Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Double undelined words in web pages


  • Please log in to reply

#1
Narimga

Narimga

    New Member

  • Member
  • Pip
  • 4 posts
Web pages have started having underlined links which when pointed at become adverts. This happens in Google Chrome. In IE I was able to put the offending web sites into the Internet security settings to block them, but not able to do this in Chrome. Anyway, this seems a workaround and not an answer.I don't know if this is the right place to ask this question but have to start somewhere. Follows OTL Log. Thanks in advance. Mike:

OTL logfile created on: 11/11/2013 11:29:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.12 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 48.79% Memory free
6.45 Gb Paging File | 4.56 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.78 Gb Free Space | 17.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
PRC - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software)


========== Modules (No Company Name) ==========

MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._gdi_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32com.shell.shell.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\_elementtree.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32api.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._html2.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\_socket.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\_multiprocessing.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32ts.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32crypt.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._core_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\_ssl.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._misc_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\_hashlib.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\pythoncom27.dll ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\PyWinTypes27.dll ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32security.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\_ctypes.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32process.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32pdh.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32profile.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._windows_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._wizard.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32file.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32inet.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\wx._controls_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\unicodedata.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\pyexpat.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\win32event.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI55362\select.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\_elementtree.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32api.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\_socket.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32ts.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\_multiprocessing.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32com.shell.shell.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._html2.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._gdi_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32crypt.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\_ctypes.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32profile.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\pythoncom27.dll ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._misc_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._core_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\PyWinTypes27.dll ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32security.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\_ssl.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32pdh.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\_hashlib.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32process.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._windows_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._wizard.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32file.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32inet.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\wx._controls_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\win32event.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\pyexpat.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\unicodedata.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI34243\select.pyd ()
MOD - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()


========== Services (SafeList) ==========

SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (RUBotSrv) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (VSNAPVSS) -- C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (StorageCraft Image Manager) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (nlsvc) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software)


========== Driver Services (SafeList) ==========

DRV - (RTL2831UUSB) -- System32\Drivers\RTL2831UUSB.sys File not found
DRV - (RTL2831UBDA) -- system32\drivers\RTL2831UBDA.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MonitorFunction) -- C:\Windows\System32\drivers\TVMonitor.sys (TeamViewer GmbH)
DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro36.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (stcvsm) -- C:\Windows\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\Windows\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ComproHID) -- C:\Windows\System32\drivers\ComproHID.sys (Compro Tech., Inc.)
DRV - (WMP300Nv2) -- C:\Windows\System32\drivers\WMP300Nv2.sys (Atheros Communications, Inc.)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA )
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDrec) -- C:\Windows\System32\drivers\InCDrec.sys (Nero AG)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (nltdi) -- C:\Windows\System32\drivers\nltdi.sys (Locktime Software)
DRV - (Winachcf) -- C:\Windows\System32\drivers\winachcf.sys (Conexant)
DRV - (RfsdFsd) -- C:\Windows\System32\drivers\rfsdfsd.sys (RfsdFsd Group (rfsdfsd.sf.net))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A270EB3C-CE3C-448C-B384-CCD50BD7CA84}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/12/03 10:37:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/06/17 13:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/17 15:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/17 10:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/17 15:09:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/17 10:13:05 | 000,000,000 | ---D | M]

[2010/07/02 11:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/07/01 18:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/07/13 21:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions
[2010/07/07 11:09:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/29 10:12:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/05/09 13:28:24 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/19 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013/06/19 17:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/19 17:46:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/19 17:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\distribution\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com.au/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Disabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Disabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2013/04/27 12:08:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC63C088-8C1A-4595-BD6A-23F60572DA0C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC63C088-8C1A-4595-BD6A-23F60572DA0C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Mike\Pictures\2010 Darwin\DSCF1984.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mike\Pictures\2010 Darwin\DSCF1984.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/11 11:28:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2013/11/03 11:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[2013/11/03 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/11/03 11:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2013/10/19 15:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/10/18 14:15:39 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/18 14:15:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/18 14:15:26 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/18 14:15:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/17 13:24:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/17 13:24:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/17 13:24:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/17 13:24:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/17 13:24:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/17 13:24:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/17 13:24:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/17 13:24:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/17 10:36:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/17 10:36:55 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/17 10:36:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/17 10:36:55 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/17 10:36:54 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/17 10:36:54 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/17 10:36:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/17 10:36:54 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/17 10:36:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/17 10:36:50 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/17 10:36:47 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/17 10:36:35 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/17 10:36:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/17 10:36:28 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/17 10:36:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/17 10:36:23 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/11 11:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2013/11/11 11:16:17 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 11:16:17 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/10 18:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/10 18:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000UA.job
[2013/11/10 18:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/10 10:26:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/10 10:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000Core.job
[2013/11/03 11:06:35 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/11/02 19:26:20 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/02 19:26:20 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/02 19:17:28 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/11/02 19:16:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/02 14:50:32 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/10/20 16:38:04 | 000,028,672 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/18 21:31:47 | 000,002,076 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/18 21:31:47 | 000,002,074 | ---- | M] () -- C:\Users\Mike\Desktop\Google Chrome.lnk
[2013/10/17 14:48:41 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/17 14:41:55 | 000,436,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/17 11:30:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/17 11:30:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/03 11:06:35 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/10/17 14:48:41 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/10/17 14:48:41 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/06/28 07:48:46 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 11:45:03 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 11:45:03 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/17 13:09:14 | 000,206,453 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2013/06/17 13:09:14 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2013/05/02 12:51:43 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/02 12:51:43 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/27 11:40:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 11:40:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 11:40:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 11:40:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 11:40:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/18 17:30:39 | 000,000,632 | RHS- | C] () -- C:\Users\Mike\ntuser.pol
[2013/02/10 16:52:45 | 000,000,845 | ---- | C] () -- C:\Users\Mike\.recently-used.xbel
[2012/02/20 20:30:03 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/29 22:59:48 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/29 22:59:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/29 22:59:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/29 22:58:42 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
[2011/12/29 20:59:48 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/09 11:59:41 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2008/03/26 13:51:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/16 11:22:06 | 000,027,227 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Personal Address Book.ADR
[2007/12/30 01:43:31 | 000,007,268 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2007/10/11 19:21:11 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/04/28 10:35:27 | 000,027,848 | ---- | C] () -- C:\Users\Mike\MYOB Premier Print Job.tif
[2007/04/28 10:28:25 | 000,027,848 | ---- | C] () -- C:\Users\Mike\Drum Inv.TIF
[2007/03/19 17:57:10 | 000,021,738 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).EML
[2007/03/17 09:32:34 | 000,024,572 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/03/16 20:52:16 | 000,028,672 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 23:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 17:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 17:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Mike\Google Drive\xmas fairy tale.eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C10F9B26
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BEC0D766
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E2B2CFF7

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
Narimga

Narimga

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks Ron, for taking the time to look at my problem.

Below are the logs you asked for.



# AdwCleaner v3.012 - Report created 12/11/2013 at 12:10:48
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\invalidprefs.js
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v22.0 (en-GB)

[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2895 octets] - [12/11/2013 12:09:19]
AdwCleaner[S0].txt - [2856 octets] - [12/11/2013 12:10:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2916 octets] ##########





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Mike on Tue 12/11/2013 at 12:22:50.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1860963862-3137177657-3486226813-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Mike\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{00CBBCDF-D02E-4B88-87AD-8F22CAF021BA}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{05CEB8E4-3CA6-495E-BAC2-F69E4E7362B6}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{3B7A9B2F-C86A-4120-8908-D608C8A5376C}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{6288BC32-DCA9-44D3-8838-D45502E122AB}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{810ABC8A-A0F6-4CB0-ACD8-65B19494E882}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{833B0624-6576-4782-A308-10C78BA6EDF4}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{BA31630A-3D17-4B03-95B0-F9223EAC90A6}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{D7615BE9-926B-4E3C-BDE0-119E4B8DE8C4}



~~~ FireFox

Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\vgqmae0v.default\minidumps [409 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/11/2013 at 12:27:37.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Mike (administrator) on MIKE-PC on 12-11-2013 12:31:50
Running from C:\Users\Mike\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(StorageCraft Technology Corporation) C:\Windows\system32\vsnapvss.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [Google Update] - C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-09-11] (Google Inc.)
HKCU\...\Run: [09009A79D78F7D57D59454FD1051E02615098430._service_run] - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-09] (Google Inc.)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoFileUrl] 0
HKCU\...\Policies\Explorer: [NoUpdateCheck] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{FC63C088-8C1A-4595-BD6A-23F60572DA0C}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default
FF Homepage: https://www.google.com.au/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Bitdefender QuickScan - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: https://www.google.com.au/
CHR RestoreOnStartup: "https://www.google.c...ed=0CAYQqS4oBA"
CHR Plugin: (Shockwave Flash) - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Weather (extension)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0
CHR Extension: (WOT) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.2_0
CHR Extension: (avast! Online Security) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Wave Accounting) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.5_0
CHR Extension: (Poppit) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [491520 2007-04-24] (Locktime Software)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [603760 2013-10-21] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-17] (Trend Micro Inc.)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 StorageCraft Image Manager; C:\Program Files\StorageCraft\ImageManager\ImageManager.exe [90112 2008-09-23] (StorageCraft Technology Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S4 ShadowProtectSvc; "C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
S3 ComproHID; C:\Windows\System32\DRIVERS\ComproHID.sys [7040 2007-10-01] (Compro Tech., Inc.)
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro36.sys [23624 2012-02-20] ()
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MonitorFunction; C:\Windows\System32\DRIVERS\TVMonitor.sys [13304 2012-11-29] (TeamViewer GmbH)
S3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [11976 2007-06-09] (UVNC BVBA )
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [81688 2007-04-24] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 RfsdFsd; C:\Windows\System32\Drivers\RfsdFsd.sys [46336 2005-07-31] (RfsdFsd Group (rfsdfsd.sf.net))
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 Winachcf; C:\Windows\System32\DRIVERS\winachcf.sys [889636 2007-03-20] (Conexant)
R3 WMP300Nv2; C:\Windows\System32\DRIVERS\WMP300Nv2.sys [743424 2007-07-30] (Atheros Communications, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RTL2831UBDA; system32\drivers\RTL2831UBDA.sys [x]
S3 RTL2831UUSB; System32\Drivers\RTL2831UUSB.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 12:30 - 2013-11-12 12:30 - 01090275 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe
2013-11-12 12:30 - 2013-11-12 12:30 - 00000000 ____D C:\FRST
2013-11-12 12:28 - 2013-11-12 12:28 - 00002198 _____ C:\Users\Public\JRT.txt
2013-11-12 12:27 - 2013-11-12 12:27 - 00002198 _____ C:\Users\Mike\Desktop\JRT.txt
2013-11-12 12:22 - 2013-11-12 12:22 - 00000000 ____D C:\Windows\ERUNT
2013-11-12 12:21 - 2013-11-12 12:21 - 01034531 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2013-11-12 12:16 - 2013-11-12 12:16 - 00002996 _____ C:\Users\Public\AdwCleaner[S0].txt
2013-11-12 12:09 - 2013-11-12 12:11 - 00000000 ____D C:\AdwCleaner
2013-11-12 12:07 - 2013-11-12 12:07 - 01085542 _____ C:\Users\Mike\Desktop\AdwCleaner.exe
2013-11-12 10:42 - 2013-11-12 11:16 - 00019283 _____ C:\Users\Mike\Google Drive\NARIMGA TAX CHQ PAYMENTS.xlsx
2013-11-11 15:09 - 2013-11-11 15:09 - 00004360 _____ C:\Users\Mike\Google Drive\MF TAX 2012 TO 20013.ods
2013-11-11 15:02 - 2013-11-11 16:40 - 00017860 _____ C:\Users\Mike\Google Drive\VISA TAX 2012 - 2013.xlsx
2013-11-11 12:08 - 2013-11-11 12:08 - 00080944 _____ C:\Users\Mike\Desktop\OTL.Txt
2013-11-11 11:28 - 2013-11-11 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Desktop\OTL.exe
2013-11-03 11:06 - 2013-11-03 11:06 - 00001868 _____ C:\Users\Public\Desktop\Reflect.lnk
2013-11-03 11:06 - 2013-11-03 11:06 - 00000000 ____D C:\Program Files\Macrium
2013-11-03 11:03 - 2013-11-03 11:03 - 00000000 ____D C:\Users\Mike\Downloads\Macrium
2013-11-03 11:02 - 2013-11-03 11:12 - 00000000 ____D C:\ProgramData\Macrium
2013-10-27 10:43 - 2013-10-27 10:55 - 00012696 _____ C:\Users\Mike\Google Drive\SOUTH AUSTRALIA FUEL 2013.xlsx
2013-10-27 10:16 - 2013-10-27 18:29 - 00014363 _____ C:\Users\Mike\Google Drive\SOUTH AUSTRALIA EXPENSES.xlsx
2013-10-19 15:45 - 2013-11-01 21:35 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-18 14:15 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-18 14:15 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-18 14:15 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-18 14:15 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-18 14:14 - 2013-10-18 14:15 - 00004113 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-10-18 14:14 - 2013-10-18 14:14 - 00000000 _____ C:\Windows\system32\REND324.tmp
2013-10-18 14:14 - 2013-10-18 14:14 - 00000000 _____ C:\Windows\system32\REND323.tmp
2013-10-17 14:48 - 2013-10-17 14:48 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-17 13:24 - 2013-09-22 21:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-17 13:24 - 2013-09-22 21:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-17 13:24 - 2013-09-22 21:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-17 13:24 - 2013-09-22 21:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-17 13:24 - 2013-09-22 21:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-17 13:24 - 2013-09-22 21:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-17 13:24 - 2013-09-22 21:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-17 13:24 - 2013-09-22 21:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-17 13:24 - 2013-09-22 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-17 13:24 - 2013-09-22 21:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-17 13:24 - 2013-09-22 21:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-17 13:24 - 2013-09-22 21:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-17 13:24 - 2013-09-22 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-17 13:24 - 2013-09-22 21:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-17 13:24 - 2013-09-22 21:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-17 13:24 - 2013-09-22 20:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-17 10:36 - 2013-08-29 18:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-17 10:36 - 2013-08-27 13:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-17 10:36 - 2013-08-27 13:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-17 10:36 - 2013-08-27 13:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-17 10:36 - 2013-08-27 13:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-17 10:36 - 2013-08-27 12:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-17 10:36 - 2013-08-27 12:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-17 10:36 - 2013-08-27 12:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-17 10:36 - 2013-08-27 12:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-17 10:36 - 2013-08-27 12:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-17 10:36 - 2013-08-01 14:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-17 10:36 - 2013-08-01 13:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-17 10:36 - 2013-07-20 21:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 10:36 - 2013-07-12 20:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-17 10:36 - 2013-07-04 15:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-17 10:36 - 2013-07-03 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-17 10:36 - 2013-07-03 13:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-17 10:36 - 2013-06-29 13:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-17 10:36 - 2013-06-29 13:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-17 10:36 - 2013-06-29 13:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-17 10:36 - 2013-06-29 13:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-17 10:36 - 2013-06-27 10:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-17 10:36 - 2013-06-04 15:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-17 10:36 - 2013-06-04 12:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-17 10:36 - 2011-05-06 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-17 10:36 - 2011-05-06 00:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

==================== One Month Modified Files and Folders =======

2013-11-12 12:30 - 2013-11-12 12:30 - 01090275 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe
2013-11-12 12:30 - 2013-11-12 12:30 - 00000000 ____D C:\FRST
2013-11-12 12:30 - 2012-04-03 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 12:28 - 2013-11-12 12:28 - 00002198 _____ C:\Users\Public\JRT.txt
2013-11-12 12:28 - 2006-11-02 22:18 - 00000000 ___RD C:\Users\Public
2013-11-12 12:27 - 2013-11-12 12:27 - 00002198 _____ C:\Users\Mike\Desktop\JRT.txt
2013-11-12 12:26 - 2010-02-05 13:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 12:26 - 2009-07-01 10:09 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000UA.job
2013-11-12 12:23 - 2006-11-02 23:52 - 01715285 _____ C:\Windows\WindowsUpdate.log
2013-11-12 12:22 - 2013-11-12 12:22 - 00000000 ____D C:\Windows\ERUNT
2013-11-12 12:22 - 2012-03-09 15:44 - 00292804 _____ C:\Windows\DPINST.LOG
2013-11-12 12:21 - 2013-11-12 12:21 - 01034531 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2013-11-12 12:21 - 2013-08-30 10:58 - 00001879 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-11-12 12:21 - 2007-03-21 10:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-12 12:19 - 2012-04-26 08:13 - 00000000 ___RD C:\Users\Mike\Google Drive
2013-11-12 12:19 - 2006-11-02 22:18 - 00000000 ____D C:\Windows\tracing
2013-11-12 12:16 - 2013-11-12 12:16 - 00002996 _____ C:\Users\Public\AdwCleaner[S0].txt
2013-11-12 12:13 - 2010-02-05 13:54 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 12:13 - 2007-11-28 15:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-12 12:13 - 2007-03-21 09:31 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-12 12:13 - 2006-11-03 00:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 12:13 - 2006-11-02 23:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 12:13 - 2006-11-02 23:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 12:12 - 2006-11-03 00:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 12:11 - 2013-11-12 12:09 - 00000000 ____D C:\AdwCleaner
2013-11-12 12:07 - 2013-11-12 12:07 - 01085542 _____ C:\Users\Mike\Desktop\AdwCleaner.exe
2013-11-12 11:16 - 2013-11-12 10:42 - 00019283 _____ C:\Users\Mike\Google Drive\NARIMGA TAX CHQ PAYMENTS.xlsx
2013-11-11 16:40 - 2013-11-11 15:02 - 00017860 _____ C:\Users\Mike\Google Drive\VISA TAX 2012 - 2013.xlsx
2013-11-11 15:23 - 2013-02-27 13:12 - 00000000 ____D C:\Users\Mike\Google Drive\Excel
2013-11-11 15:09 - 2013-11-11 15:09 - 00004360 _____ C:\Users\Mike\Google Drive\MF TAX 2012 TO 20013.ods
2013-11-11 12:08 - 2013-11-11 12:08 - 00080944 _____ C:\Users\Mike\Desktop\OTL.Txt
2013-11-11 11:28 - 2013-11-11 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Desktop\OTL.exe
2013-11-10 15:50 - 2013-02-28 14:18 - 00000000 ____D C:\Users\Mike\Google Drive\Rifle Club Website (1)
2013-11-10 10:26 - 2009-07-01 10:09 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000Core.job
2013-11-04 12:17 - 2013-02-27 13:14 - 00000000 ____D C:\Users\Mike\Google Drive\Premier Data
2013-11-03 11:12 - 2013-11-03 11:02 - 00000000 ____D C:\ProgramData\Macrium
2013-11-03 11:06 - 2013-11-03 11:06 - 00001868 _____ C:\Users\Public\Desktop\Reflect.lnk
2013-11-03 11:06 - 2013-11-03 11:06 - 00000000 ____D C:\Program Files\Macrium
2013-11-03 11:03 - 2013-11-03 11:03 - 00000000 ____D C:\Users\Mike\Downloads\Macrium
2013-11-02 19:26 - 2006-11-02 21:33 - 00755906 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-02 19:15 - 2012-03-19 12:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-02 19:15 - 2009-06-11 04:11 - 00376100 _____ C:\Windows\PFRO.log
2013-11-01 21:35 - 2013-10-19 15:45 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-29 16:37 - 2013-02-27 13:06 - 00019002 _____ C:\Users\Mike\Google Drive\BUDGET REC AND EXP 26 june to 3 july.xlsx
2013-10-29 10:28 - 2013-04-04 15:30 - 00000000 ____D C:\Users\Mike\Google Drive\Test
2013-10-27 18:29 - 2013-10-27 10:16 - 00014363 _____ C:\Users\Mike\Google Drive\SOUTH AUSTRALIA EXPENSES.xlsx
2013-10-27 18:09 - 2013-02-27 13:06 - 00013223 _____ C:\Users\Mike\Google Drive\darwin fuel details.xlsx
2013-10-27 18:05 - 2013-02-27 13:07 - 00007841 _____ C:\Users\Mike\Google Drive\Darwin Expenses.xlsx
2013-10-27 10:55 - 2013-10-27 10:43 - 00012696 _____ C:\Users\Mike\Google Drive\SOUTH AUSTRALIA FUEL 2013.xlsx
2013-10-20 16:38 - 2007-03-16 20:52 - 00028672 _____ C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 15:04 - 2010-07-01 18:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Thunderbird
2013-10-18 21:31 - 2008-09-11 14:21 - 00002074 _____ C:\Users\Mike\Desktop\Google Chrome.lnk
2013-10-18 14:15 - 2013-10-18 14:14 - 00004113 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-10-18 14:15 - 2008-09-22 20:40 - 00000000 ____D C:\Program Files\Java
2013-10-18 14:14 - 2013-10-18 14:14 - 00000000 _____ C:\Windows\system32\REND324.tmp
2013-10-18 14:14 - 2013-10-18 14:14 - 00000000 _____ C:\Windows\system32\REND323.tmp
2013-10-17 14:55 - 2006-11-02 22:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-17 14:48 - 2013-10-17 14:48 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-17 14:41 - 2006-11-02 23:47 - 00436312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-17 14:39 - 2008-05-23 10:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 13:39 - 2008-01-16 10:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-17 13:33 - 2013-08-01 04:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-17 13:30 - 2006-11-02 21:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-17 11:30 - 2012-04-03 12:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-17 11:30 - 2011-10-04 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\temp\DeltaTB.exe
C:\Users\Mike\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\temp\msvcp110.dll
C:\Users\Mike\AppData\Local\temp\msvcr110.dll
C:\Users\Mike\AppData\Local\temp\pc-decrapifier.exe
C:\Users\Mike\AppData\Local\temp\Quarantine.exe
C:\Users\Mike\AppData\Local\temp\sqlite3.dll
C:\Users\Mike\AppData\Local\temp\uninst1.exe
C:\Users\Mike\AppData\Local\temp\_is4188.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-12 12:32

==================== End Of Log ============================







Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01
Ran by Mike at 2013-11-12 12:33:44
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 3 (SP3)
32 Bit HP CIO Components Installer (Version: 7.1.4)
AC3Filter 1.63b (Version: 1.63b)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Active Ports
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Asterisk Key 10.0
avast! Free Antivirus (Version: 8.0.1489.0)
Avi2Dvd 0.6.1 (Version: 0.6.1)
AviSynth 2.5
B110 (Version: 140.0.283.000)
Bing Maps 3D (Version: 4.0.903.16005)
BufferChm (Version: 140.0.212.000)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Core FTP LE 2.0
CoreAAC Audio Decoder (remove only)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DVD Suite (Version: 5.0.1319)
Eusing Free Registry Cleaner
Feedback Tool (Version: 1.2.0)
ffdshow [rev 3299] [2010-03-03] (Version: 1.0.0.3299)
FileHippo.com Update Checker
FileZilla Client 3.7.3 (Version: 3.7.3)
Free Download Manager 2.5
FTP Explorer (Version: 1.1.51)
Gimp 2.6.1
Google Chrome (HKCU Version: 30.0.1599.101)
Google Drive (Version: 1.12.5329.1887)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 140.0.211.000)
Haali Media Splitter
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPAppStudio (Version: 140.0.95.000)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
ImageManager (Version: 3.03.0002)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ SE Development Kit 7 Update 1 (Version: 1.7.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LibreOffice 4.0.3.3 (Version: 4.0.3.3)
Linksys Wireless-N PCI Adapter Driver - WMP300Nv2 (Version: 1.0)
Macrium Reflect Free Edition (Version: 5.2)
Macrium Reflect Free Edition (Version: 5.2.6427)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 140.0.212.000)
MCShield ::Anti-Malware Tool:: (Version: 2.6.3.21)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
Microsoft LifeCam (Version: 3.0.215.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 en-GB) (Version: 22.0)
Mozilla Maintenance Service (Version: 24.1.0)
Mozilla Thunderbird 24.1.0 (x86 en-US) (Version: 24.1.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MYOB Premier v7 (Version: 7)
NavDesk 7.50 (Version: 7.50.0109.128)
Navman NavDesk 2008 (Version: 5.10.019)
Nero 7 Essentials (Version: 7.02.8507)
neroxml (Version: 1.0.0)
NetLimiter 2 Monitor (remove only)
Network (Version: 140.0.215.000)
NVIDIA 3D Vision Controller Driver 310.90 (Version: 310.90)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
OziExplorer 3.95
PC Inspector File Recovery (Version: 4.0)
PDFCreator (Version: 1.0.2)
Pdfedit (Version: 4.5.0.0)
PoiEdit
PowerDVD (Version: 7.0.2414.0)
PowerProducer
PS_AIO_07_B110_SW_Min (Version: 140.0.142.000)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.73.80.64)
QuickTime Alternative 1.56 (Version: 1.56)
QuickTransfer (Version: 140.0.98.000)
QuuSoft Uninstaller v2010.1.3 (Version: 2010.1.3)
Realtek AC'97 Audio
Realtek High Definition Audio Driver (Version: 6.0.1.5361)
Recuva (Version: 1.46)
Revo Uninstaller 1.89 (Version: 1.89)
Scan (Version: 140.0.80.000)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
SeaTools for Windows (Version: 1.2.0.0)
SecurDisc Viewer (Version: 7.02.8511)
Segoe UI (Version: 15.4.2271.0615)
ShadowProtect Desktop (Version: 3.03.4273)
Shop for HP Supplies (Version: 14.0)
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.211.000)
Sony Ericsson Update Engine (Version: 2.13.9.201308081522)
Sony PC Companion 2.10.181 (Version: 2.10.181)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SpiderOak
Status (Version: 140.0.212.000)
TeamViewer 8 (Version: 8.0.22298)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Trend Micro RUBotted 2.0 Beta (Version: 2.0.0.1030)
Trojan Killer 2.0
UBCD4Win 3.60
Ubuntu One (Version: 1.0.723.1147)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virus Effect Remover 2.1
WebReg (Version: 140.0.212.017)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Automated Installation Kit (Version: 1.1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Winmail Reader 1.1.12
WinPcap 4.1.2 (Version: 4.1.0.2001)
Xvid 1.2.2 final uninstall (Version: 1.2)

==================== Restore Points =========================

28-10-2013 00:47:59 Scheduled Checkpoint
28-10-2013 13:00:03 Scheduled Checkpoint
29-10-2013 13:00:03 Scheduled Checkpoint
29-10-2013 17:03:38 Windows Update
30-10-2013 13:00:03 Scheduled Checkpoint
31-10-2013 13:00:04 Scheduled Checkpoint
01-11-2013 13:00:01 Scheduled Checkpoint
01-11-2013 22:01:49 Windows Update
02-11-2013 03:50:34 Sony Ericsson PC Suite Drivers
03-11-2013 00:05:49 Installed Macrium Reflect Free Edition
04-11-2013 13:10:13 Scheduled Checkpoint
05-11-2013 13:00:07 Scheduled Checkpoint
05-11-2013 13:56:02 Windows Update
06-11-2013 13:00:03 Scheduled Checkpoint
07-11-2013 13:00:03 Scheduled Checkpoint
08-11-2013 13:00:03 Scheduled Checkpoint
08-11-2013 20:49:59 Windows Update
09-11-2013 13:00:07 Scheduled Checkpoint
12-11-2013 01:21:45 Sony Ericsson PC Suite Drivers

==================== Hosts content: ==========================

2006-11-02 21:23 - 2013-04-27 12:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {355BC1AE-7519-4C36-A84A-8FFD37CA155D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3ABD3826-A603-427A-B7F2-0B4766334910} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2009-06-26] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {46A875B9-C1F9-43F5-817D-9E536DCF3245} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {5FABB6EB-9683-4467-AC2A-828A7F6ADD73} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-09-01] (Microsoft Corporation)
Task: {6B4AE9BD-4ACF-402B-92C9-2FF07675DECC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Mike => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {8FF15F25-3AE7-407F-8933-4457A646D92E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {A8D41C27-9AEE-4A1A-BEEA-A245AE979727} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated)
Task: {A9C6B5A5-FECB-4B85-9C92-A8E73AC527DD} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CDA1B854-1577-4C20-8C1D-7C97FB481FD8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11] (Google Inc.)
Task: {D8A0D5B3-19E5-401A-A82A-3B603BB3FA9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F0E4F059-7002-4513-9D38-28C3D2308903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11] (Google Inc.)
Task: {FCC2BFD2-735E-465B-9048-2907F986D0D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-12 12:16 - 2013-11-12 12:16 - 00098816 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32api.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00110080 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\pywintypes27.dll
2013-11-12 12:16 - 2013-11-12 12:16 - 00364544 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\pythoncom27.dll
2013-11-12 12:16 - 2013-11-12 12:16 - 00044032 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\_socket.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 01153024 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\_ssl.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00320512 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32com.shell.shell.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00711680 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\_hashlib.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 01175040 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._core_.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00805888 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._gdi_.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00811008 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._windows_.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 01062400 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._controls_.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00735232 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._misc_.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00128512 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\_elementtree.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00127488 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\pyexpat.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00557056 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\pysqlite2._sqlite.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00087040 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\_ctypes.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00119808 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32file.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00108544 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32security.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00018432 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32event.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00038912 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32inet.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00122368 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._wizard.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00686080 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\unicodedata.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00026624 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\_multiprocessing.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00070656 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\wx._html2.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00010240 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\select.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00025600 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32pdh.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00504832 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\windows._cacheinvalidation.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00011264 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32crypt.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00035840 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32process.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00017408 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32profile.pyd
2013-11-12 12:16 - 2013-11-12 12:16 - 00022528 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI37682\win32ts.pyd
2013-08-08 06:25 - 2013-08-08 06:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:BEC0D766
AlternateDataStreams: C:\ProgramData\TEMP:C10F9B26
AlternateDataStreams: C:\ProgramData\TEMP:E2B2CFF7
AlternateDataStreams: C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
AlternateDataStreams: C:\Users\Mike\Google Drive\xmas fairy tale.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Conexant HCF PCI Modem
Description: Conexant HCF PCI Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: Modem
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/04/2012 04:56:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1831 seconds with 660 seconds of active time. This session ended with a crash.

Error: (03/20/2011 02:40:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/18/2010 00:50:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/20/2008 00:34:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5037 seconds with 1380 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-09-02 15:00:21.362
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:20.914
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:20.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:20.015
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:19.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:19.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:18.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:18.257
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:17.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-02 15:00:17.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version8\tv_w32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3198.64 MB
Available physical RAM: 1799.81 MB
Total Pagefile: 6621.26 MB
Available Pagefile: 5423.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:26.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: A3C9D12F)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================






OTL logfile created on: 12/11/2013 12:39:59 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.12 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 58.16% Memory free
6.47 Gb Paging File | 5.29 Gb Available in Paging File | 81.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.97 Gb Free Space | 18.10% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
PRC - C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software)


========== Modules (No Company Name) ==========

MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\_elementtree.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32api.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\_socket.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32ts.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32com.shell.shell.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\_multiprocessing.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._gdi_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._html2.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32crypt.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\pythoncom27.dll ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\_ctypes.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32profile.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._misc_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\PyWinTypes27.dll ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32security.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._core_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\_ssl.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32process.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32pdh.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\_hashlib.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._windows_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._wizard.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32file.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32inet.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\wx._controls_.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\unicodedata.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\pyexpat.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\win32event.pyd ()
MOD - C:\Users\Mike\AppData\Local\temp\_MEI37682\select.pyd ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()


========== Services (SafeList) ==========

SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (RUBotSrv) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (VSNAPVSS) -- C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (StorageCraft Image Manager) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (nlsvc) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software)


========== Driver Services (SafeList) ==========

DRV - (RTL2831UUSB) -- System32\Drivers\RTL2831UUSB.sys File not found
DRV - (RTL2831UBDA) -- system32\drivers\RTL2831UBDA.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MonitorFunction) -- C:\Windows\System32\drivers\TVMonitor.sys (TeamViewer GmbH)
DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro36.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (stcvsm) -- C:\Windows\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\Windows\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ComproHID) -- C:\Windows\System32\drivers\ComproHID.sys (Compro Tech., Inc.)
DRV - (WMP300Nv2) -- C:\Windows\System32\drivers\WMP300Nv2.sys (Atheros Communications, Inc.)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA )
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDrec) -- C:\Windows\System32\drivers\InCDrec.sys (Nero AG)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (nltdi) -- C:\Windows\System32\drivers\nltdi.sys (Locktime Software)
DRV - (Winachcf) -- C:\Windows\System32\drivers\winachcf.sys (Conexant)
DRV - (RfsdFsd) -- C:\Windows\System32\drivers\rfsdfsd.sys (RfsdFsd Group (rfsdfsd.sf.net))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A270EB3C-CE3C-448C-B384-CCD50BD7CA84}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/12/03 10:37:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/06/17 13:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/17 15:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/17 10:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/17 15:09:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/17 10:13:05 | 000,000,000 | ---D | M]

[2010/07/02 11:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/07/01 18:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/07/13 21:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions
[2010/07/07 11:09:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/29 10:12:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/05/09 13:28:24 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\vgqmae0v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/19 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013/06/19 17:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/19 17:46:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/19 17:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\distribution\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com.au/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Disabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Disabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2013/04/27 12:08:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC63C088-8C1A-4595-BD6A-23F60572DA0C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC63C088-8C1A-4595-BD6A-23F60572DA0C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Mike\Pictures\2010 Darwin\DSCF1984.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mike\Pictures\2010 Darwin\DSCF1984.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - File not found
MsConfig - StartUpReg: MCShield Monitor - hkey= - key= - C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpiderOak - hkey= - key= - C:\Program Files\SpiderOak\SpiderOak.exe (SpiderOak)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found
MsConfig - StartUpReg: Trend Micro RUBotted V2.0 Beta - hkey= - key= - C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: HitmanPro36Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/12 12:30:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/12 12:30:21 | 001,090,275 | ---- | C] (Farbar) -- C:\Users\Mike\Desktop\FRST.exe
[2013/11/12 12:22:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/12 12:21:19 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe
[2013/11/12 12:09:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/11 11:28:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2013/11/03 11:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[2013/11/03 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/11/03 11:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2013/10/19 15:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/10/18 14:15:39 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/18 14:15:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/18 14:15:26 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/18 14:15:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/17 13:24:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/17 13:24:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/17 13:24:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/17 13:24:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/17 13:24:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/17 13:24:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/17 13:24:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/17 13:24:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/17 10:36:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/17 10:36:55 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/17 10:36:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/17 10:36:55 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/17 10:36:54 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/17 10:36:54 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/17 10:36:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/17 10:36:54 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/17 10:36:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/17 10:36:50 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/17 10:36:47 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/17 10:36:35 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/17 10:36:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/17 10:36:28 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/17 10:36:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/17 10:36:23 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/12 12:30:32 | 001,090,275 | ---- | M] (Farbar) -- C:\Users\Mike\Desktop\FRST.exe
[2013/11/12 12:30:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 12:26:57 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000UA.job
[2013/11/12 12:26:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 12:21:44 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/11/12 12:21:21 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe
[2013/11/12 12:13:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/11/12 12:13:45 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/12 12:13:38 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 12:13:38 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 12:13:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/12 12:07:38 | 001,085,542 | ---- | M] () -- C:\Users\Mike\Desktop\AdwCleaner.exe
[2013/11/11 15:09:37 | 000,004,360 | ---- | M] () -- C:\Users\Mike\Google Drive\MF TAX 2012 TO 20013.ods
[2013/11/11 11:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2013/11/10 10:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1860963862-3137177657-3486226813-1000Core.job
[2013/11/03 11:06:35 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/11/02 19:26:20 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/02 19:26:20 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/20 16:38:04 | 000,028,672 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/18 21:31:47 | 000,002,076 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/18 21:31:47 | 000,002,074 | ---- | M] () -- C:\Users\Mike\Desktop\Google Chrome.lnk
[2013/10/17 14:48:41 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/17 14:41:55 | 000,436,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/17 11:30:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/17 11:30:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/12 12:07:32 | 001,085,542 | ---- | C] () -- C:\Users\Mike\Desktop\AdwCleaner.exe
[2013/11/11 15:09:28 | 000,004,360 | ---- | C] () -- C:\Users\Mike\Google Drive\MF TAX 2012 TO 20013.ods
[2013/11/03 11:06:35 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/10/17 14:48:41 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/10/17 14:48:41 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/06/28 07:48:46 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 11:45:03 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 11:45:03 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/17 13:09:14 | 000,206,453 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2013/06/17 13:09:14 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2013/05/02 12:51:43 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/02 12:51:43 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/27 11:40:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 11:40:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 11:40:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 11:40:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 11:40:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/18 17:30:39 | 000,000,632 | RHS- | C] () -- C:\Users\Mike\ntuser.pol
[2013/02/10 16:52:45 | 000,000,845 | ---- | C] () -- C:\Users\Mike\.recently-used.xbel
[2012/02/20 20:30:03 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/29 22:59:48 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/29 22:59:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/29 22:59:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/29 22:58:42 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
[2011/12/29 20:59:48 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/09 11:59:41 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2008/03/26 13:51:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/16 11:22:06 | 000,027,227 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Personal Address Book.ADR
[2007/12/30 01:43:31 | 000,007,268 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2007/10/11 19:21:11 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/04/28 10:35:27 | 000,027,848 | ---- | C] () -- C:\Users\Mike\MYOB Premier Print Job.tif
[2007/04/28 10:28:25 | 000,027,848 | ---- | C] () -- C:\Users\Mike\Drum Inv.TIF
[2007/03/19 17:57:10 | 000,021,738 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).EML
[2007/03/17 09:32:34 | 000,024,572 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/03/16 20:52:16 | 000,028,672 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 23:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 17:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 17:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3160815AS ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: HP Photosmart B110 USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/09 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Adobe
[2007/03/16 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AdobeUM
[2009/12/23 14:55:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ahead
[2012/08/28 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Apple Computer
[2009/10/01 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVG8
[2011/12/29 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVS4YOU
[2011/12/31 08:11:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Azureus
[2008/12/26 20:53:21 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CameraWindowDC
[2013/06/17 16:10:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canon
[2008/12/26 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CANON INC
[2013/03/19 20:36:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/03/21 12:24:26 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CoreFTP
[2008/01/29 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CyberLink
[2011/10/10 15:12:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\EasySuite
[2013/08/05 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FileZilla
[2013/04/04 08:55:27 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Free Download Manager
[2007/04/03 15:51:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Google
[2013/02/10 16:48:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\gtk-2.0
[2011/02/01 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\HP
[2011/02/09 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\HpUpdate
[2007/03/16 19:37:43 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Identities
[2007/12/15 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\InstallShield
[2012/02/02 14:50:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IrfanView
[2013/02/06 12:01:57 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\LibreOffice
[2009/10/30 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Locktime
[2007/03/20 07:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Macromedia
[2012/02/20 20:01:11 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2013/06/17 16:15:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
[2008/01/21 21:07:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Media Player Classic
[2012/12/11 18:32:43 | 000,000,000 | --SD | M] -- C:\Users\Mike\AppData\Roaming\Microsoft
[2010/07/02 11:03:17 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla
[2008/10/29 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org
[2011/11/02 16:32:52 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Opera
[2013/01/24 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\QuickScan
[2010/12/18 08:35:48 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\QuuSoft
[2007/03/21 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ScanSoft
[2013/04/22 10:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Skype
[2013/06/17 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SpiderOak
[2013/05/15 08:55:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeamViewer
[2011/07/05 10:54:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TerminalServer
[2010/07/01 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thunderbird
[2008/09/01 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\U3
[2011/01/17 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\UbuntuOneClient
[2013/01/25 07:11:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent
[2010/04/20 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Virtual Mechanics
[2011/02/02 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Visan
[2011/12/29 20:54:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\WinAVI
[2009/01/05 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ZoomBrowser EX

< MD5 for: ATAPI.SYS >
[2009/04/11 17:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 17:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 17:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 17:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 18:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 18:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 20:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 03:07:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 03:07:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\drivers\atapi.sys
[2008/02/14 03:07:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2002/10/24 16:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: CSRSS.EXE >
[2006/11/02 20:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
[2008/01/19 18:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/19 18:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
[2004/08/04 23:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\UBCD4Win\BartPE\I386\SYSTEM32\CSRSS.EXE
[2004/08/04 23:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 17:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 17:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 14:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 03:03:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\explorer.exe
[2007/11/15 03:03:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/04/01 19:15:01 | 000,286,720 | ---- | M] () MD5=DC3E9DF567567080CFDA56347C63A983 -- C:\Users\Mike\Downloads\MioPocket 3.0 Release 59\MioPocket 3.0 Release 59\MioAutoRun\System\CE5\explorer.exe
[2008/10/28 13:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010/04/01 19:14:59 | 000,280,064 | ---- | M] () MD5=FAC2688D868B71355E125B9332864956 -- C:\Users\Mike\Downloads\MioPocket 3.0 Release 59\MioPocket 3.0 Release 59\MioAutoRun\System\CE4\explorer.exe
[2006/11/02 20:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 18:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 02:15:52 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Program Files\Ubuntu One\Client\EmblemsCache\MSWSOCK.dll
[2009/07/14 02:15:52 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Program Files\Ubuntu One\Client\IconsOverlay\MSWSOCK.dll
[2009/07/14 02:15:52 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Program Files\Ubuntu One\Client\U1Sync\MSWSOCK.dll
[2004/08/04 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\MSWSOCK.DLL
[2004/08/04 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\mswsock.dll
[2006/11/02 20:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/11 17:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/11 17:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 17:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 18:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2006/11/02 20:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=5E72DCFF9FB2374642043899A1C2E446 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_a9e67ecc9245d5ec\NapiNSP.dll
[2008/01/19 18:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/19 18:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2006/11/02 20:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=0F0DA05C44E911301028D9CEC6294EBB -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\nlaapi.dll
[2008/01/19 18:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/19 18:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: NWPROVAU.DLL >
[2004/08/04 23:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\NWPROVAU.DLL
[2004/08/04 23:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/19 18:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/19 18:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
[2006/11/02 23:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=C0DC476E89558242848572F9ADE1D685 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6000.16386_none_6f4853b725898435\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2004/08/04 23:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\UBCD4Win\BartPE\I386\SYSTEM32\RSVPSP.DLL

< MD5 for: SERVICES.EXE >
[2008/01/19 18:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 20:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2004/08/04 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SERVICES.EXE
[2004/08/04 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\services.exe
[2009/04/11 17:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 17:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 17:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 20:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 18:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 18:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 18:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2004/08/04 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2004/08/04 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\svchost.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2007/04/04 10:13:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 17:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\erdnt\cache\user32.dll
[2009/04/11 17:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 17:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/04/04 10:13:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 18:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2004/08/04 23:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USER32.DLL
[2004/08/04 23:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\user32.dll
[2006/11/02 20:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 18:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 18:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 18:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 20:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2004/08/04 23:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE
[2004/08/04 23:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2004/08/04 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\winlogon.exe
[2009/04/11 17:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 17:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 17:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 20:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 18:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 23:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINRNR.DLL
[2004/08/04 23:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\Users\Mike\Downloads\pebuilder313\BartPE\i386\system32\winrnr.dll
[2009/04/11 17:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 17:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 20:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 20:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 20:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F0EF-87C3
Directory of C:\
03/11/2006 12:02 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
03/11/2006 12:02 AM <JUNCTION> Application Data [C:\ProgramData]
03/11/2006 12:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
03/11/2006 12:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
03/11/2006 12:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
03/11/2006 12:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/11/2006 12:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
03/11/2006 12:02 AM <SYMLINKD> All Users [C:\ProgramData]
03/11/2006 12:02 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
03/11/2006 12:02 AM <JUNCTION> Application Data [C:\ProgramData]
03/11/2006 12:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
03/11/2006 12:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
03/11/2006 12:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
03/11/2006 12:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/11/2006 12:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
03/11/2006 12:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
03/11/2006 12:02 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
03/11/2006 12:02 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
03/11/2006 12:02 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/11/2006 12:02 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/11/2006 12:02 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
03/11/2006 12:02 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
03/11/2006 12:02 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
03/11/2006 12:02 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
03/11/2006 12:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
03/11/2006 12:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
03/11/2006 12:02 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
03/11/2006 12:02 AM <JUNCTION> My Music [C:\Users\Default\Music]
03/11/2006 12:02 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
03/11/2006 12:02 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mike
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Roaming]
16/03/2007 07:37 PM <JUNCTION> Cookies [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies]
16/03/2007 07:37 PM <JUNCTION> Local Settings [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> My Documents [C:\Users\Mike\Documents]
16/03/2007 07:37 PM <JUNCTION> NetHood [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/03/2007 07:37 PM <JUNCTION> PrintHood [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/03/2007 07:37 PM <JUNCTION> Recent [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Recent]
16/03/2007 07:37 PM <JUNCTION> SendTo [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\SendTo]
16/03/2007 07:37 PM <JUNCTION> Start Menu [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu]
16/03/2007 07:37 PM <JUNCTION> Templates [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [.]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mike\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
16/03/2007 07:37 PM <JUNCTION> Application Data [.]
16/03/2007 07:37 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
16/03/2007 07:37 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
03/11/2006 12:02 AM <JUNCTION> My Music [C:\Users\Public\Music]
03/11/2006 12:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
03/11/2006 12:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
14/04/2013 04:05 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
14/04/2013 04:05 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
14/04/2013 04:05 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
14/04/2013 04:05 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
14/04/2013 04:05 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/04/2013 04:05 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/04/2013 04:05 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
14/04/2013 04:05 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
14/04/2013 04:05 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
14/04/2013 04:05 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
14/04/2013 04:05 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
14/04/2013 04:05 AM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
14/04/2013 04:05 AM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
14/04/2013 04:05 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
14/04/2013 04:05 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
14/04/2013 04:05 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
143 Dir(s) 28,611,215,360 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/19 17:46:55 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/19 17:46:55 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/19 17:46:55 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/06/19 17:46:58 | 000,918,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/06/19 17:46:58 | 000,918,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/19 17:46:58 | 000,918,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\InstallInfo\\ReinstallCommand: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\InstallInfo\\HideIconsCommand: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\InstallInfo\\ShowIconsCommand: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\shell\open\command\\: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/15 15:55:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/15 15:55:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/15 15:55:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/19 17:46:55 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/19 17:46:55 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/19 17:46:55 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/06/19 17:46:58 | 000,918,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/06/19 17:46:58 | 000,918,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/19 17:46:58 | 000,918,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\InstallInfo\\ReinstallCommand: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\InstallInfo\\HideIconsCommand: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\InstallInfo\\ShowIconsCommand: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.ZJVLJLMOZEFC44QQ4TEMN37YCE\shell\open\command\\: "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/15 15:55:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/15 15:55:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/15 15:55:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/29 01:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 23:41:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/11 17:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 22:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/19 05:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/19 05:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/19 05:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/19 05:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/19 05:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 22:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/11 17:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Mike\Google Drive\xmas fairy tale.eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C10F9B26
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BEC0D766
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E2B2CFF7

< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe File not found
DRV - (RTL2831UUSB) -- System32\Drivers\RTL2831UUSB.sys File not found
DRV - (RTL2831UBDA) -- system32\drivers\RTL2831UBDA.sys File not found
DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

:files
C:\Users\Mike\AppData\Local\temp\DeltaTB.exe
C:\Users\Mike\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\temp\msvcp110.dll
C:\Users\Mike\AppData\Local\temp\msvcr110.dll
C:\Users\Mike\AppData\Local\temp\pc-decrapifier.exe
C:\Users\Mike\AppData\Local\temp\Quarantine.exe
C:\Users\Mike\AppData\Local\temp\sqlite3.dll
C:\Users\Mike\AppData\Local\temp\uninst1.exe
C:\Users\Mike\AppData\Local\temp\_is4188.exe


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\11112013-some number.log so look there if you don't see it.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Go into Control Panel, Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:
Java™ SE Development Kit 7 Update 1
JavaFX 2.1.1

Go into Control Panel, Java, Security and set the slider to the Highest then OK.

Are you still getting double underlined words?
  • 0

#5
Narimga

Narimga

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks very much for your expert help.

At the moment all seems well, with no more underlined words in web pages, which was my original problem and a few other things fixed as well.

The Java stuff has been taken care of as well.

Again, much appreciated.

Mike

PS just noticed: OTL log coming up

Edited by Narimga, 12 November 2013 - 01:43 AM.

  • 0

#6
Narimga

Narimga

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
========== OTL ==========
Service ShadowProtectSvc stopped successfully!
Service ShadowProtectSvc deleted successfully!
File C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe File not found not found.
Service RTL2831UUSB stopped successfully!
Service RTL2831UUSB deleted successfully!
File System32\Drivers\RTL2831UUSB.sys File not found not found.
Service RTL2831UBDA stopped successfully!
Service RTL2831UBDA deleted successfully!
File system32\drivers\RTL2831UBDA.sys File not found not found.
Service HTCAND32 stopped successfully!
Service HTCAND32 deleted successfully!
File System32\Drivers\ANDROIDUSB.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
========== FILES ==========
C:\Users\Mike\AppData\Local\temp\DeltaTB.exe moved successfully.
C:\Users\Mike\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe moved successfully.
C:\Users\Mike\AppData\Local\temp\msvcp110.dll moved successfully.
C:\Users\Mike\AppData\Local\temp\msvcr110.dll moved successfully.
C:\Users\Mike\AppData\Local\temp\pc-decrapifier.exe moved successfully.
C:\Users\Mike\AppData\Local\temp\Quarantine.exe moved successfully.
C:\Users\Mike\AppData\Local\temp\sqlite3.dll moved successfully.
C:\Users\Mike\AppData\Local\temp\uninst1.exe moved successfully.
C:\Users\Mike\AppData\Local\temp\_is4188.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mike
->Flash cache emptied: 1466 bytes

User: Public

User: r.sawyer

User: UpdatusUser
->Flash cache emptied: 56466 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mike
->Java cache emptied: 1 bytes

User: Public

User: r.sawyer

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11122013_180413



Sorry, forgot it.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP