Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows explorer hanging up, files on drive C will not delete etc [Sol

Started by Geekimnot , Mar 07 2014 06:39 AM

  • This topic is locked This topic is locked

#61
godawgs
Posted 21 March 2014 - 08:10 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

On previous scans it has not listed any System Volume Information files in any of the Logs or Quarantined items.

When I went to check the System Volume Information folder, the icon is "grayed out" but will open, but will not allow me into System Restore folder

I'm not sure what you are saying here. This MBAM scan didn't show any System Volume Information files. Are you looking for something specific?

The System Volume Information folder is a hidden system folder. That's why it looks greyed out. When we are finished, we will hide this folder again and you won't be able to see it. You can't manipulate the System Volume Information folder like regular folder. You have to use the Windows operating system to make changes in that folder. What are you trying to do?

PLEASE NOTE THAT MY DELETED FILES HAVE RESTORED THEMSELVES AGAIN TODAY

Well that not good news. Let's get a fresh OTL scan and see if any malware has come back on the system.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • NOTE: There won't be a Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions above.
2. The OTL.txt log
  • 0

Advertisements

#62
Geekimnot
Posted 22 March 2014 - 12:27 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi

Went looking for the contents of the System Volume Information folder because it was specifically mentioned in your previous instruction wanted to make sure that I had not quaratined something by mistake.

Here is the OTL.txt


OTL logfile created on: 21/03/2014 22:34:03 - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hightorque UK\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19507)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.07% Memory free
6.14 Gb Paging File | 3.76 Gb Available in Paging File | 61.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 66.56 Gb Free Space | 23.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.20 Gb Free Space | 41.96% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 163.88 Gb Free Space | 54.98% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 36.28 Gb Free Space | 32.46% Space Free | Partition Type: NTFS
Drive H: | 931.28 Gb Total Space | 770.81 Gb Free Space | 82.77% Space Free | Partition Type: FAT32

Computer Name: HIGHTORQUEUK-PC | User Name: Hightorque UK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 11:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hightorque UK\Downloads\OTL.exe
PRC - [2014/02/23 16:38:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/18 07:47:14 | 003,795,160 | ---- | M] (Speedbit Ltd.) -- C:\Programs\DAP\DAP.exe
PRC - [2013/09/07 17:20:56 | 000,071,224 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7c\waol.exe
PRC - [2013/09/07 17:20:48 | 000,045,624 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7c\shellmon.exe
PRC - [2013/09/07 03:53:15 | 002,368,568 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7c\AOLBrowser\aolbrowser.exe
PRC - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/27 15:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/13 15:22:10 | 001,493,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
PRC - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/16 15:18:28 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/03/16 15:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1255507870\ee\aolsoftware.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 15:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/19 06:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/19 06:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/08/15 16:53:36 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtserv.exe
PRC - [2008/05/08 05:24:04 | 004,483,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Virtual PC\Virtual PC.exe
PRC - [2008/02/25 10:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE


========== Modules (No Company Name) ==========

MOD - [2014/02/14 07:39:50 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\032ab8e56366d48dc3f04b6eb7bc8c9f\System.Runtime.Serialization.ni.dll
MOD - [2014/02/14 07:39:46 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a8726347d3e5269f6d4fcb972341898c\SMDiagnostics.ni.dll
MOD - [2014/02/14 07:39:45 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1120b79bc6e03a4c84832103d1f05b67\System.ServiceModel.ni.dll
MOD - [2014/02/14 07:38:32 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2183861863b3c98036f0d75f303d2a65\System.Web.ni.dll
MOD - [2014/02/14 07:37:49 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/14 06:59:40 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/14 06:58:56 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/14 06:58:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/13 22:47:33 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 22:47:11 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/01/21 12:53:00 | 000,076,800 | ---- | M] () -- C:\Program Files\NCH Software\Meo\meodll.dll
MOD - [2014/01/17 06:56:24 | 000,010,752 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
MOD - [2014/01/17 06:56:22 | 000,012,800 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
MOD - [2014/01/17 06:56:15 | 000,012,800 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
MOD - [2014/01/17 06:56:07 | 000,010,240 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
MOD - [2014/01/17 06:56:03 | 000,011,776 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
MOD - [2013/10/21 07:44:45 | 000,009,216 | ---- | M] () -- C:\ProgramData\SpeedBit\DAP\Plugins\AddonsCondition.dll
MOD - [2013/09/07 17:20:57 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7c\zlib.dll
MOD - [2013/09/07 17:19:37 | 021,117,440 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7c\libcef.dll
MOD - [2013/09/07 17:19:35 | 000,648,704 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7c\libGLESv2.dll
MOD - [2013/09/07 17:19:35 | 000,122,880 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7c\libEGL.dll
MOD - [2013/09/07 17:19:22 | 000,094,208 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7c\components\Tier2Svc.dll
MOD - [2013/09/07 17:19:22 | 000,060,928 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7c\components\DataSvcs.dll
MOD - [2012/11/09 05:02:18 | 001,752,576 | ---- | M] () -- C:\Program Files\File Shredder\fsshell.dll
MOD - [2011/11/25 08:15:36 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSLOG.DLL
MOD - [2006/07/17 16:56:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSEVENT.DLL
MOD - [2006/07/17 16:56:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSERROR.DLL
MOD - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
MOD - [2006/07/17 16:44:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSREG.DLL
MOD - [2006/07/17 16:40:50 | 000,016,384 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SMSG.DLL


========== Services (SafeList) ==========

SRV - [2014/03/12 14:38:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/16 15:18:28 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/01/18 13:21:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/08/19 06:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/08/15 16:53:36 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 10:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/21 02:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netfilter.sys -- (netfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HIGHTO~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/03/21 12:48:21 | 000,049,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lfnbmwop.sys -- (lfnbmwop)
DRV - [2013/12/13 06:33:17 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/10/25 02:34:18 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/10/25 02:34:18 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/01 10:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/12/01 10:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2009/12/31 15:56:38 | 000,177,748 | ---- | M] (Divio Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcam.sys -- (DCamUSBNW802)
DRV - [2009/11/16 03:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/10/21 06:38:35 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 17:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/08/19 07:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 07:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/02/05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/21 02:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/29 22:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{86789896-718A-4BDD-93BC-10B967B0B5FC}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 8A F6 F7 95 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\SearchScopes\{7382B45C-D8A1-4143-8EE6-B25852BFA719}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\SearchScopes\FFF9366C2DEB4E6B8AE77F135949B1E9: "URL" = http://search.speedb...q={searchTerms}
IE - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 09:20:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programs\DAP\daplinkchecker [2013/10/18 07:50:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Programs\DAP\DAPFireFox [2013/10/18 07:50:48 | 000,000,000 | ---D | M]

[2010/07/23 10:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hightorque UK\AppData\Roaming\Mozilla\Extensions
[2010/07/23 10:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hightorque UK\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...E5D9C759C&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DAP Link Checker = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_1\
CHR - Extension: Google Search = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Google Wallet = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/09/01 12:17:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Programs\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programs\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1255507870\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [DAP10] C:\Programs\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [DownloadAccelerator] C:\Programs\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Programs\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Programs\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Programs\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Programs\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..Trusted Domains: rapidgator.net ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\..Trusted Domains: rapidgator.net ([www] http in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{625F0475-6EA3-4FEA-B9C8-224019DDD165}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3090621729-691808380-2464640456-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/21 12:48:20 | 000,049,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lfnbmwop.sys
[2014/03/17 08:17:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/17 08:06:17 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Hightorque UK\Desktop\JRT.exe
[2014/03/16 07:06:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/15 20:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/03/15 05:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/03/15 05:17:06 | 000,784,968 | ---- | C] (Reimage®) -- C:\TRANSLATE
[2014/03/15 05:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/03/14 06:52:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/14 06:52:45 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/14 06:52:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2014/03/14 06:52:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/03/14 06:52:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/14 06:52:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/14 06:52:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/03/14 06:52:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/03/14 06:52:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/14 06:52:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/14 06:52:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/14 06:52:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/14 06:52:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/14 06:52:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/03/14 06:52:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/14 06:52:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/14 06:52:36 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/14 06:52:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2014/03/14 06:52:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/03/14 06:52:34 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/14 06:52:32 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/14 06:52:30 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/14 06:50:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/03/12 06:41:47 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/10 08:55:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/08 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\iPubsoft files
[2014/03/08 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\iPubsoft
[2014/03/08 09:39:55 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\iPubsoft
[2014/03/08 09:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPubsoft
[2014/03/08 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPubsoft
[2014/03/08 09:39:08 | 003,692,780 | ---- | C] (iPubsoft ) -- C:\Users\Hightorque UK\Desktop\ipub-word2pdf-converter.exe
[2014/03/06 13:34:51 | 000,000,000 | ---D | C] -- C:\eBooks
[2014/03/04 17:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/04 17:33:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/03 11:19:45 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\damaged_parcel
[2014/03/01 06:54:44 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/02/25 13:34:48 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Roxio Log Files
[2014/02/24 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeSoft
[2014/02/24 18:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/02/22 11:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/22 07:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Plugins
[2014/02/21 14:58:21 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV
[2013/12/07 01:02:43 | 017,968,344 | ---- | C] (Steganos Software GmbH) -- C:\Users\Hightorque UK\safe2012int_nero.exe
[2012/09/03 12:15:12 | 053,588,376 | ---- | C] (TuneUp Software) -- C:\Users\Hightorque UK\TuneUpUtilities2012-multilingual.exe
[2012/09/03 12:10:50 | 436,342,856 | ---- | C] (Nero AG) -- C:\Users\Hightorque UK\Nero-11.2.00600.exe
[2011/03/03 09:38:21 | 014,117,728 | ---- | C] (IObit ) -- C:\Users\Hightorque UK\is360setup.exe
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Hightorque UK\*.tmp files -> C:\Users\Hightorque UK\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/21 22:44:08 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95D5E3F6-1BC2-48DA-87DA-387FB7EB0FB8}.job
[2014/03/21 22:42:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1187167D-694A-4D97-9748-C1A6B331311F}.job
[2014/03/21 22:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/21 22:19:46 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/21 20:50:05 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/21 20:50:05 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/21 13:44:01 | 000,649,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/21 13:44:01 | 000,125,862 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/21 12:48:21 | 000,049,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lfnbmwop.sys
[2014/03/21 12:29:37 | 000,027,648 | ---- | M] () -- C:\Users\Hightorque UK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/21 11:57:41 | 000,002,435 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Betting Assistant.lnk
[2014/03/21 08:19:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/19 22:48:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/19 22:48:31 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/18 11:15:42 | 000,058,029 | ---- | M] () -- C:\Users\Hightorque UK\Documents\inv141693.pdf
[2014/03/17 08:12:53 | 000,000,878 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\msseces.exe - Shortcut.lnk
[2014/03/17 08:06:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Hightorque UK\Desktop\JRT.exe
[2014/03/16 07:04:31 | 001,950,720 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\AdwCleaner.exe
[2014/03/15 20:44:20 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/15 06:01:10 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/03/15 05:17:16 | 000,784,968 | ---- | M] (Reimage®) -- C:\TRANSLATE
[2014/03/15 03:23:32 | 000,786,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/14 16:15:24 | 000,000,513 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\OTL.exe - Shortcut.lnk
[2014/03/14 12:27:54 | 000,000,512 | ---- | M] () -- C:\Users\Hightorque UK\Documents\MBR.dat
[2014/03/14 07:08:28 | 000,000,624 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\TFC.exe - Shortcut.lnk
[2014/03/14 07:07:55 | 000,000,631 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\FRST.exe - Shortcut.lnk
[2014/03/12 14:38:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/12 14:38:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/10 08:13:34 | 000,000,710 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Norton_Removal_Tool.exe - Shortcut.lnk
[2014/03/08 10:19:44 | 383,168,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/08 09:39:51 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\iPubsoft Word to PDF Converter.lnk
[2014/03/08 09:39:13 | 003,692,780 | ---- | M] (iPubsoft ) -- C:\Users\Hightorque UK\Desktop\ipub-word2pdf-converter.exe
[2014/03/07 09:39:23 | 000,000,897 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\PDFToePUB.exe - Shortcut.lnk
[2014/03/07 09:10:14 | 000,070,664 | ---- | M] () -- C:\Users\Hightorque UK\Documents\Inv141667.pdf
[2014/03/06 12:13:43 | 000,000,680 | ---- | M] () -- C:\Users\Hightorque UK\AppData\Local\d3d9caps.dat
[2014/03/04 17:34:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 11:04:12 | 000,000,524 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\New - Shortcut.lnk
[2014/03/03 11:19:45 | 006,754,680 | ---- | M] () -- C:\Users\Hightorque UK\Documents\damaged_parcel.zip
[2014/02/28 14:18:02 | 000,000,876 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Norton Installation Files.lnk
[2014/02/25 13:38:18 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2014/02/23 17:44:42 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/23 17:44:35 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2014/02/23 17:44:34 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/23 17:44:34 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/02/23 17:44:33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/02/23 17:44:32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/23 17:44:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/23 17:44:31 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/02/23 17:44:31 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/02/23 17:44:31 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/23 17:44:31 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/02/23 17:44:31 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/23 17:44:31 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/23 17:44:27 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2014/02/23 16:45:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/02/23 16:38:31 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/23 16:38:28 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/23 16:38:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/02/23 16:38:15 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/23 08:29:04 | 000,001,957 | ---- | M] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/21 14:58:23 | 000,000,945 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\OutfoxTV.lnk
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[34 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Hightorque UK\*.tmp files -> C:\Users\Hightorque UK\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/18 11:15:41 | 000,058,029 | ---- | C] () -- C:\Users\Hightorque UK\Documents\inv141693.pdf
[2014/03/17 08:12:53 | 000,000,878 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\msseces.exe - Shortcut.lnk
[2014/03/17 07:57:05 | 3184,513,024 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/16 07:04:23 | 001,950,720 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\AdwCleaner.exe
[2014/03/15 05:04:28 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/03/14 16:15:24 | 000,000,513 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\OTL.exe - Shortcut.lnk
[2014/03/14 12:27:54 | 000,000,512 | ---- | C] () -- C:\Users\Hightorque UK\Documents\MBR.dat
[2014/03/14 07:08:31 | 000,000,624 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\TFC.exe - Shortcut.lnk
[2014/03/14 07:08:00 | 000,000,631 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\FRST.exe - Shortcut.lnk
[2014/03/10 08:13:39 | 000,000,710 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\Norton_Removal_Tool.exe - Shortcut.lnk
[2014/03/08 09:39:50 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\iPubsoft Word to PDF Converter.lnk
[2014/03/07 09:39:23 | 000,000,897 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\PDFToePUB.exe - Shortcut.lnk
[2014/03/07 09:10:12 | 000,070,664 | ---- | C] () -- C:\Users\Hightorque UK\Documents\Inv141667.pdf
[2014/03/04 17:34:15 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 11:04:26 | 000,000,524 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\New - Shortcut.lnk
[2014/03/04 08:06:54 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/03 11:18:52 | 006,754,680 | ---- | C] () -- C:\Users\Hightorque UK\Documents\damaged_parcel.zip
[2014/02/25 13:38:16 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2014/02/22 11:59:12 | 000,001,957 | ---- | C] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/22 11:59:12 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/21 14:58:22 | 000,000,945 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\OutfoxTV.lnk
[2013/08/11 19:07:17 | 000,224,041 | ---- | C] () -- C:\Users\Hightorque UK\Northampton_Milton_Keynes_Leighton_Buzzard_London.pdf
[2013/08/05 08:34:37 | 030,914,760 | ---- | C] () -- C:\Users\Hightorque UK\TomTomHOME2winlatest_1.exe
[2013/08/05 08:33:37 | 030,914,760 | ---- | C] () -- C:\Users\Hightorque UK\TomTomHOME2winlatest.exe
[2013/04/30 13:32:14 | 000,282,624 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\SettingsDB.sdf
[2012/11/22 08:19:20 | 000,013,399 | ---- | C] () -- C:\Users\Hightorque UK\248.pdf
[2012/11/19 16:19:07 | 000,013,535 | ---- | C] () -- C:\Users\Hightorque UK\247.pdf
[2012/11/19 09:15:24 | 000,013,456 | ---- | C] () -- C:\Users\Hightorque UK\246.pdf
[2012/11/19 08:05:09 | 000,013,446 | ---- | C] () -- C:\Users\Hightorque UK\245.pdf
[2012/11/11 19:29:13 | 000,013,438 | ---- | C] () -- C:\Users\Hightorque UK\243.pdf
[2012/11/05 20:36:21 | 000,013,412 | ---- | C] () -- C:\Users\Hightorque UK\242.pdf
[2012/10/27 08:53:01 | 000,013,419 | ---- | C] () -- C:\Users\Hightorque UK\241.pdf
[2012/10/24 08:08:34 | 000,013,434 | ---- | C] () -- C:\Users\Hightorque UK\240.pdf
[2012/10/20 06:53:25 | 000,000,000 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\.NANotifyHere
[2012/10/05 15:42:42 | 000,013,395 | ---- | C] () -- C:\Users\Hightorque UK\237.pdf
[2012/10/05 15:42:26 | 000,013,393 | ---- | C] () -- C:\Users\Hightorque UK\236.pdf
[2012/09/29 06:53:56 | 000,013,400 | ---- | C] () -- C:\Users\Hightorque UK\235.pdf
[2012/09/20 14:40:24 | 000,013,497 | ---- | C] () -- C:\Users\Hightorque UK\234.pdf
[2012/09/18 07:37:21 | 000,013,549 | ---- | C] () -- C:\Users\Hightorque UK\233.pdf
[2012/09/15 18:48:01 | 000,013,382 | ---- | C] () -- C:\Users\Hightorque UK\232.pdf
[2012/09/05 09:49:38 | 000,013,481 | ---- | C] () -- C:\Users\Hightorque UK\231.pdf
[2012/09/04 12:20:38 | 000,005,102 | ---- | C] () -- C:\Users\Hightorque UK\page.pdf
[2012/09/03 12:16:39 | 000,060,285 | ---- | C] () -- C:\Users\Hightorque UK\RE-1201012735.pdf
[2012/03/16 11:02:58 | 000,014,412 | ---- | C] () -- C:\Users\Hightorque UK\Invoice R Gorry.pdf
[2012/02/10 09:30:35 | 000,000,000 | ---- | C] () -- C:\Users\Hightorque UK\chkdsk
[2011/09/01 15:29:54 | 009,395,499 | ---- | C] () -- C:\Users\Hightorque UK\smartstampsetup3.0.0.8XP.zip
[2010/08/25 09:54:17 | 000,000,780 | ---- | C] () -- C:\Users\Hightorque UK\.recently-used.xbel
[2010/06/18 14:40:14 | 000,000,340 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\wklnhst.dat
[2009/12/09 11:43:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/24 08:39:59 | 000,178,688 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009/10/22 15:21:53 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/10/14 09:24:51 | 000,000,680 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Local\d3d9caps.dat
[2009/10/13 13:50:47 | 000,027,648 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 11:05:29 | 000,000,008 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\usb.dat.bin

========== ZeroAccess Check ==========

[2006/11/02 12:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200AAKS-75L9A0
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200AAKS-00V1A0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: BUFFALO HD-PCTU2 USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD 1200BEVExternal USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Dell USB Mass Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 78.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 82837504
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 288.00GB
Starting Offset: 10820255744
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: HIGHTORQUEUK-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 288 GB Healthy System
Volume 3 F New Volume NTFS Partition 298 GB Healthy
Volume 4 H HD-PCU2 FAT32 Partition 932 GB Healthy
Volume 5 G New Volume NTFS Partition 112 GB Healthy
Volume 6 I Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 929 bytes -> C:\Users\Hightorque UK\Documents\Ricevutadeltuopagamentoahightorqueuk@aol_com.eml:OECustomProperty
@Alternate Data Stream - 454 bytes -> C:\Windows\System32\drivers\lfnbmwop.sys:changelist
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >
  • 0

#63
godawgs
Posted 22 March 2014 - 10:05 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I don't see any new malware files in the last OTL scan. The malware files that we removed haven't returned. But something is causing the problem. The Search Conduit homepage has returned to the Chrome browser.
Can you tell me what you were running or doing just before the deleted files reappeared on the C:\ drive?

Do you know anything about this file:

(Reimage®) -- C:\TRANSLATE

Is this some kind of PC repair software?


Can you tell me anything about the following programs?

C:\ProgramData\SafeSoft
C:\ProgramData\InstallMate
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller


I also see the following setup files in the C:\Users\Hightorque UK folder:

TuneUpUtilities2012-multilingual.exe
is360setup.exe

The is360setup.exe file is for the Iobit antivirus/antimalware program. Have you installed the Iobit or TuneUpUtilities programs on the computer at some time.

Can you tell me what files you have been downloading or what you have been doing when the 3rd party programs that I previously mentioned have gotten downloaded onto the computer?

This is a new file on the system:

C:\Windows\System32\drivers\lfnbmwop.sys

I can't find any info. on it. If shows to be a Microsoft file so there should be some info on it. There is a new process showing in the last log that appears to be related to Microsoft RSS feeds, but that doesn't have anything to do with the new file. So let's have it scanned. I also want to uninstall another program.


Step-1.

Program uninstall

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

InstallConverter

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.



Step-2.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\System32\drivers\lfnbmwop.sys.
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Virustotal URL address.
2. Let me know how the uninstall went.
  • 0

#64
Geekimnot
Posted 22 March 2014 - 01:32 PM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi,

Don't recognise (Reimage®) -- C:\TRANSLATE

I did once download a language translation program, but deleted it because it did not work very well.

This is probably associated with the TRANSLATE

TuneUpUtilities2012-multilingual.exe

****************************
Do not recognise

is360setup.exe

****************************

I have downloaded a lot of programs over the last three years, photo manipulation, technical drawing files, text conversion, web page design programs and so on, I can only assume that some more piggybacking went on.

Dont recognise
C:\ProgramData\SafeSoft
C:\ProgramData\InstallMate
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller

*****************************

Unistalled InstallConverter

*****************************

URL for Virustotal


https://www.virustot...sis/1395515607/

*****************************

I have been going through the installed programs trying to decide which to uninstall, but the data produced (date last used etc) is not particularly helpful, does not seem to be accurate, is there a way to find redundant programs ?
  • 0

#65
rshaffer61
Posted 22 March 2014 - 03:15 PM

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
is360setup.exe is part of the Iobit Security 360 software.
  • 0

#66
Geekimnot
Posted 22 March 2014 - 04:34 PM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi,

Should I delete it ??
  • 0

#67
rshaffer61
Posted 22 March 2014 - 05:01 PM

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
I will leave that to your malware tech since he is running lead on this. The only thing I will ask is if you have or did you have Iobit installed on your system at one time?
  • 0

#68
godawgs
Posted 22 March 2014 - 05:45 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Don't delete anything please. I am going back thru the logs and I will come back with more instructions.

The only way to look for programs that are installed is to go through the All Programs list in the Start menu or go through the list of installed programs in the programs list in Control Panel. The problem with the list in Control Panel is that some programs, especially malware, install them selves and then hide the installation entry from the installed programs list.

Please answer rshaffer61's question about whether or not you ever installed any Iobit program(s).

I'll be back.
  • 0

#69
Geekimnot
Posted 23 March 2014 - 02:46 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Godawgs,

It was not until after I replied that I noticed that the question had not been posted by you, but no I do not recognise the program lobit.
  • 0

#70
rshaffer61
Posted 23 March 2014 - 04:56 AM

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
The program is iobit
  • 0

Advertisements

#71
godawgs
Posted 23 March 2014 - 10:16 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's reset the Chrome homepage, re-run AdwCleaner and see if the SoftwareWatcher bundle and FileParade bundle uninstaller folders have an uninstall file in them.
But first we will set a new Restore Point.


Step-1.

Make a Fresh Restore Point

  • Click the Start Orb Posted Image. Right click Computer and click Properties
  • In the left column under Tasks, click System Protection. Posted Image If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection Tab.
  • In the Available Disks section put a check mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    • In Windows 7 it will be named Protection Settings. Make sure the protection is On for Local Disk (?) (System).
    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • A System Protection window will open.

    Posted Image
  • Type in a name for the restore point, i.e: Before Fixes and click Create
  • The System Protection window will tell you a Restore Point is being created.
  • The System Protection window will then tell you the Restore Point was created successfully. Click OK
  • Click OK again.
  • Close the Control Panel

Step-2.

Set your home page

Open the Chrome browser

  • Click the Chrome menu icon Posted Image on the browser toolbar.
  • Select Settings and find the Set your home page section.
  • Find the search.conduit entry and change it to another page, like www.google.com
  • Close the browser

IF that doesn't work:

Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image

    Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • When the Show Home button checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change and enter the new address, like http://www.google.com.
  • Finally, once you are satisfied with your new setting, click on the OK button.

Step-3.

Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Let's see if the SoftwareWatcher bundle and the FileParade bundle uninstalled folders have an uninstall file in them.


Step-4
A.
  • Navigate to the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle folder and click it to open it.
  • Look for a file named Unwise.exe or Uninstall.exe or Uninstall Softwarewatcher bundle.exe
  • If you find one of those files, right click it and click Run as Administrator and ok any UAC prompts to run the uninstaller.
  • Let me know if the uninstaller ran successfully or if you got an error message.
B.
  • Navigate to the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller folder and click it to open it.
  • Look for a file Unwise.exe or Uninstall.exe or FileParade bundle uninstaller.exe
  • If you find one of those files, right click it and click Run as Administrator and ok any UAC prompts to run the uninstaller.
  • Let me know if the uninstaller ran successfully or if you got an error message.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you were able to set the Chrome homepage successfully.
2. Let me know if the SoftwareWatcher bundle and FileParade bundle uninstaller uninstallers ran successfully.
3. The AdwCleaner[S3].txt log
  • 0

#72
Geekimnot
Posted 24 March 2014 - 02:51 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts

Hi,

 

Restore point created

 

Chrome default changed to Google

 

Requested uninstallers not found

 

AWDcleaner log

 

 

# AdwCleaner v3.022 - Report created 23/03/2014 at 22:48:31

# Updated 13/03/2014 by Xplode

# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)

# Username : Hightorque UK - HIGHTORQUEUK-PC

# Running from : C:\Users\Hightorque UK\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19507

 

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\Hightorque UK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [18241 octets] - [16/03/2014 07:06:18]

AdwCleaner[R1].txt - [16995 octets] - [16/03/2014 08:38:08]

AdwCleaner[R2].txt - [17117 octets] - [16/03/2014 21:26:30]

AdwCleaner[R3].txt - [1251 octets] - [23/03/2014 22:45:23]

AdwCleaner[S0].txt - [1828 octets] - [16/03/2014 07:10:33]

AdwCleaner[S1].txt - [363 octets] - [16/03/2014 08:42:15]

AdwCleaner[S2].txt - [16972 octets] - [16/03/2014 21:27:14]

AdwCleaner[S3].txt - [1173 octets] - [23/03/2014 22:48:31]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1233 octets] ##########


  • 0

#73
godawgs
Posted 24 March 2014 - 11:42 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's unplug the external hard drives and run an OTL fix. I want to unplug the external hard drives to see if the fix will run to completion and not get hung on emptying the temp files.

Step-1.

otlicon.pngOTL Fix

Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.



:COMMANDS
[createrestorepoint]

:OTL
15 05:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/03/15 06:01:10 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/03/15 05:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/03/15 05:17:16 | 000,784,968 | ---- | M] (Reimage®) -- C:\TRANSLATE
[2014/02/28 14:18:02 | 000,000,876 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Norton Installation Files.lnk
[2014/02/24 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeSoft
[2014/02/24 18:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/09/03 12:15:12 | 053,588,376 | ---- | C] (TuneUp Software) -- C:\Users\Hightorque UK\TuneUpUtilities2012-multilingual.exe
[2011/03/03 09:38:21 | 014,117,728 | ---- | C] (IObit ) -- C:\Users\Hightorque UK\is360setup.exe

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open otlicon.png on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse point inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

NOTE: If the OTL fix hangs up again, stop here and let me know. If it runs to completion continue withe Step 2.


Step-2.

Run OTL again and click the qscan.png button. Post the log it produces in your next reply.

After getting the new OTL log you can re-attach the external hard drives.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
  • 0

#74
Geekimnot
Posted 25 March 2014 - 01:00 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts

Hi

 

Removable drives disconnected.

 

OTL fix ran from 18h50 until I went to bed at 22h30, at that time the priogress bar was flashing sporadically. When I got up this morning OTL had hung up.


  • 0

#75
godawgs
Posted 26 March 2014 - 08:45 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I don't know why OTL is hanging on the emptytemp commamd. I have re-written that fix and excluded that command. Please run the fix and then get a fresh OTL log.

 

 

Step-1.

otlicon.pngOTL Fix

Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
 

:COMMANDS
[createrestorepoint]

:OTL
15 05:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/03/15 06:01:10 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/03/15 05:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/03/15 05:17:16 | 000,784,968 | ---- | M] (Reimage®) -- C:\TRANSLATE
[2014/02/28 14:18:02 | 000,000,876 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Norton Installation Files.lnk
[2014/02/24 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeSoft
[2014/02/24 18:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/09/03 12:15:12 | 053,588,376 | ---- | C] (TuneUp Software) -- C:\Users\Hightorque UK\TuneUpUtilities2012-multilingual.exe
[2011/03/03 09:38:21 | 014,117,728 | ---- | C] (IObit ) -- C:\Users\Hightorque UK\is360setup.exe

:COMMANDS
[reboot]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open otlicon.png on your desktop. To do that:

  • Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse point inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.
Run OTL again and click the qscan.png button. Post the log it produces in your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Please don't[/size] attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP