Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow and here is old timer log [Solved]


  • This topic is locked This topic is locked

#16
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here you go Sir.
RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : my computer [Admin rights]
Mode : Scan -- Date : 02/04/2014 11:42:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] Digital Sites : C:\Users\MYCOMP~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][SUSP PATH] TidyNetwork Update : C:\Users\my computer\AppData\Local\TidyNetwork\petnupdate.exe - CID=TR2US04 NAME="TidyNetwork" AUTOGUID={AF2E6626-F705-3A11-EE8F-BAB265C01179} [-][x][x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe ([email protected]@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]@[email protected]@@[email protected]) : mozjs.dll -> HOOKED (Unknown @ 0x63D825B1)
[Inline] EAT @firefox.exe ([email protected]@[email protected]@[email protected]) : mozjs.dll -> HOOKED (Unknown @ 0x4BD7EACC)
[Inline] EAT @firefox.exe ([email protected]@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 7b2681e46ab572dc57d2b63c5c51c2d0
[BSP] eecce6c5799c1e220dcec1ff64e3cefa : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02042014_114200.txt >>

And here is the OTL Log

OTL logfile created on: 2/4/2014 11:46:53 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\my computer\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 22.74% Memory free
3.75 Gb Paging File | 1.93 Gb Available in Paging File | 51.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.32 Gb Free Space | 61.94% Space Free | Partition Type: NTFS

Computer Name: MYCOMPUTER-PC | User Name: my computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/04 11:37:50 | 003,792,384 | ---- | M] () -- C:\Users\my computer\Downloads\RogueKiller (1).exe
PRC - [2014/01/31 11:33:19 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/31 11:33:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/31 11:31:56 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/01/22 21:57:02 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/01/20 17:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\my computer\Downloads\OTL.exe
PRC - [2014/01/11 07:36:00 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\my computer\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/01/11 07:35:55 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\my computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/11 07:35:55 | 000,603,648 | ---- | M] () -- C:\Users\my computer\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/01/03 03:48:26 | 000,005,632 | ---- | M] (The Neat Company) -- C:\Program Files\Neat\exec\NeatStartupService.exe
PRC - [2013/12/23 11:40:42 | 006,598,000 | ---- | M] (Systweak) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2013/12/22 12:55:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/29 17:24:17 | 013,103,104 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/09/06 09:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/05/01 15:00:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 01:09:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe
PRC - [2011/10/31 13:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/06/10 01:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
PRC - [2004/02/11 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/30 03:15:06 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll
MOD - [2014/01/30 03:15:06 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0fca5e7bc50aee6cd0e059bb66fd81ec\UIAutomationProvider.ni.dll
MOD - [2014/01/30 03:15:02 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\49d7f498821498b3d5e9fe5bafceba41\System.Xml.Linq.ni.dll
MOD - [2014/01/30 03:14:46 | 000,163,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#\8cbffd48aff155032971afc9e219c1ea\System.Windows.Input.Manipulations.ni.dll
MOD - [2014/01/30 03:13:58 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll
MOD - [2014/01/30 03:13:49 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll
MOD - [2014/01/30 03:13:24 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll
MOD - [2014/01/30 03:13:16 | 000,530,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\827818ac7a8efa7a7ff96561dd45ec80\System.Net.Http.ni.dll
MOD - [2014/01/30 03:12:50 | 001,861,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\8527638d9c471f116ff277e4e774619d\System.Deployment.ni.dll
MOD - [2014/01/30 03:11:49 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll
MOD - [2014/01/30 03:11:38 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll
MOD - [2014/01/30 03:11:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\64c51ef21713c34883a839dd202ff655\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/01/30 03:11:36 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\0503fcc7d094e9583abada0529543ce1\PresentationFramework-SystemCore.ni.dll
MOD - [2014/01/30 03:08:14 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2014/01/30 03:08:12 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll
MOD - [2014/01/30 03:08:10 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll
MOD - [2014/01/30 03:08:07 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2014/01/30 03:08:04 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2014/01/30 03:07:53 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2014/01/30 03:07:46 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2014/01/30 03:07:44 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll
MOD - [2014/01/30 03:07:33 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2014/01/30 03:07:31 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll
MOD - [2014/01/30 03:07:29 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2014/01/30 03:07:27 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2014/01/30 03:07:17 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2014/01/22 21:57:00 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014/01/22 21:56:59 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
MOD - [2014/01/22 21:56:56 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014/01/22 21:55:58 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2014/01/11 07:36:00 | 036,967,424 | ---- | M] () -- C:\Users\my computer\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/01/11 07:35:55 | 000,603,648 | ---- | M] () -- C:\Users\my computer\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/01/06 07:36:41 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/23 11:40:42 | 001,730,928 | ---- | M] () -- C:\Program Files\Advanced System Protector\aspsys.dll
MOD - [2013/12/22 12:55:57 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/12/19 09:45:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/12/19 09:43:53 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/12/19 08:58:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/12/19 08:58:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/12/19 08:57:57 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/12/19 08:57:56 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/12/19 08:57:47 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/12/19 08:57:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/12/19 08:57:46 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5b239b4d0f9c334efdd06d399b4a9ba6\System.Data.ni.dll
MOD - [2013/12/19 08:57:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/12/19 08:57:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/12/19 08:57:07 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0a7b20934d7587787e7dae923d1614f4\System.Deployment.ni.dll
MOD - [2013/12/19 08:57:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/12/19 08:56:59 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/12/19 08:56:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/12/19 08:56:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/02/18 10:07:27 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/07/25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files\Advanced System Protector\System.Data.SQLite.dll
MOD - [2012/07/25 12:03:12 | 000,168,448 | ---- | M] () -- C:\Program Files\Advanced System Protector\unrar.dll
MOD - [2010/11/20 13:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 13:29:07 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2006/06/10 01:11:47 | 000,346,904 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2007\MSENCXML.DLL
MOD - [2006/06/10 01:11:47 | 000,228,120 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2007\MSENCDAT.DLL
MOD - [2006/06/10 01:11:46 | 000,260,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2007\ERSREGPR.DLL
MOD - [2006/06/10 01:11:46 | 000,178,968 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2007\ENCCONT.DLL
MOD - [2006/06/10 01:10:57 | 000,068,376 | ---- | M] () -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICTEIT.EBK


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2014/01/31 11:33:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/01/31 11:31:56 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2014/01/03 03:48:26 | 000,005,632 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files\Neat\exec\NeatStartupService.exe -- (Neat Startup Service)
SRV - [2013/12/22 12:55:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/14 00:05:20 | 000,192,512 | ---- | M] (Two Pilots) [Auto | Stopped] -- C:\Windows\VPDAgent.exe -- (Agent)
SRV - [2013/09/06 09:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/01 15:00:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/02/18 10:25:29 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/02/27 13:15:14 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2014/01/31 11:33:35 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/01/31 11:33:34 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/31 11:33:34 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/31 11:33:34 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/31 11:32:48 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2014/01/31 11:31:56 | 000,265,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV - [2014/01/06 07:36:41 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/06 07:36:41 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/01/06 07:36:41 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/30 01:24:10 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/23 06:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 06:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 06:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 13:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 13:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 13:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 13:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 13:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 98 6E BE 02 0E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013/10/25 08:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/31 11:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/18 10:20:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\my computer\AppData\Roaming\Mozilla\Extensions
[2014/02/04 10:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\extensions
[2013/12/22 12:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/22 12:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/22 12:55:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/31 11:33:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg....sa&d=2013-11-30 01:26:18&v=17.1.3.1&pid=safeguard&sg=0&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - Extension: Google Docs = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Legend of Zelda = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpfijoflofdfenhigagojenaaohhcblp\1.1_0\
CHR - Extension: Retro Arcade = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdiaccnmfdadpaajlapfhcofienimmm\0.1_0\
CHR - Extension: Whois this!! = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\
CHR - Extension: Gmail = C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/29 13:16:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [L07AXLRD_2686687] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\my computer\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\my computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6B68E26-F099-4262-B054-8EB53BF69CB7}: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9faf9b4e-78d1-11e2-abd5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9faf9b4e-78d1-11e2-abd5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/04 11:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2014/02/04 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\my computer\Desktop\RK_Quarantine
[2014/02/04 11:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/02/04 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Roaming\Systweak
[2014/02/04 10:50:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\SearchProtect
[2014/01/31 11:33:45 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2014/01/31 11:31:56 | 000,265,072 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys
[2014/01/30 03:03:32 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/29 16:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2014/01/29 16:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2014/01/29 16:13:21 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Local\TidyNetwork
[2014/01/29 16:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/01/29 16:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/01/29 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Local\SearchProtect
[2014/01/29 16:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/01/29 16:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2014/01/29 16:04:54 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/01/29 16:04:52 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Local\Programs
[2014/01/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Converter
[2014/01/29 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Roaming\DigitalSites
[2014/01/29 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Image Converter
[2014/01/29 13:31:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/29 13:14:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/25 14:28:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/01/19 13:16:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/01/15 12:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/01/14 12:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/01/14 12:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/01/14 12:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/01/14 12:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/01/14 12:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/01/14 12:44:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/09 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Roaming\Neat
[2014/01/09 14:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/01/09 14:16:17 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Roaming\Nuance
[2014/01/09 14:08:13 | 000,000,000 | ---D | C] -- C:\Users\my computer\Documents\Neat Data
[2014/01/09 13:57:04 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Local\The Neat Company
[2014/01/09 13:30:08 | 000,192,512 | ---- | C] (Two Pilots) -- C:\Windows\VPDAgent.exe
[2014/01/09 13:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Send To Neat
[2014/01/09 13:29:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat ADF Scanner
[2014/01/09 13:29:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat Mobile Scanner
[2014/01/09 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat ADF Scanner 2008 Calibration Data
[2014/01/09 13:28:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat Mobile Scanner 2008 Calibration Data
[2014/01/09 13:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NeatReceipts
[2014/01/09 13:28:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\741
[2014/01/09 13:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
[2014/01/09 13:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2014/01/09 13:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\The Neat Company
[2014/01/09 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Neat
[2014/01/09 13:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014/01/09 13:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/01/09 13:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\The Neat Company
[2014/01/06 07:37:39 | 000,000,000 | ---D | C] -- C:\Users\my computer\AppData\Roaming\AVAST Software
[2014/01/06 07:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/06 07:36:51 | 000,064,168 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014/01/06 07:36:50 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/06 07:36:49 | 000,410,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/06 07:36:49 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/06 07:36:48 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/01/06 07:36:43 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/06 07:36:41 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/06 07:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/06 07:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

========== Files - Modified Within 30 Days ==========

[2014/02/04 11:41:50 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/04 11:41:50 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/04 11:37:54 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Continue BearShare installation.lnk
[2014/02/04 11:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/04 10:59:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/04 10:59:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/04 10:59:11 | 1508,634,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/04 10:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/01 14:24:24 | 000,000,060 | ---- | M] () -- C:\Users\my computer\AppData\Roaming\WB.CFG
[2014/01/31 11:35:02 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/31 11:35:02 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/31 11:33:35 | 000,064,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014/01/31 11:33:34 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/31 11:33:34 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/31 11:33:34 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/31 11:33:32 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/31 11:33:31 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/31 11:32:48 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2014/01/31 11:31:56 | 000,265,072 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys
[2014/01/30 03:06:13 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/30 03:06:13 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/29 16:14:34 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2014/01/29 16:12:01 | 000,000,000 | ---- | M] () -- C:\END
[2014/01/29 16:05:56 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/29 16:05:39 | 000,001,915 | ---- | M] () -- C:\Users\my computer\Desktop\Sync Folder.lnk
[2014/01/29 16:05:07 | 000,000,394 | ---- | M] () -- C:\Users\my computer\Desktop\FREE Games.url
[2014/01/29 16:04:47 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\Image Converter.lnk
[2014/01/29 13:16:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/01/29 11:59:03 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/29 11:28:21 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Are You Smarter Than A 5th Grader Make The Grade.url
[2014/01/19 13:16:31 | 144,264,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/16 03:21:19 | 000,437,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/15 14:26:03 | 000,656,402 | ---- | M] () -- C:\Users\my computer\Documents\img005.pdf
[2014/01/15 12:46:57 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/01/15 12:46:57 | 000,002,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/15 11:58:56 | 000,336,661 | ---- | M] () -- C:\Users\my computer\Documents\img004.jpg
[2014/01/15 11:53:43 | 026,850,922 | ---- | M] () -- C:\Users\my computer\Documents\img003.bmp
[2014/01/15 11:50:53 | 000,293,248 | ---- | M] () -- C:\Users\my computer\Documents\img002.pdf
[2014/01/14 12:45:13 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/01/09 13:30:13 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\Neat.lnk
[2014/01/06 07:36:41 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/06 07:36:41 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/01/06 07:36:41 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys

========== Files Created - No Company Name ==========

[2014/02/04 11:37:54 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\Continue BearShare installation.lnk
[2014/02/01 14:24:21 | 000,000,060 | ---- | C] () -- C:\Users\my computer\AppData\Roaming\WB.CFG
[2014/01/31 11:35:02 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/31 11:35:02 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/29 16:14:34 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2014/01/29 16:12:01 | 000,000,000 | ---- | C] () -- C:\END
[2014/01/29 16:05:56 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/29 16:05:48 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2014/01/29 16:05:39 | 000,001,915 | ---- | C] () -- C:\Users\my computer\Desktop\Sync Folder.lnk
[2014/01/29 16:05:07 | 000,000,394 | ---- | C] () -- C:\Users\my computer\Desktop\FREE Games.url
[2014/01/29 16:04:47 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\Image Converter.lnk
[2014/01/29 11:28:21 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Are You Smarter Than A 5th Grader Make The Grade.url
[2014/01/19 13:16:31 | 144,264,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/15 14:24:50 | 000,656,402 | ---- | C] () -- C:\Users\my computer\Documents\img005.pdf
[2014/01/15 11:58:55 | 000,336,661 | ---- | C] () -- C:\Users\my computer\Documents\img004.jpg
[2014/01/15 11:53:48 | 026,850,922 | ---- | C] () -- C:\Users\my computer\Documents\img003.bmp
[2014/01/15 11:50:52 | 000,293,248 | ---- | C] () -- C:\Users\my computer\Documents\img002.pdf
[2014/01/14 12:45:45 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/01/14 12:45:45 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/14 12:45:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/14 12:45:13 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/01/09 13:30:13 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\Neat.lnk
[2014/01/09 13:30:00 | 000,048,640 | ---- | C] () -- C:\Windows\System32\sdtnpm.dll
[2014/01/06 07:36:50 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/06 07:36:49 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/14 16:47:32 | 000,000,106 | ---- | C] () -- C:\Windows\XP200.ini
[2013/02/18 10:54:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/29 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/01/06 07:37:39 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\AVAST Software
[2014/01/29 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\DigitalSites
[2014/01/15 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Epson
[2013/07/16 13:11:53 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Leader Technologies
[2013/07/14 18:48:01 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Leadertech
[2014/01/09 14:16:21 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Neat
[2014/01/09 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Nuance
[2014/02/04 11:15:39 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Spotify
[2014/02/04 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\my computer\AppData\Roaming\Systweak

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#17
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi The Real Cody,

Ok, we need to run RogueKiller again and this time instruct it to delete (instructions below. And, we are going to run Combofix as well.

Start RogueKiller.exe as you did before
Wait until Prescan has finished
Click on Scan.
Wait until the Status box shows "Scan Finished"
Click on Delete
Wait unit the Status box shows Deleting Finished
Click on Report and copy/paste the content of the Notepad
The log should be found in RKreport[1].txt on your Desktop
Close RogueKiller

Next, Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks


    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combfix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

Please make sure you include the combo fix log and the RogueKiller log in your next reply.
  • 0

#18
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : my computer [Admin rights]
Mode : Scan -- Date : 02/06/2014 14:47:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] TidyNetwork Update : C:\Users\my computer\AppData\Local\TidyNetwork\petnupdate.exe - CID=TR2US04 NAME="TidyNetwork" AUTOGUID={AF2E6626-F705-3A11-EE8F-BAB265C01179} [-][x][x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe ([email protected]@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]@[email protected]@@[email protected]) : mozjs.dll -> HOOKED (C:\Program Files\Mozilla Firefox\nss3.dll @ 0x5CF64AB1)
[Inline] EAT @firefox.exe ([email protected]@[email protected]@[email protected]) : mozjs.dll -> HOOKED (Unknown @ 0x44F60FCC)
[Inline] EAT @firefox.exe ([email protected]@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 7b2681e46ab572dc57d2b63c5c51c2d0
[BSP] eecce6c5799c1e220dcec1ff64e3cefa : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02062014_144717.txt >>
RKreport[0]_S_02042014_114200.txt


ComboFix 14-02-05.02 - my computer 02/06/2014 15:02:15.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.844 [GMT -8:00]
Running from: c:\users\my computer\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\SPtool.dll_1391539811375
c:\program files\SearchProtect\Main\bin\SPtool.dll_1391539811640
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
.
.
((((((((((((((((((((((((( Files Created from 2014-01-06 to 2014-02-06 )))))))))))))))))))))))))))))))
.
.
2014-02-06 23:09 . 2014-02-06 23:09 -------- d-----w- c:\users\my computer\AppData\Local\temp
2014-02-06 23:09 . 2014-02-06 23:09 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-02-06 23:09 . 2014-02-06 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-06 22:53 . 2014-02-06 22:53 -------- d-----w- c:\users\my computer\.gimp-2.6
2014-02-06 18:28 . 2014-02-06 18:28 -------- d-----w- c:\users\my computer\AppData\Roaming\TuneUp Software
2014-02-04 19:38 . 2014-02-04 19:38 -------- d-----w- c:\program files\BearShare Applications
2014-02-04 19:26 . 2014-02-06 23:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A06FC686-DD91-4BF2-AE9F-A1FCE22F5003}\offreg.dll
2014-02-04 19:07 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A06FC686-DD91-4BF2-AE9F-A1FCE22F5003}\mpengine.dll
2014-02-04 19:00 . 2014-02-04 19:00 -------- d-----w- c:\programdata\Systweak
2014-02-04 18:59 . 2014-02-04 18:59 -------- d-----w- c:\users\my computer\AppData\Roaming\Systweak
2014-02-04 18:50 . 2014-02-04 18:50 -------- d-----w- c:\windows\system32\SearchProtect
2014-01-31 19:33 . 2014-01-31 19:32 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-31 19:31 . 2014-01-31 19:31 265072 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-01-30 11:03 . 2014-01-30 11:03 -------- d-----w- c:\windows\Migration
2014-01-30 00:14 . 2014-01-30 00:14 -------- d-----w- c:\program files\GIMP-2.0
2014-01-30 00:13 . 2014-01-30 00:13 -------- d-----w- c:\users\my computer\AppData\Local\TidyNetwork
2014-01-30 00:13 . 2014-02-04 18:56 -------- d-----w- c:\program files\Optimizer Pro
2014-01-30 00:11 . 2014-02-04 18:56 -------- d-----w- c:\users\my computer\AppData\Local\SearchProtect
2014-01-30 00:05 . 2014-01-30 00:05 -------- d-----w- c:\program files\Advanced System Protector
2014-01-30 00:05 . 2012-07-25 20:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Local\Programs
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Roaming\DigitalSites
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\program files\Image Converter
2014-01-29 21:31 . 2014-01-29 22:00 -------- d-----w- C:\AdwCleaner
2014-01-29 21:14 . 2014-01-29 21:14 -------- d-----w- C:\_OTL
2014-01-25 22:28 . 2014-01-25 22:32 -------- d-----w- c:\windows\system32\MRT
2014-01-15 19:22 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 19:22 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 19:22 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 19:22 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 19:22 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 19:22 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 19:22 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 19:22 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 19:22 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-14 20:45 . 2014-01-14 20:45 -------- d-----w- c:\programdata\McAfee Security Scan
2014-01-14 20:45 . 2014-01-14 20:45 -------- d-----w- c:\programdata\McAfee
2014-01-14 20:45 . 2014-01-15 20:46 -------- d-----w- c:\program files\McAfee Security Scan
2014-01-14 20:44 . 2014-01-14 20:45 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-09 22:16 . 2014-01-09 22:16 -------- d-----w- c:\users\my computer\AppData\Roaming\Neat
2014-01-09 22:16 . 2014-01-09 22:16 -------- d-----w- c:\programdata\Nuance
2014-01-09 22:16 . 2014-01-09 22:16 -------- d-----w- c:\users\my computer\AppData\Roaming\Nuance
2014-01-09 21:57 . 2014-01-09 21:57 -------- d-----w- c:\users\my computer\AppData\Local\The Neat Company
2014-01-09 21:30 . 2014-01-09 21:30 -------- d-----w- c:\program files\Send To Neat
2014-01-09 21:30 . 2013-11-14 08:05 192512 ----a-w- c:\windows\VPDAgent.exe
2014-01-09 21:30 . 2013-11-14 08:05 48640 ----a-w- c:\windows\system32\sdtnpm.dll
2014-01-09 21:28 . 2014-01-09 21:28 -------- d-----w- c:\program files\Common Files\NeatReceipts
2014-01-09 21:26 . 2014-01-09 21:26 -------- d-----w- c:\program files\Common Files\Intuit
2014-01-09 21:26 . 2014-01-09 21:26 -------- d-----w- c:\programdata\The Neat Company
2014-01-09 21:26 . 2014-01-09 21:34 -------- d-----w- c:\program files\Neat
2014-01-09 21:25 . 2014-01-09 21:25 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-01-09 21:25 . 2014-01-09 21:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-01-09 21:24 . 2014-01-09 21:29 -------- d-----w- c:\program files\Common Files\The Neat Company
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-31 19:33 . 2014-01-06 15:36 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-31 19:33 . 2014-01-06 15:36 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-31 19:33 . 2014-01-06 15:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-31 19:33 . 2014-01-06 15:36 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-31 19:33 . 2014-01-06 15:36 43152 ----a-w- c:\windows\avastSS.scr
2014-01-31 19:33 . 2014-01-06 15:36 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-29 20:51 . 2013-02-18 18:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-29 20:51 . 2013-02-18 18:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-16 17:59 . 2013-02-18 18:19 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 15:36 . 2014-01-06 15:36 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 15:36 . 2014-01-06 15:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-06 15:36 . 2014-01-06 15:36 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-19 17:12 . 2013-12-19 17:12 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 17:12 . 2013-12-19 17:12 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 17:12 . 2013-12-19 17:12 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 17:12 . 2013-12-19 17:12 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 17:12 . 2013-12-19 17:12 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 17:12 . 2013-12-19 17:12 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 17:12 . 2013-12-19 17:12 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 17:12 . 2013-12-19 17:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 17:12 . 2013-12-19 17:12 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 17:12 . 2013-12-19 17:12 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 17:12 . 2013-12-19 17:12 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 17:12 . 2013-12-19 17:12 337408 ----a-w- c:\windows\system32\html.iec
2013-12-19 17:12 . 2013-12-19 17:12 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 17:12 . 2013-12-19 17:12 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 17:12 . 2013-12-19 17:12 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 17:12 . 2013-12-19 17:12 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 17:12 . 2013-12-19 17:12 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 17:12 . 2013-12-19 17:12 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 17:12 . 2013-12-19 17:12 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 17:12 . 2013-12-19 17:12 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 11:03 . 2013-12-19 11:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-12-19 11:03 . 2013-12-19 11:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 11:03 . 2013-12-19 11:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-12-19 11:03 . 2013-12-19 11:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-19 11:03 . 2013-12-19 11:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-12-19 11:03 . 2013-12-19 11:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-12-19 11:03 . 2013-12-19 11:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-12-19 11:03 . 2013-12-19 11:03 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-19 11:03 . 2013-12-19 11:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-12-19 11:03 . 2013-12-19 11:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-12-19 11:03 . 2013-12-19 11:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-12-19 11:03 . 2013-12-19 11:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-12-19 11:03 . 2013-12-19 11:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-12-19 11:03 . 2013-12-19 11:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-19 11:01 . 2013-12-19 11:01 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-30 09:24 . 2013-11-30 09:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-26 09:23 . 2013-12-21 00:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-21 00:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-21 00:53 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-21 00:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-21 00:53 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-21 00:53 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-21 00:53 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-21 00:53 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-21 00:53 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-21 00:53 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26 . 2013-12-19 17:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:07 . 2013-12-18 17:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-31 19:33 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2686687"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"Spotify Web Helper"="c:\users\my computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-11 1171968]
"Spotify"="c:\users\my computer\AppData\Roaming\Spotify\spotify.exe" [2014-01-11 6118400]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-10-30 13103104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-31 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2013-2-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2013-11-14 192512]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-01-31 26136]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-01-31 265072]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-31 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-31 410784]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-30 37664]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-31 67824]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-01-31 113704]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-05-01 577088]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-12 122000]
S2 Neat Startup Service;Neat Startup Service;c:\program files\Neat\exec\NeatStartupService.exe [2014-01-03 5632]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-31 64168]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 23:53 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-12-15 23:59; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF - ExtSQL: !HIDDEN! 2013-09-30 21:17; [email protected]_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019BB4BED7FEDD1
FF - user.js: extensions.mysearchdial.instlDay - 16099
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:4:47
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 550948739
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 550948739
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-Digital Sites - c:\users\my computer\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-06 15:11:49
ComboFix-quarantined-files.txt 2014-02-06 23:11
.
Pre-Run: 97,111,085,056 bytes free
Post-Run: 97,350,959,104 bytes free
.
- - End Of File - - 95900BA21B5C8E7DFB0717A2D87B71D2
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#19
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hello The Real Cody,

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

ClearJavaCache::

Folder::

c:\users\my computer\AppData\Roaming\TuneUp Software
c:\program files\BearShare Applications
c:\users\my computer\AppData\Local\TidyNetwork
c:\program files\Optimizer Pro
c:\users\my computer\AppData\Local\SearchProtect
c:\program files\Advanced System Protector
c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
c:\users\my computer\AppData\Local\Programs
c:\users\my computer\AppData\Roaming\DigitalSites
c:\program files\Image Converter

File::

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]

Firefox::
FF - ExtSQL: 2013-12-15 23:59; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF - ExtSQL: !HIDDEN! 2013-09-30 21:17; [email protected]_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019BB4BED7FEDD1
FF - user.js: extensions.mysearchdial.instlDay - 16099
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:4:47
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 550948739
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 550948739
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
ReBoot::


Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Referring to the picture above, drag CFScript into ComboFix.exeWhen finished, it will produce a log for you at C:\ComboFix.txt which I will need in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Then, ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install.
  • Make sure that the option Remove found threats is unticked
  • If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first! located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Then paste the Logfile in the thread
  • Then click on: Finish
Please post back the Combofix log, MBAM log and the ESET log
  • 0

#20
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, I think I screwed this up. I ran combofix before saving that script into it. Should I try it again? Also, I couldnt figure out how to save the quoted text into it. Could you emphasize more on this? Thank you.
Here is the post it from combofix without the stuff I was to save into it.

ComboFix 14-02-05.02 - my computer 02/10/2014 13:07:20.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.1211 [GMT -8:00]
Running from: c:\users\my computer\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-01-10 to 2014-02-10 )))))))))))))))))))))))))))))))
.
.
2014-02-10 21:15 . 2014-02-10 21:15 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-02-10 21:15 . 2014-02-10 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-10 18:52 . 2014-02-10 18:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C852335F-A20C-4121-B48D-6464FB7DCD64}\offreg.dll
2014-02-07 19:16 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C852335F-A20C-4121-B48D-6464FB7DCD64}\mpengine.dll
2014-02-06 23:11 . 2014-02-10 21:15 -------- d-----w- c:\users\my computer\AppData\Local\temp
2014-02-06 22:53 . 2014-02-06 22:53 -------- d-----w- c:\users\my computer\.gimp-2.6
2014-02-06 18:28 . 2014-02-06 18:28 -------- d-----w- c:\users\my computer\AppData\Roaming\TuneUp Software
2014-02-04 19:38 . 2014-02-04 19:38 -------- d-----w- c:\program files\BearShare Applications
2014-02-04 19:00 . 2014-02-04 19:00 -------- d-----w- c:\programdata\Systweak
2014-02-04 18:59 . 2014-02-04 18:59 -------- d-----w- c:\users\my computer\AppData\Roaming\Systweak
2014-02-04 18:50 . 2014-02-04 18:50 -------- d-----w- c:\windows\system32\SearchProtect
2014-01-31 19:33 . 2014-01-31 19:32 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-31 19:31 . 2014-01-31 19:31 265072 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-01-30 11:03 . 2014-01-30 11:03 -------- d-----w- c:\windows\Migration
2014-01-30 00:14 . 2014-01-30 00:14 -------- d-----w- c:\program files\GIMP-2.0
2014-01-30 00:13 . 2014-01-30 00:13 -------- d-----w- c:\users\my computer\AppData\Local\TidyNetwork
2014-01-30 00:13 . 2014-02-04 18:56 -------- d-----w- c:\program files\Optimizer Pro
2014-01-30 00:11 . 2014-02-04 18:56 -------- d-----w- c:\users\my computer\AppData\Local\SearchProtect
2014-01-30 00:05 . 2014-01-30 00:05 -------- d-----w- c:\program files\Advanced System Protector
2014-01-30 00:05 . 2012-07-25 20:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Local\Programs
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Roaming\DigitalSites
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\program files\Image Converter
2014-01-29 21:31 . 2014-01-29 22:00 -------- d-----w- C:\AdwCleaner
2014-01-29 21:14 . 2014-01-29 21:14 -------- d-----w- C:\_OTL
2014-01-25 22:28 . 2014-01-25 22:32 -------- d-----w- c:\windows\system32\MRT
2014-01-15 19:22 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 19:22 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 19:22 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 19:22 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 19:22 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 19:22 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 19:22 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 19:22 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 19:22 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-14 20:45 . 2014-01-14 20:45 -------- d-----w- c:\programdata\McAfee Security Scan
2014-01-14 20:45 . 2014-01-14 20:45 -------- d-----w- c:\programdata\McAfee
2014-01-14 20:45 . 2014-01-15 20:46 -------- d-----w- c:\program files\McAfee Security Scan
2014-01-14 20:44 . 2014-01-14 20:45 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-31 19:33 . 2014-01-06 15:36 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-31 19:33 . 2014-01-06 15:36 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-31 19:33 . 2014-01-06 15:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-31 19:33 . 2014-01-06 15:36 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-31 19:33 . 2014-01-06 15:36 43152 ----a-w- c:\windows\avastSS.scr
2014-01-31 19:33 . 2014-01-06 15:36 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-29 20:51 . 2013-02-18 18:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-29 20:51 . 2013-02-18 18:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-16 17:59 . 2013-02-18 18:19 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 15:36 . 2014-01-06 15:36 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 15:36 . 2014-01-06 15:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-06 15:36 . 2014-01-06 15:36 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-19 17:12 . 2013-12-19 17:12 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 17:12 . 2013-12-19 17:12 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 17:12 . 2013-12-19 17:12 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 17:12 . 2013-12-19 17:12 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 17:12 . 2013-12-19 17:12 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 17:12 . 2013-12-19 17:12 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 17:12 . 2013-12-19 17:12 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 17:12 . 2013-12-19 17:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 17:12 . 2013-12-19 17:12 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 17:12 . 2013-12-19 17:12 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 17:12 . 2013-12-19 17:12 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 17:12 . 2013-12-19 17:12 337408 ----a-w- c:\windows\system32\html.iec
2013-12-19 17:12 . 2013-12-19 17:12 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 17:12 . 2013-12-19 17:12 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 17:12 . 2013-12-19 17:12 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 17:12 . 2013-12-19 17:12 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 17:12 . 2013-12-19 17:12 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 17:12 . 2013-12-19 17:12 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 17:12 . 2013-12-19 17:12 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 17:12 . 2013-12-19 17:12 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 11:03 . 2013-12-19 11:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-12-19 11:03 . 2013-12-19 11:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 11:03 . 2013-12-19 11:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-12-19 11:03 . 2013-12-19 11:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-19 11:03 . 2013-12-19 11:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-12-19 11:03 . 2013-12-19 11:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-12-19 11:03 . 2013-12-19 11:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-12-19 11:03 . 2013-12-19 11:03 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-19 11:03 . 2013-12-19 11:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-12-19 11:03 . 2013-12-19 11:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-12-19 11:03 . 2013-12-19 11:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-12-19 11:03 . 2013-12-19 11:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-12-19 11:03 . 2013-12-19 11:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-12-19 11:03 . 2013-12-19 11:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-19 11:01 . 2013-12-19 11:01 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-30 09:24 . 2013-11-30 09:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-26 09:23 . 2013-12-21 00:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-21 00:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-21 00:53 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-21 00:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-21 00:53 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-21 00:53 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-21 00:53 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-21 00:53 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-21 00:53 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-21 00:53 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26 . 2013-12-19 17:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-14 08:05 . 2014-01-09 21:30 192512 ----a-w- c:\windows\VPDAgent.exe
2013-11-14 08:05 . 2014-01-09 21:30 48640 ----a-w- c:\windows\system32\sdtnpm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-31 19:33 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2686687"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"Spotify Web Helper"="c:\users\my computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-11 1171968]
"Spotify"="c:\users\my computer\AppData\Roaming\Spotify\spotify.exe" [2014-01-11 6118400]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-10-30 13103104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-31 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2013-2-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-01-31 26136]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-01-31 265072]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-31 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-31 410784]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-30 37664]
S2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2013-11-14 192512]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-31 67824]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-01-31 113704]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-05-01 577088]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-12 122000]
S2 Neat Startup Service;Neat Startup Service;c:\program files\Neat\exec\NeatStartupService.exe [2014-01-03 5632]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-31 64168]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 23:53 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-12-15 23:59; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF - ExtSQL: !HIDDEN! 2013-09-30 21:17; [email protected]_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019BB4BED7FEDD1
FF - user.js: extensions.mysearchdial.instlDay - 16099
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:4:47
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 550948739
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 550948739
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-10 13:17:13
ComboFix-quarantined-files.txt 2014-02-10 21:17
ComboFix2.txt 2014-02-06 23:11
.
Pre-Run: 98,243,305,472 bytes free
Post-Run: 98,042,564,608 bytes free
.
- - End Of File - - 5BEA7FB55727F6E0E1093F77E91933C6
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#21
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
You didn't break anything, don't worry!!

Yes, I'll do my best to clarify.

Essentially you're working to do two things. The first is getting the script into a text file. The second is dragging it into Combofix (CF). Let start with the first. I'm going to assume that you know how to highlight the fix because you've done that in OTL. So, highlight the text then place your cursor on some part of the highlighted text and then right click with your mouse and select Copy. At this point the text is in your Paste Buffer.

Now, start up Notepad (not Word or anything else. It has to be Notepad). It should be part of your Accessories off the Start Button. Once you get Notepad going, if you click the Edit drop down in Notepad you can then select Paste, and the Fix (it should still be in your Paste buffer) will now be in Notepad. Select File (in Notepad) and Save As, and Save the file to the same place as CF is. Probably your Desktop.

If you're with me so far, you should now have a file on your Desktop (or whever you have ComboFix) with the Fix file and the Combofix Icon. Left click the Fix File and make sure your hold the button so that you can move the file around by using the mouse. (If you accidentally double click the Fix File, Notepad will open. Juts close it and start again.)As you move or drag the file around, move it right on top of the CF icon and release the mouse button. CF should start up and perform the fix.

Hopefully, this helps. If not, don't worry, we'll figure out something else.
  • 0

#22
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, Thanks and I think I got it. Here it is.
ComboFix 14-02-05.02 - my computer 02/11/2014 10:42:23.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.926 [GMT -8:00]
Running from: c:\users\my computer\Downloads\ComboFix.exe
Command switches used :: c:\users\my computer\Desktop\CFScriptB-4.gif.pagespeed.ce.9SFFpFAors.gif
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-11 to 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-11 19:12 . 2014-02-11 19:12 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-02-11 19:12 . 2014-02-11 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-11 16:39 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A0EBF6B-2F8F-4742-B1D1-7F7CC285CFC5}\mpengine.dll
2014-02-06 23:11 . 2014-02-11 19:12 -------- d-----w- c:\users\my computer\AppData\Local\temp
2014-02-06 22:53 . 2014-02-06 22:53 -------- d-----w- c:\users\my computer\.gimp-2.6
2014-02-06 18:28 . 2014-02-06 18:28 -------- d-----w- c:\users\my computer\AppData\Roaming\TuneUp Software
2014-02-04 19:38 . 2014-02-04 19:38 -------- d-----w- c:\program files\BearShare Applications
2014-02-04 19:00 . 2014-02-04 19:00 -------- d-----w- c:\programdata\Systweak
2014-02-04 18:59 . 2014-02-04 18:59 -------- d-----w- c:\users\my computer\AppData\Roaming\Systweak
2014-02-04 18:50 . 2014-02-04 18:50 -------- d-----w- c:\windows\system32\SearchProtect
2014-01-31 19:33 . 2014-01-31 19:32 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-31 19:31 . 2014-01-31 19:31 265072 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-01-30 11:03 . 2014-01-30 11:03 -------- d-----w- c:\windows\Migration
2014-01-30 00:14 . 2014-01-30 00:14 -------- d-----w- c:\program files\GIMP-2.0
2014-01-30 00:13 . 2014-01-30 00:13 -------- d-----w- c:\users\my computer\AppData\Local\TidyNetwork
2014-01-30 00:13 . 2014-02-04 18:56 -------- d-----w- c:\program files\Optimizer Pro
2014-01-30 00:11 . 2014-02-04 18:56 -------- d-----w- c:\users\my computer\AppData\Local\SearchProtect
2014-01-30 00:05 . 2014-01-30 00:05 -------- d-----w- c:\program files\Advanced System Protector
2014-01-30 00:05 . 2012-07-25 20:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Local\Programs
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\users\my computer\AppData\Roaming\DigitalSites
2014-01-30 00:04 . 2014-01-30 00:04 -------- d-----w- c:\program files\Image Converter
2014-01-29 21:31 . 2014-01-29 22:00 -------- d-----w- C:\AdwCleaner
2014-01-29 21:14 . 2014-01-29 21:14 -------- d-----w- C:\_OTL
2014-01-25 22:28 . 2014-01-25 22:32 -------- d-----w- c:\windows\system32\MRT
2014-01-15 19:22 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 19:22 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 19:22 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 19:22 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 19:22 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 19:22 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 19:22 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 19:22 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 19:22 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-14 20:45 . 2014-01-14 20:45 -------- d-----w- c:\programdata\McAfee Security Scan
2014-01-14 20:45 . 2014-01-14 20:45 -------- d-----w- c:\programdata\McAfee
2014-01-14 20:45 . 2014-01-15 20:46 -------- d-----w- c:\program files\McAfee Security Scan
2014-01-14 20:44 . 2014-01-14 20:45 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-31 19:33 . 2014-01-06 15:36 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-31 19:33 . 2014-01-06 15:36 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-31 19:33 . 2014-01-06 15:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-31 19:33 . 2014-01-06 15:36 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-31 19:33 . 2014-01-06 15:36 43152 ----a-w- c:\windows\avastSS.scr
2014-01-31 19:33 . 2014-01-06 15:36 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-29 20:51 . 2013-02-18 18:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-29 20:51 . 2013-02-18 18:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-16 17:59 . 2013-02-18 18:19 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 15:36 . 2014-01-06 15:36 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 15:36 . 2014-01-06 15:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-06 15:36 . 2014-01-06 15:36 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-19 17:12 . 2013-12-19 17:12 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 17:12 . 2013-12-19 17:12 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 17:12 . 2013-12-19 17:12 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 17:12 . 2013-12-19 17:12 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 17:12 . 2013-12-19 17:12 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 17:12 . 2013-12-19 17:12 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 17:12 . 2013-12-19 17:12 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 17:12 . 2013-12-19 17:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 17:12 . 2013-12-19 17:12 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 17:12 . 2013-12-19 17:12 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 17:12 . 2013-12-19 17:12 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 17:12 . 2013-12-19 17:12 337408 ----a-w- c:\windows\system32\html.iec
2013-12-19 17:12 . 2013-12-19 17:12 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 17:12 . 2013-12-19 17:12 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 17:12 . 2013-12-19 17:12 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 17:12 . 2013-12-19 17:12 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 17:12 . 2013-12-19 17:12 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 17:12 . 2013-12-19 17:12 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 17:12 . 2013-12-19 17:12 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 17:12 . 2013-12-19 17:12 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 11:03 . 2013-12-19 11:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-12-19 11:03 . 2013-12-19 11:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 11:03 . 2013-12-19 11:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-12-19 11:03 . 2013-12-19 11:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-19 11:03 . 2013-12-19 11:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-12-19 11:03 . 2013-12-19 11:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-12-19 11:03 . 2013-12-19 11:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-12-19 11:03 . 2013-12-19 11:03 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-19 11:03 . 2013-12-19 11:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-12-19 11:03 . 2013-12-19 11:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-12-19 11:03 . 2013-12-19 11:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-12-19 11:03 . 2013-12-19 11:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-12-19 11:03 . 2013-12-19 11:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-12-19 11:03 . 2013-12-19 11:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-19 11:01 . 2013-12-19 11:01 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-30 09:24 . 2013-11-30 09:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-26 09:23 . 2013-12-21 00:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-21 00:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-21 00:53 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-21 00:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-21 00:53 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-21 00:53 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-21 00:53 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-21 00:53 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-21 00:53 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-21 00:53 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26 . 2013-12-19 17:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-14 08:05 . 2014-01-09 21:30 192512 ----a-w- c:\windows\VPDAgent.exe
2013-11-14 08:05 . 2014-01-09 21:30 48640 ----a-w- c:\windows\system32\sdtnpm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-31 19:33 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2686687"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"Spotify Web Helper"="c:\users\my computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-11 1171968]
"Spotify"="c:\users\my computer\AppData\Roaming\Spotify\spotify.exe" [2014-01-11 6118400]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-10-30 13103104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-31 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2013-2-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-01-31 26136]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-01-31 265072]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-31 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-31 410784]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-30 37664]
S2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2013-11-14 192512]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-31 67824]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-01-31 113704]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-05-01 577088]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-12 122000]
S2 Neat Startup Service;Neat Startup Service;c:\program files\Neat\exec\NeatStartupService.exe [2014-01-03 5632]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-31 64168]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 23:53 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-12-15 23:59; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF - ExtSQL: !HIDDEN! 2013-09-30 21:17; [email protected]_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019BB4BED7FEDD1
FF - user.js: extensions.mysearchdial.instlDay - 16099
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:4:47
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 550948739
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 550948739
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-11 11:15:04
ComboFix-quarantined-files.txt 2014-02-11 19:15
ComboFix2.txt 2014-02-10 21:17
ComboFix3.txt 2014-02-06 23:11
.
Pre-Run: 97,095,602,176 bytes free
Post-Run: 96,869,588,992 bytes free
.
- - End Of File - - 7DFB6240EA8A7C5616FAB7B73B784CFD
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#23
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran malwarebytes and am running the online scanner now
  • 0

#24
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Looking at the Combofix log, unfortunately, the fix didn't go. Hang on before you do any other scans and I'm going to try a slightly different approach with the fix. I'll be back either later today or in the morning.
  • 0

#25
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application
C:\Program Files\Optimizer Pro\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Optimizer Pro\OptProLauncher.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application
  • 0

Advertisements


#26
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ok, Ill check back in the morning but am leaving till Tuesday up for work. So, please don't close if we miss each other till then. Thank you for all your help as it is greatly appreciated. Cody
  • 0

#27
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Here's some new instructions that will hopefully be a little easier. Also, maybe someone in the house can help out too. Kind of a "two heads are better than one" approach?

Here we go. Right now you have ComboFix in the download directory here...c:\users\my computer\Downloads\ComboFix.exe which is a little difficult to work with. I suggest that you either move (copy and paste) Combofix to the Desktop or, if you're not certain of the "copy and paste", do another Download of Combofix, but, this time specify that Combofix Install itself on the Desktop, that would make using Combofix a lot easier.

Next, I've already put the fix into a Text file (CFScript.txt) and you should find it with this posting. Copy that file your Desktop

At this point you should have CFScript.txt and Combofix on your Desktop. Now it is a matter of clicking on the CFScript.txt file, holding the button, sliding it on top of Combofix and releasing the button. Combofix should then begin to process the fix.

Let me know how that goes.

Attached Files


  • 0

#28
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Topic re-opened per OP's request...
  • 0

#30
The Real Cody

The Real Cody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK, here is my combo fix log.. and my eset log..

ComboFix 14-02-05.02 - my computer 02/18/2014 12:21:58.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.836 [GMT -8:00]
Running from: c:\users\my computer\Desktop\ComboFix.exe
Command switches used :: c:\users\my computer\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BearShare Applications
c:\program files\Image Converter
c:\program files\Image Converter\Image Converter\imageconverter.exe
c:\program files\Image Converter\Image Converter\libgcc_s_dw2-1.dll
c:\program files\Image Converter\Image Converter\libstdc++-6.dll
c:\program files\Image Converter\Image Converter\mingwm10.dll
c:\program files\Image Converter\Image Converter\plugins\imageformats\qgif4.dll
c:\program files\Image Converter\Image Converter\plugins\imageformats\qjpeg4.dll
c:\program files\Image Converter\Image Converter\plugins\imageformats\qtiff4.dll
c:\program files\Image Converter\Image Converter\qjson0.dll
c:\program files\Image Converter\Image Converter\QtCore4.dll
c:\program files\Image Converter\Image Converter\QtGui4.dll
c:\program files\Image Converter\Image Converter\uninstall.exe
c:\program files\Optimizer Pro
c:\program files\Optimizer Pro\bg_new1.bmp
c:\program files\Optimizer Pro\CookiesException.txt
c:\program files\Optimizer Pro\English.ini
c:\program files\Optimizer Pro\file_id.diz
c:\program files\Optimizer Pro\HomePage.url
c:\program files\Optimizer Pro\itdownload.dll
c:\program files\Optimizer Pro\OptimizerPro.chm
c:\program files\Optimizer Pro\OptimizerPro.exe
c:\program files\Optimizer Pro\OptProCrashSvc.dll
c:\program files\Optimizer Pro\OptProGuard.exe
c:\program files\Optimizer Pro\OptProReminder.exe
c:\program files\Optimizer Pro\OptProSchedule.exe
c:\program files\Optimizer Pro\OptProSmartScan.exe
c:\program files\Optimizer Pro\OptProStart.exe
c:\program files\Optimizer Pro\OptProUninstaller.exe
c:\program files\Optimizer Pro\scan.gif
c:\program files\Optimizer Pro\sqlite3.dll
c:\program files\Optimizer Pro\StartupList.txt
c:\program files\Optimizer Pro\unins000.dat
c:\program files\Optimizer Pro\unins000.exe
c:\program files\Optimizer Pro\unins000.msg
c:\users\my computer\AppData\Local\Programs
c:\users\my computer\AppData\Local\SearchProtect
c:\users\my computer\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe
c:\users\my computer\AppData\Roaming\DigitalSites
c:\users\my computer\AppData\Roaming\DigitalSites\UpdateProc\config.dat
c:\users\my computer\AppData\Roaming\DigitalSites\UpdateProc\prod.dat
c:\users\my computer\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT
c:\users\my computer\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT
c:\users\my computer\AppData\Roaming\TuneUp Software
c:\users\my computer\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000001.rcb
c:\users\my computer\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000002.rcb
c:\users\my computer\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000003.rcb
c:\users\my computer\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000004.rcb
c:\users\my computer\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000005.rcb
.
.
((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 )))))))))))))))))))))))))))))))
.
.
2014-02-18 20:51 . 2014-02-18 20:54 -------- d-----w- c:\users\my computer\AppData\Local\temp
2014-02-18 20:51 . 2014-02-18 20:51 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-02-18 20:51 . 2014-02-18 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-18 20:09 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A14A4797-1B21-4CD0-8504-6891669CD933}\mpengine.dll
2014-02-18 05:45 . 2014-02-18 05:45 -------- d-----w- C:\found.001
2014-02-13 11:03 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 00:35 . 2014-02-13 00:35 -------- d-----w- c:\program files\McAfee Security Scan
2014-02-12 19:56 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 19:56 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 19:55 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 19:55 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 19:55 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 19:55 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 19:55 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 19:55 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 19:55 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 19:55 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 19:55 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 19:55 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-12 19:55 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-11 19:30 . 2014-02-11 19:30 -------- d-----w- c:\users\my computer\AppData\Roaming\Malwarebytes
2014-02-11 19:30 . 2014-02-11 19:30 -------- d-----w- c:\programdata\Malwarebytes
2014-02-11 19:30 . 2014-02-11 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-11 19:30 . 2013-04-04 22:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-06 22:53 . 2014-02-06 22:53 -------- d-----w- c:\users\my computer\.gimp-2.6
2014-02-04 19:00 . 2014-02-11 20:25 -------- d-----w- c:\programdata\Systweak
2014-02-04 18:59 . 2014-02-11 20:25 -------- d-----w- c:\users\my computer\AppData\Roaming\Systweak
2014-02-04 18:50 . 2014-02-04 18:50 -------- d-----w- c:\windows\system32\SearchProtect
2014-01-31 19:33 . 2014-01-31 19:32 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-31 19:31 . 2014-01-31 19:31 265072 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-01-30 11:03 . 2014-01-30 11:03 -------- d-----w- c:\windows\Migration
2014-01-30 00:14 . 2014-01-30 00:14 -------- d-----w- c:\program files\GIMP-2.0
2014-01-30 00:05 . 2012-07-25 20:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2014-01-29 21:31 . 2014-01-29 22:00 -------- d-----w- C:\AdwCleaner
2014-01-29 21:14 . 2014-01-29 21:14 -------- d-----w- C:\_OTL
2014-01-25 22:28 . 2014-02-13 11:10 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-31 19:33 . 2014-01-06 15:36 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-31 19:33 . 2014-01-06 15:36 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-31 19:33 . 2014-01-06 15:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-31 19:33 . 2014-01-06 15:36 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-31 19:33 . 2014-01-06 15:36 43152 ----a-w- c:\windows\avastSS.scr
2014-01-31 19:33 . 2014-01-06 15:36 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-29 20:51 . 2013-02-18 18:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-29 20:51 . 2013-02-18 18:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-06 15:36 . 2014-01-06 15:36 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 15:36 . 2014-01-06 15:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-06 15:36 . 2014-01-06 15:36 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-19 17:12 . 2013-12-19 17:12 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 17:12 . 2013-12-19 17:12 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 17:12 . 2013-12-19 17:12 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 17:12 . 2013-12-19 17:12 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 17:12 . 2013-12-19 17:12 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 17:12 . 2013-12-19 17:12 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 17:12 . 2013-12-19 17:12 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 17:12 . 2013-12-19 17:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 17:12 . 2013-12-19 17:12 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 17:12 . 2013-12-19 17:12 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 17:12 . 2013-12-19 17:12 337408 ----a-w- c:\windows\system32\html.iec
2013-12-19 17:12 . 2013-12-19 17:12 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 17:12 . 2013-12-19 17:12 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 17:12 . 2013-12-19 17:12 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 17:12 . 2013-12-19 17:12 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 17:12 . 2013-12-19 17:12 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 17:12 . 2013-12-19 17:12 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 17:12 . 2013-12-19 17:12 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 17:12 . 2013-12-19 17:12 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 11:03 . 2013-12-19 11:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-12-19 11:03 . 2013-12-19 11:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 11:03 . 2013-12-19 11:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-12-19 11:03 . 2013-12-19 11:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-19 11:03 . 2013-12-19 11:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-19 11:03 . 2013-12-19 11:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-12-19 11:03 . 2013-12-19 11:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-12-19 11:03 . 2013-12-19 11:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-12-19 11:03 . 2013-12-19 11:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-12-19 11:03 . 2013-12-19 11:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-12-19 11:03 . 2013-12-19 11:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-12-19 11:03 . 2013-12-19 11:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-12-19 11:03 . 2013-12-19 11:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-12-19 11:03 . 2013-12-19 11:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-19 11:01 . 2013-12-19 11:01 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-12-18 14:13 . 2013-02-18 18:19 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-30 09:24 . 2013-11-30 09:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-27 01:14 . 2014-01-15 19:22 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13 . 2014-01-15 19:22 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13 . 2014-01-15 19:22 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13 . 2014-01-15 19:22 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13 . 2014-01-15 19:22 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13 . 2014-01-15 19:22 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13 . 2014-01-15 19:22 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11 . 2014-01-15 19:22 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10 . 2014-01-15 19:22 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-19 17:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-31 19:33 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2686687"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"Spotify Web Helper"="c:\users\my computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-11 1171968]
"Spotify"="c:\users\my computer\AppData\Roaming\Spotify\spotify.exe" [2014-01-11 6118400]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-10-30 13103104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-31 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 277920]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2013-2-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-01-31 26136]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-01-31 265072]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-31 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-31 410784]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-30 37664]
S2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2013-11-14 192512]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-31 67824]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-01-31 113704]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-05-01 577088]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-12 122000]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Neat Startup Service;Neat Startup Service;c:\program files\Neat\exec\NeatStartupService.exe [2014-01-03 5632]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-31 64168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 23:53 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-12 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: !HIDDEN! 2013-09-30 21:17; [email protected]_4w.com; c:\program files\Retrogamer_4w\bar\1.bin
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=550948739&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019BB4BED7FEDD1
FF - user.js: extensions.mysearchdial.instlDay - 16099
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:4:47
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 550948739
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 550948739
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0B0ByE0B0E0DyB0F0E0D0DtCtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Image Converter Image Converter - c:\program files\Image Converter\Image Converter\uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
AddRemove-Image Editor Packages - c:\users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-02-18 12:57:55 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-18 20:57
ComboFix2.txt 2014-02-11 19:15
ComboFix3.txt 2014-02-10 21:17
ComboFix4.txt 2014-02-06 23:11
.
Pre-Run: 97,647,005,696 bytes free
Post-Run: 97,365,946,368 bytes free
.
- - End Of File - - 217230B2415D161B84385FED27D4D0B3
A36C5E4F47E84449FF07ED3517B43A31



[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e85681f1cb61b4e934c3e32a7c15730
# engine=17126
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-18 09:54:09
# local_time=2014-02-18 01:54:09 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 66 80 1474722 1480935 0 0
# compatibility_mode=5893 16776573 100 94 0 144305240 0 0
# scanned=106075
# found=32
# cleaned=0
# scan_time=2592
sh=91BD9A2ACE6C1F533B1EDAD826E6A7B4C42F1CC6 ft=1 fh=e0d7a37d1750a170 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir"
sh=0DBD0B657BE45FA9D4340407997201B2A6068152 ft=1 fh=9cbe529653db9d6a vn="a variant of Win32/SProtector.F potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=47E4A554E0D12E4C5D65B45CB1CEFF5997389824 ft=1 fh=bc56293ed5818e2e vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"
sh=CE347A34A95F7AFF1F0625632F0014C36F41F455 ft=1 fh=4488e7f7e4a1f069 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=2e9dc85ff81fe5c7 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPtool.dll_1391539811375.vir"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=2e9dc85ff81fe5c7 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPtool.dll_1391539811640.vir"
sh=B2264702C0A5B52AA915DCA8B542EEE94486FCED ft=1 fh=a60e8c0d507a9da4 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=352F03029B982D0B927D70EF137661B8B486288D ft=1 fh=fabd6b9d384d7203 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\my computer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe.vir"
sh=6221A70A3E81444DE23B609326C96A95C6E33AD4 ft=1 fh=cbb35bed9698fcb9 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\my computer\Downloads\gimp-setup.exe"
sh=31D0B125962639ACC9DF9F39782A3207099DD924 ft=1 fh=ca95fc211bc2fbc3 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Mysearchdial\1.8.21.0\mysearchdialApp.dll"
sh=6857BD88EA938B705EFC3FD46D5C91D2C1B3EDE9 ft=1 fh=a2f65d85debd6839 vn="probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Mysearchdial\1.8.21.0\mysearchdialEng.dll"
sh=7ABB587B2A0D80E1EC4B2F1E8BB0E2C194FBB4A0 ft=1 fh=9074270edfd38722 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Mysearchdial\1.8.21.0\mysearchdialsrv.exe"
sh=3407FB00757C71D9CB28AEC2EC7855FF5D3A6609 ft=1 fh=67364266c19decdd vn="a variant of Win32/Toolbar.Montiera.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll"
sh=89DC63472DE94DF3F12DBAE15B7EBE6C04263369 ft=1 fh=7fb9e45e0079471d vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Mysearchdial\1.8.21.0\bh\mysearchdial.dll"
sh=20F9DBD232E70710AAAE5A8FD435B8077B31FC6A ft=1 fh=d4bef803184a6ed6 vn="a variant of Win32/SProtector.E potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Optimizer Pro\OptProCrash.dll"
sh=D9E274574C12779E2062951ED8D4BA4DA71E23D6 ft=1 fh=49cbf485b8b83c97 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\Optimizer Pro\OptProLauncher.exe"
sh=29537B5D9E0B9006067890E1D21D0CE6F22E8A99 ft=1 fh=6e7ef67f604e413f vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\RegClean Pro\Cloud_Backup_Setup.exe"
sh=EE0DBC090D6FC9DA0D0A84516D8D34BF1F96E196 ft=1 fh=44b5db033c27eea0 vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe"
sh=FF14293E8C41D7901514F79A4E253EEED849316C ft=1 fh=6750ee739e5190ec vn="a variant of Win32/BrowseFox.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\RightSurf\RightSurfBHO.dll"
sh=D1A818699EA6551A55CF894AB765F6F242AFF011 ft=1 fh=b8b1d56e46ef26fc vn="Win32/BrowseFox.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\RightSurf\RightSurfUninstall.exe"
sh=90847B442B1D41F331059B51FA27D242283B035C ft=1 fh=1fd07e1ca10df5de vn="a variant of Win32/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\RightSurf\updateRightSurf.exe"
sh=90847B442B1D41F331059B51FA27D242283B035C ft=1 fh=1fd07e1ca10df5de vn="a variant of Win32/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\RightSurf\bin\utilRightSurf.exe"
sh=CC7997DC5DFDA0A4118985E1574C506B90DABFE6 ft=1 fh=5c39f0b99bb64d0e vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\Main\bin\CltMngSvc.exe"
sh=3D1DCB30556EA0766411089AAEAB79FC1AFEA310 ft=1 fh=5fa1ce606c23dda1 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=3D1DCB30556EA0766411089AAEAB79FC1AFEA310 ft=1 fh=5fa1ce606c23dda1 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\cltmng.exe_1391539842008"
sh=D60F0FC1A5DF865967682C9CDF5C58B27895EE51 ft=1 fh=0606a0cb0cd6707a vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=E36CD2977163C378A0178EC05AEC6767319C31E9 ft=1 fh=b477c59167074b85 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=D8595AC85D8F92C3230A32EEA504688DB1ED17F0 ft=1 fh=f2435f1eb805151c vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=0C39E914AAF9157DC8F78EB6F671AC64EEC9F839 ft=1 fh=64ba1b4505fcb782 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=DADAC2224CB2FEA86209378DBD1947E2337F3656 ft=1 fh=a15b23d204248a72 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=8038EBAAE72F63C7028DFC56E2028402762C0286 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02042014_105548\C_Users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP