some strange internet explorer windows that opened up.

One of them include something along the lines of - bestindexonline
While the other compromises of a list of numbers and full stops.

In an attempt to get rid of this I have just tried to uninstall internet explorer, however those windows are still showing on my task manager.


I was recommended to come to this forum by my boyfriend who has been assisted here before and I hope that you can assist.

Clearly, what I really hope and would like to know, if it is possible to completely remove this issue? Also, if not would I need to restore my laptop to the factory settings? This wouldn't be preferable but if it is necessary then I am willing to do so. My Father has a wide knowledge of computers so he would be able to help me to reinstall the necessary programmes, I just hope it is possible to fix the problem without going to this extreme level.


Thank you so much for taking the time to read through my issue.




Below is my OTL log analysis which was recommended to attach to this email.



OTL logfile created on: 02/11/2013 11:15:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.92 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 68.98% Memory free
11.83 Gb Paging File | 9.76 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 271.00 Gb Total Space | 201.62 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 404.22 Gb Total Space | 403.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 6.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SIDNEY | User Name: Katie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/02 11:15:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katie\Downloads\OTL.exe
PRC - [2013/10/10 09:50:51 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/11 02:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/07 11:06:56 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/07 11:06:46 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/07 11:06:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 10:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/09/27 22:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 07:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 07:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 03:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 07:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/29 22:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/06/24 08:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/04 23:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 12:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 12:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 05:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 09:50:51 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/11 02:26:52 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/02/16 15:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 14:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 05:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 05:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 02:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/15 08:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/03 11:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 09:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/10 09:50:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/07 11:06:56 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/07 11:06:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/06/04 23:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 12:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/05/05 12:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/09/07 11:06:58 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/07 11:06:58 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/28 18:02:40 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/12/08 13:55:43 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/01 18:13:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/08/01 18:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/11 12:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 15:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/17 17:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/15 08:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 08:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/29 15:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/17 07:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/29 22:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/07/06 05:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/04 23:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/19 00:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/04/22 10:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 10:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 23:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/02 00:24:45 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A26C3AE8-6770-43A8-A7B2-AEF9F4BA81F0}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{A26C3AE8-6770-43A8-A7B2-AEF9F4BA81F0}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B4a106290-3673-11e3-8277-b8ac6f996f26%7D:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/16 17:37:38 | 000,000,000 | ---D | M]

[2013/10/22 09:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Extensions
[2013/10/22 15:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\1nga3q8x.default\extensions
[2013/11/02 11:03:17 | 000,004,231 | ---- | M] () (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\1nga3q8x.default\extensions\{4a106290-3673-11e3-8277-b8ac6f996f26}.xpi
[2013/10/16 17:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/10/16 17:37:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/22 09:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/16 17:37:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/22 09:59:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKCU..\Run: [rintd] C:\Users\Katie\AppData\Roaming\rintd.dll (Color Ltd.)
O4 - HKCU..\Run: [werize] C:\Users\Katie\AppData\Roaming\werize.dll (Color Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4406857F-7E4F-49E1-94C8-B26322DDDE38}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A225B182-BE69-4A8F-9B53-1463B5D1B086}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/17 12:23:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/01 16:58:00 | 000,000,000 | ---D | C] -- C:\Users\Katie\Desktop\Hallowe'en
[2013/10/21 22:07:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/16 19:49:17 | 000,000,000 | ---D | C] -- C:\Users\Katie\Documents\My Games
[2013/10/16 19:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013/10/16 19:39:00 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/10/16 17:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/16 15:34:27 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\Malwarebytes
[2013/10/16 15:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/16 15:34:23 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\Programs
[2013/10/16 14:57:44 | 000,380,928 | ---- | C] (Color Ltd.) -- C:\Users\Katie\AppData\Roaming\rintd.dll
[2013/10/16 14:57:39 | 000,778,240 | ---- | C] (Color Ltd.) -- C:\Users\Katie\AppData\Roaming\werize.dll
[2013/10/16 11:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/10/16 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/10/16 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/10/15 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\{A33EE4DE-70B8-4DDB-A4D0-CF7C6C4003C6}
[2013/10/14 13:45:22 | 000,000,000 | ---D | C] -- C:\Users\Katie\Desktop\UEA - Year 2
[2013/10/07 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\{E86D3D2D-147B-42FF-BEEF-ADC99862532F}
[2013/10/05 10:44:14 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\{1CE5363C-8186-4130-97E2-E6827752492B}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/02 11:09:27 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 11:09:27 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 11:06:29 | 000,780,196 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/02 11:06:29 | 000,665,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/02 11:06:29 | 000,125,906 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/02 11:06:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 11:02:59 | 000,001,437 | ---- | M] () -- C:\Users\Katie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/02 11:00:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/02 11:00:35 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/02 10:36:29 | 000,000,396 | ---- | M] () -- C:\windows\tasks\AllmyappsUpdateTask.job
[2013/11/01 16:56:43 | 007,767,776 | ---- | M] () -- C:\Users\Katie\Desktop\20131031_220757.mp4
[2013/10/16 19:47:37 | 000,766,108 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/16 19:39:00 | 000,000,222 | ---- | M] () -- C:\Users\Katie\Desktop\Terraria.url
[2013/10/16 14:57:44 | 000,380,928 | ---- | M] (Color Ltd.) -- C:\Users\Katie\AppData\Roaming\rintd.dll
[2013/10/16 14:57:39 | 000,778,240 | ---- | M] (Color Ltd.) -- C:\Users\Katie\AppData\Roaming\werize.dll
[2013/10/15 11:33:39 | 000,353,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/02 11:02:59 | 000,001,409 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/11/01 16:55:24 | 007,767,776 | ---- | C] () -- C:\Users\Katie\Desktop\20131031_220757.mp4
[2013/10/22 09:59:24 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/16 19:39:00 | 000,000,222 | ---- | C] () -- C:\Users\Katie\Desktop\Terraria.url
[2012/09/14 15:02:35 | 000,766,108 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/09 12:11:25 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/01/09 11:09:08 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/04 19:30:21 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Elluminate
[2012/11/06 22:44:09 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\EurekaLog
[2012/09/14 16:59:44 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\SoftGrid Client
[2012/09/14 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\TP
[2013/07/27 19:35:17 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Transformice
[2012/09/12 23:04:19 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/22 20:49:53 | 098,597,466 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\캜풉ᵌ–
[2013/09/22 14:49:55 | 098,597,466 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\캜풉ᵌ–

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 02 November 2013 - 06:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can get you back on the straight and narrow

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKCU..\Run: [rintd] C:\Users\Katie\AppData\Roaming\rintd.dll (Color Ltd.)
O4 - HKCU..\Run: [werize] C:\Users\Katie\AppData\Roaming\werize.dll (Color Ltd.)
[2013/10/16 14:57:44 | 000,380,928 | ---- | C] (Color Ltd.) -- C:\Users\Katie\AppData\Roaming\rintd.dll
[2013/10/16 14:57:39 | 000,778,240 | ---- | C] (Color Ltd.) -- C:\Users\Katie\AppData\Roaming\werize.dll
[2013/11/02 10:36:29 | 000,000,396 | ---- | M] () -- C:\windows\tasks\AllmyappsUpdateTask.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

FINALLY

  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. .
  • Post all logs

  • 0

#3
Katiepotatie
Posted 16 November 2013 - 10:12 AM

Katiepotatie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello!

I am sorry for the delay in response, I didn't realise you had replied.


Firstly here is the text from JRT:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Katie on 16/11/2013 at 15:52:23.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-819639659-4150350305-585420797-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A26C3AE8-6770-43A8-A7B2-AEF9F4BA81F0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A26C3AE8-6770-43A8-A7B2-AEF9F4BA81F0}



~~~ Files

Successfully deleted: [File] "C:\Users\Katie\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\Users\Katie\music\qtrax media library"
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{029F1A11-A4B8-4F87-8220-7DC5FEDCA6FC}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{033F8D37-4DD8-456D-A8E2-A9AF558072CD}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{044D1331-D9DA-4AD9-8043-EB0E18EF6DD0}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{044F39C4-0BC1-48C4-8728-29392E8F5131}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{05FC0B76-FBDB-4EEB-9C9C-28F843D10C8D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{08C0A894-CF40-4BA9-9471-CBB61670AD8C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{093B6E98-BA8C-4493-A9D1-20C767EBA1FC}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{0B8D2C34-DCC2-497D-8605-D0576568374D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{0D0EEEAB-7D3A-443C-B2EA-1B6FAC1C4AA9}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1000D69F-B2E4-4B6F-98D0-C16D8A16142D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{10D9AA32-2EC8-44D7-89BD-DBBFCA231DB7}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1196F9BC-F4E7-45BB-B341-73A93A1650E8}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1223CB42-1DD3-4DD7-A327-43555A34EA29}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1254821F-A7B6-43BE-B432-A98369CC633A}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{18346BEC-D36F-4A72-A013-90186A3A89F6}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1B7AE8F4-6213-4C7D-B293-831B97372E86}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1CE5363C-8186-4130-97E2-E6827752492B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1EE58F5A-804C-49E6-8E34-840D479A4FDC}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1F15DA8C-85C9-4220-A7A3-5A8CBE1D9026}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{1F7FDF7F-E080-47CD-8D04-C7DB199F6C6C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{25AB3407-74DA-49CB-9E35-7BBD2A61D5E0}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{26B9E6BB-6B58-4754-AB07-621459EC97B1}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{2940F1DA-1B0D-4F45-9C44-A1CD9983D158}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{2E34AE9A-AA18-4800-8EBB-1094505D2FEB}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{2EA078AF-92AE-43DA-963B-3D55D1F701BD}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{2FEFA1BA-4935-4B3E-9208-37CAE07DFA36}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{3004F87E-D72A-496A-88DF-CFA5D1FD384C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{30E1CF87-DA1B-4C84-8CB9-DE347E76E4FD}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{316998AB-C4C5-47E4-846C-E7176C29ACF8}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{34E1EF21-21A6-4D0A-8DA2-147C5536EE94}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{39C20777-12B5-412C-A802-56B02962ADEF}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{3BF8B382-2DCF-4DCF-A5E4-90F1E4F42882}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{3C4505AB-14B2-4673-B9EC-1EC70BF8C729}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{3EB53632-EF2F-4FA1-996B-61FEF91611F5}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{3F13496A-6DD8-4F41-A5A1-96D11E4398DE}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{3FD8AFD0-DC6D-49DC-9507-2FF050D22271}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{423441D9-629D-4EB1-99B0-FF622250FF0B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{426A711D-2BA9-4671-9F69-11D90672DA3A}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{4601CBEE-9CC2-4AB4-9145-083C498FCF38}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{47832ED4-7A25-423D-B34F-45B1CF642B36}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{49665E2D-C448-47C2-81B7-7D0FB3CD1D7F}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{4A8E5DC6-3865-4B3F-83F7-0DBD4A040BDC}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{4BEC1EB5-4B57-4783-852A-74EEA2E80BB1}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{4CA4FE06-5514-437D-81A4-A6E23BB0C733}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{501AAFB2-D552-480F-8F2D-2BFCCC771155}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{549A8A8A-A02F-4BD8-829D-CB43A0338DF5}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{56A01875-2C09-48D2-968F-B3A88C2F1A3F}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{56A0EC18-E026-4734-9967-215DEDB5A4F4}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{5997B5E4-FE08-4857-A3FD-8262BE074FD3}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{5B263C73-995F-4716-98F2-B001A283140B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{5CB3041B-C52C-483F-9F42-263094D4EDA7}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{5D0542DB-AD04-4417-95A8-3C799DC003F7}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{5E0BC6A8-DD0E-4304-85FB-9E5864CF935B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{6041FEFF-C0A0-4893-9C04-A444A3F189EA}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{62231848-8F22-442E-AD65-F9DE5E239D04}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{63FDF1C6-924D-4E4A-9BA7-A3A5BBBD8B84}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{646BFC10-D51F-466E-B040-FD4C818F3701}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{66AE7310-8064-48A7-8ADC-407DF719E388}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{672C516F-D3B6-401E-A0D6-122A42521D27}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{6965E5A4-F84D-4644-9448-2A0DF954AA05}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{6B23FFBF-DEB5-496E-B862-8BA510F0D6C0}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{6EBDC7FC-C845-4F62-9FE5-3BE0663C196C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{717F855A-B697-449F-9BB0-5B2178242E61}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{7400F714-D7DF-4094-9385-B05667E14299}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{754CFF78-4ACB-401C-9CA7-922A15B7D07D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{76C5CD0F-DEBA-4701-8384-79793C236F8E}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{80AD3ADE-B499-46A6-8FE7-6A177E8B317C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{81951F4E-E5A0-4CF8-9979-A7071800E318}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{859F470E-CE49-4AB8-93A7-1E90E0405773}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{887293C3-2FED-455B-A4D4-E84772E2BB6E}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{89DDD934-6944-4441-B502-0F7800093752}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{8A5707F6-87B2-4863-ACCD-9D8DE5FCBB1E}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{8ADC0099-0E25-4106-ACD0-79A267AC6D3C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{8F2B45A0-E567-4299-9694-E18C104FE800}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{906CAFF5-FE7D-4B15-8ECA-D7350B2810C2}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{92E67772-A723-47EE-A439-8F414221556F}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{93FB2DD6-F581-47E3-A613-0C8844B58C2D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{954941D3-8E8E-4EA8-840E-7EB2512125A3}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{97157710-9AB6-401A-A941-952D8CBB6FD4}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{97183DE5-F417-4EEE-A7B3-50A1DE4B46CB}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{9B6E8D32-7087-4836-8CFC-6D7368A4673A}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{9D4B44A1-897C-461E-9A57-2043A681A47B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{A33EE4DE-70B8-4DDB-A4D0-CF7C6C4003C6}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{A5C19EC4-497D-4B43-A86E-27515C955371}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{A64E9180-BB44-4554-ACDC-47A624F7C682}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{ACEA4F2B-2A06-4A97-82DE-6A4464685165}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{AD2BC47E-7AE3-46FF-8AE5-71F73547BFDC}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{AE762000-530A-41F7-9DE4-6C8DFE936103}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{AEC3B383-639F-45C6-A045-933887FE0520}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{AF310356-2EC2-463B-806E-7A3C2404BEAB}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{AF446275-DC5F-4AED-9C6C-D0A4BBD251DF}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{AFD3B94E-B475-45B1-B554-3661E0C5022C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{B3F90764-FB18-4E5C-B902-4F7AD5C12F00}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{B48FC9B5-48AC-48F0-80F2-F9468DFC5F6B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{B4C0EA39-EFE6-4D82-8130-3101BD188105}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{B7FE1AE2-E109-4DCE-B1DA-DB3495713572}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{BA1B72C7-D466-4D13-BA9C-60F6BD18B5E5}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{BB8A8816-43AE-4F50-8EC6-BC046A525A6B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{BE675D72-0980-4AA8-9A11-30B14D0CC379}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{C04A888A-68FD-45AF-9836-B097F4A2FAC1}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{C1DEB8E8-5BD8-40D0-836C-05979469A80C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{C3958D5C-9D68-476D-9D4B-3AE3865A79B0}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{C56F5D08-6DD2-44E1-8EBD-FB915AFE6A9D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{C64DDC82-3B2A-4D32-A207-5233FFF09049}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{C661CC6F-E0A0-4094-AE6E-AE32419D13CF}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{CA45914B-D30B-40E3-B85E-1E41F84607D5}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{CADE210F-698C-4802-94F3-F7C5943CE462}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{CB97B6E0-BF3D-4335-9574-52658676E44A}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{CD8B4115-C460-49D2-B092-6BF1F442D6E7}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{CDFDDD0A-09AA-4CE9-B77C-C27185BF3D84}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{D18F5289-0E9D-4C05-9EC6-E50C9BE04121}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{D194C3AE-91A7-453B-936E-FAF26B5FFFC0}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{D33C4664-0823-4805-A4BC-073A0906025D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{D64F36FF-53B0-4450-A3BA-4744E7D4C070}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{D7D42997-1B3C-473B-833C-D82BD310C872}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{DB01DBF3-72FD-4203-A96C-B410EDA7E367}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{DDA1B260-6F26-404D-A5DD-EF47FCF2D14B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{DE3EBA21-6B67-44D6-BA70-674FBD0B691D}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{DE431D6D-782E-42F8-BCE8-910CAAE18A23}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{DE8FCE28-1C67-49B8-954E-D18726FA805C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{DF34E753-AFB2-4D78-B446-30DE8547142F}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E20E8B9C-F5B6-41C9-B5C3-68B1F2A8FE8F}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E3DFB074-CAB9-441B-9309-616E3848E08A}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E46DDE61-10EB-46D5-9926-2D6EE128C203}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E4F455D7-BE85-45B5-888E-5068FDDDEF53}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E6917F2A-19C2-4385-808B-7E2A66C8D9AD}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E861C610-B10B-4517-B2ED-201DAE13CEFE}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{E86D3D2D-147B-42FF-BEEF-ADC99862532F}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{EB83FED6-5232-430C-902B-106CCD7D6206}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{ED1EC0F6-35C9-4F9F-8344-359228BB7F2C}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{EF3DACB6-07AF-4EA7-B525-863DB6284A37}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{F1764822-C1B7-43BA-BE89-EB6D6BE05313}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{F25D07E7-2F09-422B-B6E5-39CA03FA30D3}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{F315845F-0BD6-4729-A884-ED35F8E9FB0B}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{F4701A89-4A49-4FA5-B524-86288C3C88DD}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{F7F28C80-6315-44B3-931E-F411C7131544}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{FA89FB8F-F2C0-41B0-A314-17A320C869D2}
Successfully deleted: [Empty Folder] C:\Users\Katie\appdata\local\{FE70FC67-6003-470B-8B63-135023CB7D52}



~~~ FireFox

Emptied folder: C:\Users\Katie\AppData\Roaming\mozilla\firefox\profiles\1nga3q8x.default\minidumps [22 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/11/2013 at 15:59:04.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




And the OTL scan afterwards:


OTL logfile created on: 16/11/2013 16:01:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.92 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 77.62% Memory free
11.83 Gb Paging File | 9.97 Gb Available in Paging File | 84.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 271.00 Gb Total Space | 203.56 Gb Free Space | 75.11% Space Free | Partition Type: NTFS
Drive D: | 404.22 Gb Total Space | 403.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: SIDNEY | User Name: Katie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/02 11:15:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katie\Downloads\OTL.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/11 02:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/07 11:06:56 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/07 11:06:46 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/07 11:06:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/09/06 07:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 07:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 03:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 07:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/29 22:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/06/24 08:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/04 23:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 12:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 12:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 05:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 02:26:52 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/02/16 15:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 14:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 05:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 05:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 02:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/15 08:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/03 11:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 09:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/13 20:52:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/07 11:06:56 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/07 11:06:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/06/04 23:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 12:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/05/05 12:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/09/07 11:06:58 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/07 11:06:58 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/28 18:02:40 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/12/08 13:55:43 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/01 18:13:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/08/01 18:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/11 12:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 15:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/17 17:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/15 08:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 08:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/29 15:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/17 07:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/29 22:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/07/06 05:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/04 23:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/19 00:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/04/22 10:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 10:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 23:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/02 00:24:45 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-819639659-4150350305-585420797-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B4a106290-3673-11e3-8277-b8ac6f996f26%7D:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/16 17:37:38 | 000,000,000 | ---D | M]

[2013/10/22 09:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Extensions
[2013/10/22 15:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\1nga3q8x.default\extensions
[2013/11/12 10:37:47 | 000,004,231 | ---- | M] () (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\1nga3q8x.default\extensions\{4a106290-3673-11e3-8277-b8ac6f996f26}.xpi
[2013/10/16 17:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/10/16 17:37:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/22 09:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/16 17:37:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/22 09:59:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-819639659-4150350305-585420797-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-819639659-4150350305-585420797-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-819639659-4150350305-585420797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4406857F-7E4F-49E1-94C8-B26322DDDE38}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A225B182-BE69-4A8F-9B53-1463B5D1B086}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/17 12:23:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/16 15:52:15 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/11/16 15:50:43 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Katie\Desktop\JRT.exe
[2013/11/15 11:17:53 | 000,000,000 | ---D | C] -- C:\Users\Katie\Desktop\Uea printed
[2013/11/14 11:24:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/14 11:24:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/14 11:24:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/14 11:24:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/14 11:24:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/14 11:24:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/14 11:24:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/14 11:24:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/14 11:24:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/14 11:24:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/14 11:24:48 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/14 11:24:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/14 11:24:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/14 11:24:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/14 11:24:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/14 10:32:54 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/14 10:32:43 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/14 10:32:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/14 10:32:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/14 10:32:42 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/14 10:32:42 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/14 10:32:37 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/14 10:32:37 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/14 10:32:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/14 10:32:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/14 10:32:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/14 10:32:30 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/14 10:32:27 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/14 10:32:27 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/14 10:32:27 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/14 10:32:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/12 11:40:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 16:58:00 | 000,000,000 | ---D | C] -- C:\Users\Katie\Desktop\Hallowe'en
[2013/10/21 22:07:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner

========== Files - Modified Within 30 Days ==========

[2013/11/16 15:51:04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Katie\Desktop\JRT.exe
[2013/11/16 15:31:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/16 15:31:57 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 12:34:59 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 12:34:59 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 12:33:22 | 000,780,196 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/16 12:33:22 | 000,665,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/16 12:33:22 | 000,125,906 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/16 12:26:53 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/14 10:19:50 | 000,000,149 | ---- | M] () -- C:\Users\Katie\Desktop\Uninstall.ini
[2013/11/13 20:52:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/11/13 20:52:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/13 18:15:09 | 000,223,721 | ---- | M] () -- C:\Users\Katie\Desktop\M Dixon article.rtf
[2013/11/13 18:13:14 | 000,085,618 | ---- | M] () -- C:\Users\Katie\Desktop\D Sheehan article.rtf
[2013/11/07 01:30:58 | 000,766,108 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/11/02 11:02:59 | 000,001,437 | ---- | M] () -- C:\Users\Katie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/01 16:56:43 | 007,767,776 | ---- | M] () -- C:\Users\Katie\Desktop\20131031_220757.mp4

========== Files Created - No Company Name ==========

[2013/11/14 10:19:50 | 000,000,149 | ---- | C] () -- C:\Users\Katie\Desktop\Uninstall.ini
[2013/11/13 18:15:09 | 000,223,721 | ---- | C] () -- C:\Users\Katie\Desktop\M Dixon article.rtf
[2013/11/13 18:13:14 | 000,085,618 | ---- | C] () -- C:\Users\Katie\Desktop\D Sheehan article.rtf
[2013/11/02 11:02:59 | 000,001,409 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/11/01 16:55:24 | 007,767,776 | ---- | C] () -- C:\Users\Katie\Desktop\20131031_220757.mp4
[2013/10/22 09:59:24 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/14 15:02:35 | 000,766,108 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/09 12:11:25 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/01/09 11:09:08 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/04 19:30:21 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Elluminate
[2012/11/06 22:44:09 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\EurekaLog
[2012/09/14 16:59:44 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\SoftGrid Client
[2012/09/14 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\TP
[2013/07/27 19:35:17 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Transformice
[2012/09/12 23:04:19 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 05:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 03:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 22:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 05:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 04:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 03:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 03:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 03:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 17:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 06:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 03:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 03:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 03:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 03:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 03:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 03:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 03:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 03:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 05:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 03:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 03:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 03:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 03:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 03:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 03:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 03:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 03:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 03:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 05:08:49 | 000,032,620 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/11/17 19:22:20 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is FA45-B61A
Directory of C:\
14/07/2009 05:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:08 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 05:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Katie
12/09/2012 15:04 <JUNCTION> Application Data [C:\Users\Katie\AppData\Roaming]
12/09/2012 15:04 <JUNCTION> Cookies [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Cookies]
12/09/2012 15:04 <JUNCTION> Local Settings [C:\Users\Katie\AppData\Local]
12/09/2012 15:04 <JUNCTION> My Documents [C:\Users\Katie\Documents]
12/09/2012 15:04 <JUNCTION> NetHood [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/09/2012 15:04 <JUNCTION> PrintHood [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/09/2012 15:04 <JUNCTION> Recent [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Recent]
12/09/2012 15:04 <JUNCTION> SendTo [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\SendTo]
12/09/2012 15:04 <JUNCTION> Start Menu [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu]
12/09/2012 15:04 <JUNCTION> Templates [C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Katie\AppData\Local
12/09/2012 15:04 <JUNCTION> Application Data [C:\Users\Katie\AppData\Local]
12/09/2012 15:04 <JUNCTION> History [C:\Users\Katie\AppData\Local\Microsoft\Windows\History]
12/09/2012 15:04 <JUNCTION> Temporary Internet Files [C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Katie\Documents
12/09/2012 15:04 <JUNCTION> My Music [C:\Users\Katie\Music]
12/09/2012 15:04 <JUNCTION> My Pictures [C:\Users\Katie\Pictures]
12/09/2012 15:04 <JUNCTION> My Videos [C:\Users\Katie\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
09/01/2012 10:48 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
09/01/2012 10:48 <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
09/01/2012 10:48 <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
09/01/2012 10:48 <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
09/01/2012 10:48 <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/01/2012 10:48 <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/01/2012 10:48 <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
09/01/2012 10:48 <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
09/01/2012 10:48 <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
09/01/2012 10:48 <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
09/01/2012 10:48 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
09/01/2012 10:48 <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
09/01/2012 10:48 <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
09/01/2012 10:48 <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
09/01/2012 10:48 <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
09/01/2012 10:48 <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 219,944,976,384 bytes free

========== Files - Unicode (All) ==========
[2013/11/16 12:28:28 | 104,552,080 | ---- | M] ()(C:\windows\SysWow64\???¨) -- C:\windows\SysWow64\ꀲ⢵ᵌ¨
[2013/11/16 12:28:28 | 104,552,080 | ---- | C] ()(C:\windows\SysWow64\???¨) -- C:\windows\SysWow64\ꀲ⢵ᵌ¨
[2013/09/22 20:49:53 | 098,597,466 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\캜풉ᵌ–
[2013/09/22 14:49:55 | 098,597,466 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\캜풉ᵌ–

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >



Thank you again for helping me out.


Katie
  • 0

#4
Essexboy
Posted 16 November 2013 - 10:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks better, how is the computer behaving now ?



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#5
Katiepotatie
Posted 21 November 2013 - 07:49 AM

Katiepotatie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey again,

Thanks for solving the issue with internet explorer. However I am still having some issues with my firefox. As a way for trying to remove the virus at the time I uninstalled firefox and reinstalled it from IE, ever since there have been a few problems: google maps doesn't work, neither does google images and when I sometimes try and click on a hit from a google search it attempts to send me to some kind of advertising/buying website.

I am not sure if I could solve this problem by uninstalling and reinstalling from IE as IE appears to no longer have any issues? Or if there is a bigger issue.


Anyway, here is the log from the malware programme:


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Katie :: SIDNEY [administrator]

Protection: Enabled

21/11/2013 13:28:20
mbam-log-2013-11-21 (13-28-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228950
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Katie\AppData\Local\Temp\l5_wFRwV.exe.part (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.

(end)
  • 0

#6
Essexboy
Posted 21 November 2013 - 08:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Some corruptions may have been carried over during the re-install of Firefox.. MY recommendation would be a clean install

From the control panel uninstall Firefox
Accept the option to delete all data
Then run this small OTL fix to remove the other data


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]


:Files
C:\Program Files (x86)\Mozilla Firefox
C:\Users\Katie\AppData\Roaming\Mozilla
  • Then click the Run Fix button at the top
  • Let the program run unhindered,

THEN

Download and install the latest Firefox from here http://www.mozilla.o...US/firefox/all/

Once done then run a fresh OTL quick scan and let me know how the computer is behaving
  • 0

#7
Katiepotatie
Posted 23 November 2013 - 04:53 AM

Katiepotatie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey,

Yes thank you, everything seems to be in good working order now.

I don't see anymore problems at the moment, is there anything else you want me to do?



Many thanks,

Katie
  • 0

#8
Essexboy
Posted 23 November 2013 - 05:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy
Posted 26 November 2013 - 09:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP