Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups EVERYWHERE (from Flash update?) [Solved]

Started by Dolly99 , Jan 04 2014 04:37 PM

  • This topic is locked This topic is locked

#16
Dolly99
Posted 08 January 2014 - 09:40 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 09/01/2014 at 9:00:12.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\referenceboss_1p.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\referenceboss_1p.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\referenceboss_1p.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\referenceboss_1p.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\referenceboss_1p.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\referenceboss_1p.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\pricepeep.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5BD302CD-E0C9-4CC7-B9B3-1EBFB69785FE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B3B5363E-467C-4E01-A0A3-C32036341352}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4676D53-FCE5-4A19-BE4D-97E6EAF7E19A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E79F1E34-A255-458A-9A9A-4A0D0B1F974D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FC379B95-D61C-4DA0-986D-9BED861451E0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricepeep
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6AC78041-1CE8-4316-AEBF-43102125A52B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B86C1ED6-6660-C7E9-0864-39A5C08BF570}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B86C1ED6-6660-C7E9-0864-39A5C08BF570}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B86C1ED6-6660-C7E9-0864-39A5C08BF570}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\re-markit"
Successfully deleted: [Folder] "C:\Program Files\referenceboss_1p"
Successfully deleted: [Folder] "C:\Program Files\referenceboss_1pei"



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/01/2014 at 9:03:17.84
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements

#17
Dolly99
Posted 08 January 2014 - 10:05 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OLT log

OTL logfile created on: 9/01/2014 2:55:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.86% Memory free
3.85 Gb Paging File | 2.46 Gb Available in Paging File | 63.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 19.91 Gb Free Space | 25.49% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 288.11 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
Drive E: | 387.63 Gb Total Space | 382.32 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 372.60 Gb Total Space | 119.30 Gb Free Space | 32.02% Space Free | Partition Type: NTFS

Computer Name: MASTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/07 15:05:55 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/01/06 14:53:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2014/01/04 21:08:21 | 000,066,328 | ---- | M] () -- C:\Program Files\GreyGray\bin\utilGreyGray.exe
PRC - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () -- C:\Program Files\GreyGray\updateGreyGray.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 19:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/09/06 22:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 22:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/11/14 15:21:30 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 03:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/03 13:32:16 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/10 16:19:32 | 001,051,648 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/03/21 06:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
PRC - [2005/11/19 20:17:39 | 000,976,608 | ---- | M] (Karen Kenworthy) -- C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/07 15:05:53 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll
MOD - [2014/01/07 15:05:52 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll
MOD - [2014/01/07 15:05:49 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
MOD - [2014/01/07 15:04:42 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll
MOD - [2014/01/04 21:08:21 | 000,066,328 | ---- | M] () -- C:\Program Files\GreyGray\bin\utilGreyGray.exe
MOD - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () -- C:\Program Files\GreyGray\updateGreyGray.exe
MOD - [2013/10/11 03:16:28 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/11 03:16:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/11 03:15:31 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/10/11 03:15:29 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/10/11 03:15:21 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/10/11 03:15:18 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/08/15 04:09:52 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a06f7104593927a9e9be4afd4199b404\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/15 04:07:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/08/15 04:04:31 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/15 04:04:17 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:02:53 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:02:45 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:02:39 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 04:02:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 15:18:33 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2009/11/14 15:21:30 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/21 06:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe


========== Services (SafeList) ==========

SRV - [2014/01/04 21:08:21 | 000,066,328 | ---- | M] () [Auto | Running] -- C:\Program Files\GreyGray\bin\utilGreyGray.exe -- (Util GreyGray)
SRV - [2013/12/12 02:00:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () [Auto | Running] -- C:\Program Files\GreyGray\updateGreyGray.exe -- (Update GreyGray)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/14 15:21:30 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/04 15:33:11 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/03 13:32:16 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/11/10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187.sys -- (RTLWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/01/09 14:51:56 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{503AFFB1-2ED5-4718-851B-6F244613DEF0}\MpKsl2a4e99ff.sys -- (MpKsl2a4e99ff)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/14 15:21:30 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/20 15:22:53 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/08/20 15:21:54 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/08/20 15:21:54 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2007/07/19 11:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/03 13:33:04 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/11/10 16:17:50 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/11/10 16:16:34 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/11/10 16:15:56 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2006/11/10 16:15:44 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/08/13 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7DD682B4-E35D-4CF5-894F-19B51EC2C219}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\SearchScopes,DefaultScope = {7DD682B4-E35D-4CF5-894F-19B51EC2C219}
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\SearchScopes\{6AC78041-1CE8-4316-AEBF-43102125A52B}: "URL" = http://websearch.ask...32-70911F5B1AE3
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\SearchScopes\{7DD682B4-E35D-4CF5-894F-19B51EC2C219}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-1220945662-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2007/11/16 14:06:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@ReferenceBoss_1p.com/Plugin: C:\Program Files\ReferenceBoss_1p\bar\1.bin\NP1pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\1pffxtbr@ReferenceBoss_1p.com: C:\Program Files\ReferenceBoss_1p\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AmiExt\flashEnhancer\ff [2014/01/04 13:11:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ff893d95-065a-4906-8049-1650c9a8d1e8}: C:\Program Files\Re-markit\150.xpi

[2010/06/16 14:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 12:37:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2014/01/04 13:11:00 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...&rlz=1I7GGLJ_en
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX\u00C2\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0\
CHR - Extension: flash-Enhancer = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\
CHR - Extension: SaveClicker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\
CHR - Extension: GreyGray = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/01/08 10:42:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Re-markit) - {0e5c45b4-01f1-4819-b787-a8e762895782} - C:\Program Files\Re-markit\150.dll File not found
O2 - BHO: (GreyGray) - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files\GreyGray\GreyGrayBHO.dll (GreyGray)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SaveClicker) - {B86C1ED6-6660-C7E9-0864-39A5C08BF570} - C:\Program Files\SaveClicker\mS2JqA.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1715567821-1220945662-725345543-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1715567821-1220945662-725345543-500..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1715567821-1220945662-725345543-500..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1715567821-1220945662-725345543-500..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk = C:\Qoobox\Quarantine\C\Program Files\PricePeep\PricePeepUpdater.exe.vir ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..Trusted Domains: login.facebook.com ([]https in Trusted sites)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187500547250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187501070656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34AFC1BE-6F78-4975-82A6-5E9D158156B1}: DhcpNameServer = 192.168.0.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 18:03:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/09 14:44:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 06:42:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/09 06:38:06 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/01/08 10:51:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/08 10:35:12 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2014/01/08 10:24:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/08 10:21:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/08 10:21:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/08 10:21:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/08 10:21:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/08 10:21:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/08 10:21:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/08 10:13:20 | 005,160,001 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/01/07 09:47:34 | 000,285,952 | ---- | C] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys.bak
[2014/01/07 09:47:34 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/07 09:47:33 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/07 09:47:33 | 000,035,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys.bak
[2014/01/07 09:47:33 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys.bak
[2014/01/07 09:47:33 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys.bak
[2014/01/07 09:47:33 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys.bak
[2014/01/07 09:47:33 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys.bak
[2014/01/07 09:47:33 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys.bak
[2014/01/07 09:47:33 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys.bak
[2014/01/07 09:47:32 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/07 09:47:32 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/07 09:47:32 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/07 09:47:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/07 09:47:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/07 09:47:32 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/07 09:47:31 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/07 09:47:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/07 09:47:31 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/07 09:47:31 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/07 09:47:31 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/07 09:47:31 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/07 09:47:30 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys.bak
[2014/01/07 09:47:30 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys.bak
[2014/01/07 09:47:30 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys.bak
[2014/01/07 09:47:30 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/07 09:47:30 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/07 09:47:30 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/07 09:47:30 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys.bak
[2014/01/07 09:47:30 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys.bak
[2014/01/07 09:47:29 | 000,392,960 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys.bak
[2014/01/07 09:47:29 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys.bak
[2014/01/07 09:47:29 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/07 09:47:29 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys.bak
[2014/01/07 09:47:29 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/07 09:47:28 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/07 09:47:28 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/07 09:47:28 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys.bak
[2014/01/07 09:47:28 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys.bak
[2014/01/07 09:47:28 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/07 09:47:28 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/07 09:47:27 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/07 09:47:27 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/07 09:47:27 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys.bak
[2014/01/07 09:47:26 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/07 09:47:26 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/07 09:47:26 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/07 09:47:26 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/07 09:47:25 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys.bak
[2014/01/07 09:47:25 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/07 09:47:25 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/07 09:47:24 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys.bak
[2014/01/07 09:47:24 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys.bak
[2014/01/07 09:47:24 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys.bak
[2014/01/07 09:47:24 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys.bak
[2014/01/07 09:47:23 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/07 09:47:23 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/07 09:47:23 | 000,041,752 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys.bak
[2014/01/07 09:47:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/07 09:47:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/07 09:47:22 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/07 09:47:22 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys.bak
[2014/01/07 09:47:22 | 000,046,208 | ---- | C] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\jraid.sys.bak
[2014/01/07 09:47:22 | 000,033,792 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys.bak
[2014/01/07 09:47:22 | 000,010,624 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrec.sys.bak
[2014/01/07 09:47:22 | 000,006,912 | ---- | C] (JMicron ) -- C:\WINDOWS\System32\drivers\JGOGO.sys.bak
[2014/01/07 09:47:21 | 000,102,912 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys.bak
[2014/01/07 09:47:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/07 09:47:21 | 000,031,360 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys.bak
[2014/01/07 09:47:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/07 09:47:20 | 000,145,920 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\Hdaudio.sys.bak
[2014/01/07 09:47:20 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/07 09:47:20 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/07 09:47:20 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/07 09:47:20 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys.bak
[2014/01/07 09:47:20 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/07 09:47:19 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/07 09:47:19 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/07 09:47:19 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/07 09:47:19 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/07 09:47:19 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/07 09:47:19 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/07 09:47:19 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/07 09:47:18 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/07 09:47:18 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys.bak
[2014/01/07 09:47:18 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys.bak
[2014/01/07 09:47:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/07 09:47:18 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys.bak
[2014/01/07 09:47:18 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys.bak
[2014/01/07 09:47:18 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/07 09:47:18 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys.bak
[2014/01/07 09:47:18 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys.bak
[2014/01/07 09:47:17 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys.bak
[2014/01/07 09:47:17 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys.bak
[2014/01/07 09:47:17 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys.bak
[2014/01/07 09:47:17 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys.bak
[2014/01/07 09:47:17 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys.bak
[2014/01/07 09:47:17 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys.bak
[2014/01/07 09:47:17 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys.bak
[2014/01/07 09:47:17 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys.bak
[2014/01/07 09:47:17 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys.bak
[2014/01/07 09:47:17 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys.bak
[2014/01/07 09:47:17 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys.bak
[2014/01/07 09:47:17 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys.bak
[2014/01/07 09:47:17 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys.bak
[2014/01/07 09:47:17 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys.bak
[2014/01/07 09:47:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys.bak
[2014/01/07 09:47:17 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys.bak
[2014/01/07 09:47:17 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys.bak
[2014/01/07 09:47:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/07 09:47:15 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys.bak
[2014/01/07 09:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2014/01/06 14:53:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/01/06 13:58:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/04 13:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lightspark 0.5.3-git
[2014/01/04 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lightspark 0.5.3-git
[2014/01/04 13:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\AmiExt
[2014/01/04 13:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.android
[2014/01/04 13:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2014/01/04 13:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2014/01/04 13:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\genienext
[2014/01/04 13:09:28 | 000,000,000 | ---D | C] -- C:\Support
[2014/01/04 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\PSupport
[2014/01/04 13:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1b7c4bdc24f077b6
[2014/01/04 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SaveClicker
[2014/01/04 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\AppData
[2014/01/04 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\SaveClicker
[2014/01/04 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
[2014/01/04 13:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\GreyGray
[2014/01/02 11:08:51 | 000,000,000 | ---D | C] -- C:\found.000
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/09 15:01:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BDF8CCFA-F06A-4B28-8B28-69C81205DA36}.job
[2014/01/09 15:00:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/09 14:52:19 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/01/09 14:52:14 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/01/09 14:51:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/09 14:51:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 14:51:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/09 14:39:07 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner (1).exe
[2014/01/09 14:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 09:08:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/09 06:34:46 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/01/08 11:31:43 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/08 10:43:15 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
[2014/01/08 10:42:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/08 10:24:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 10:12:50 | 005,160,001 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/01/07 09:47:34 | 000,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys.bak
[2014/01/07 09:47:34 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/07 09:47:33 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/07 09:47:33 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wmhqbh.sys.bak
[2014/01/07 09:47:33 | 000,035,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys.bak
[2014/01/07 09:47:33 | 000,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys.bak
[2014/01/07 09:47:33 | 000,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys.bak
[2014/01/07 09:47:33 | 000,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys.bak
[2014/01/07 09:47:33 | 000,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys.bak
[2014/01/07 09:47:33 | 000,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys.bak
[2014/01/07 09:47:33 | 000,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys.bak
[2014/01/07 09:47:32 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/07 09:47:32 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/07 09:47:32 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/07 09:47:32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/07 09:47:32 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/07 09:47:32 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/07 09:47:31 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/07 09:47:31 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/07 09:47:31 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/07 09:47:31 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/07 09:47:31 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/07 09:47:31 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/07 09:47:30 | 000,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys.bak
[2014/01/07 09:47:30 | 000,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys.bak
[2014/01/07 09:47:30 | 000,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys.bak
[2014/01/07 09:47:30 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/07 09:47:30 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/07 09:47:30 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/07 09:47:30 | 000,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys.bak
[2014/01/07 09:47:30 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys.bak
[2014/01/07 09:47:29 | 000,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys.bak
[2014/01/07 09:47:29 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/07 09:47:29 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys.bak
[2014/01/07 09:47:29 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/07 09:47:29 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys.bak
[2014/01/07 09:47:29 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/07 09:47:28 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/07 09:47:28 | 000,027,064 | ---- | M] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys.bak
[2014/01/07 09:47:28 | 000,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys.bak
[2014/01/07 09:47:28 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/07 09:47:28 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/07 09:47:27 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/07 09:47:27 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/07 09:47:27 | 000,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys.bak
[2014/01/07 09:47:26 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/07 09:47:26 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/07 09:47:26 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/07 09:47:26 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/07 09:47:25 | 000,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys.bak
[2014/01/07 09:47:25 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/07 09:47:25 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/07 09:47:24 | 001,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys.bak
[2014/01/07 09:47:24 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys.bak
[2014/01/07 09:47:24 | 000,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys.bak
[2014/01/07 09:47:24 | 000,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys.bak
[2014/01/07 09:47:23 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/07 09:47:23 | 000,069,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys.bak
[2014/01/07 09:47:23 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/07 09:47:23 | 000,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys.bak
[2014/01/07 09:47:23 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/07 09:47:23 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/07 09:47:22 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/07 09:47:22 | 000,046,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys.bak
[2014/01/07 09:47:22 | 000,046,208 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\jraid.sys.bak
[2014/01/07 09:47:22 | 000,033,792 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys.bak
[2014/01/07 09:47:22 | 000,010,624 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrec.sys.bak
[2014/01/07 09:47:22 | 000,006,912 | ---- | M] (JMicron ) -- C:\WINDOWS\System32\drivers\JGOGO.sys.bak
[2014/01/07 09:47:21 | 000,102,912 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys.bak
[2014/01/07 09:47:21 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/07 09:47:21 | 000,031,360 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys.bak
[2014/01/07 09:47:21 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/07 09:47:20 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\Hdaudio.sys.bak
[2014/01/07 09:47:20 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/07 09:47:20 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/07 09:47:20 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/07 09:47:20 | 000,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys.bak
[2014/01/07 09:47:20 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/07 09:47:19 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/07 09:47:19 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/07 09:47:19 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/07 09:47:19 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/07 09:47:19 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/07 09:47:19 | 000,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/07 09:47:19 | 000,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/07 09:47:18 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/07 09:47:18 | 000,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys.bak
[2014/01/07 09:47:18 | 000,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys.bak
[2014/01/07 09:47:18 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/07 09:47:18 | 000,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys.bak
[2014/01/07 09:47:18 | 000,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys.bak
[2014/01/07 09:47:18 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/07 09:47:18 | 000,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys.bak
[2014/01/07 09:47:18 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys.bak
[2014/01/07 09:47:17 | 000,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys.bak
[2014/01/07 09:47:17 | 000,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys.bak
[2014/01/07 09:47:17 | 000,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys.bak
[2014/01/07 09:47:17 | 000,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys.bak
[2014/01/07 09:47:17 | 000,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys.bak
[2014/01/07 09:47:17 | 000,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys.bak
[2014/01/07 09:47:17 | 000,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys.bak
[2014/01/07 09:47:17 | 000,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys.bak
[2014/01/07 09:47:17 | 000,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys.bak
[2014/01/07 09:47:17 | 000,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys.bak
[2014/01/07 09:47:17 | 000,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys.bak
[2014/01/07 09:47:17 | 000,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys.bak
[2014/01/07 09:47:17 | 000,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys.bak
[2014/01/07 09:47:17 | 000,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys.bak
[2014/01/07 09:47:17 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys.bak
[2014/01/07 09:47:17 | 000,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys.bak
[2014/01/07 09:47:17 | 000,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys.bak
[2014/01/07 09:47:16 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/07 09:47:16 | 000,010,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS.bak
[2014/01/07 09:47:16 | 000,005,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\ASACPI.sys.bak
[2014/01/07 09:47:15 | 000,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys.bak
[2014/01/07 09:36:48 | 003,810,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2014/01/06 14:53:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/01/04 13:12:09 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.jbs
[2014/01/04 13:11:46 | 000,000,070 | ---- | M] () -- C:\extensions.ini
[2014/01/04 13:11:46 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/01/04 13:09:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2013/12/20 14:05:35 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/12 10:33:07 | 003,667,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/12 03:18:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/12 02:00:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/12 02:00:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/09 14:39:23 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner (1).exe
[2014/01/08 10:24:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/01/08 10:24:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/01/08 10:21:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/01/08 10:21:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/08 10:21:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/08 10:21:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/08 10:21:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/07 09:47:33 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmhqbh.sys.bak
[2014/01/07 09:47:23 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys.bak
[2014/01/07 09:47:16 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS.bak
[2014/01/07 09:47:16 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys.bak
[2014/01/07 09:36:43 | 003,810,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2014/01/04 13:12:09 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.jbs
[2014/01/04 13:11:46 | 000,000,070 | ---- | C] () -- C:\extensions.ini
[2014/01/04 13:11:46 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2014/01/04 13:09:49 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/01/04 13:09:33 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
[2013/10/20 22:30:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmhqbh.sys
[2013/07/10 16:00:44 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/07/10 16:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/06/30 11:44:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/28 15:40:26 | 000,000,249 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/02/28 15:40:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/02/28 15:40:15 | 000,002,944 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/02/28 15:39:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/28 15:39:21 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/02/15 12:23:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/05 17:11:47 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\n9aSSiELykX6Rl
[2011/03/16 12:54:55 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2011/03/16 10:51:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2008/12/09 16:04:00 | 000,038,479 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2007/09/09 03:46:53 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2007/09/08 21:30:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/21 20:09:04 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/19 22:12:40 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2007/08/19 16:07:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/08/19 15:48:06 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html

========== ZeroAccess Check ==========

[2007/08/19 16:05:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/04/07 17:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2012/11/19 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/06/28 16:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2013/07/09 17:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2014/01/07 08:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Clip Art Collection
[2013/07/10 16:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ControlCenter4
[2008/01/08 11:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Datalayer
[2007/08/19 18:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fuji Xerox
[2007/09/09 12:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/05/01 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2014/01/07 09:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2009/01/26 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2009/03/23 12:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2014/01/08 09:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Adblock
[2010/06/15 10:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
[2008/08/11 10:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/08/22 17:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/11/18 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/04 13:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1b7c4bdc24f077b6
[2008/04/07 17:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/11/19 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/11/19 14:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/07/10 16:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2009/01/26 15:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/03/10 11:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2007/12/22 21:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2011/05/26 15:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/04/21 11:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2009/01/26 15:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/01/26 15:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/03/16 10:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2014/01/04 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SaveClicker
[2011/03/10 11:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/04/12 10:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/16 13:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 11:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 11:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/07 00:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 11:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 11:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 04:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 22:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 11:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 10:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 11:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 11:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 11:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 11:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 11:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 11:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 11:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 11:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 11:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 03:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 22:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/18 00:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 11:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 11:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 11:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 23:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 11:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 11:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 11:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 16:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 10:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 11:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 11:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 11:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 10:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 11:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 11:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 11:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 11:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 11:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 11:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 23:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 11:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 11:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 17:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2007/08/11 18:02:03 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/08/11 18:17:35 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2007/10/04 18:30:13 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BDF8CCFA-F06A-4B28-8B28-69C81205DA36}.job
[2010/02/05 08:45:38 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 08:45:39 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 18:22:05 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013/11/20 03:11:16 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Master boot
Volume Serial Number is 709B-9C83
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
11/10/2013 03:15 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
11/10/2013 03:15 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 21,279,502,336 bytes free

< MD5 for: RPCSS.DLL >
[2008/04/14 11:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/14 11:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2006/02/28 23:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2009/02/09 23:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 23:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 23:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 21:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/26 15:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/04/29 06:31:11 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=C8061F289E000703E7672916B7FE1571 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/26 15:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/29 06:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< End of report >
  • 0

#18
Dolly99
Posted 08 January 2014 - 10:06 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
adware log

# AdwCleaner v3.016 - Report created 09/01/2014 at 14:47:56
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - MASTER
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Registry Helper
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\Mobogenie
File Deleted : C:\Documents and Settings\All Users\Desktop\Registry Helper.lnk
File Deleted : C:\Documents and Settings\Administrator\Desktop\Mobogenie.lnk
File Deleted : C:\WINDOWS\Tasks\Re-markit Update.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iMesh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKLM\Software\iMesh MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v32.0.1700.72

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4207 octets] - [09/01/2014 14:45:55]
AdwCleaner[S0].txt - [4220 octets] - [09/01/2014 14:47:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4280 octets] ##########
  • 0

#19
Dolly99
Posted 08 January 2014 - 10:09 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I want able to run JTR with a right click. It ran itself when I opened it. Thanks for your patience with this problem
  • 0

#20
Essexboy
Posted 09 January 2014 - 07:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try one more run with OTL.. Once done could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (Re-markit) - {0e5c45b4-01f1-4819-b787-a8e762895782} - C:\Program Files\Re-markit\150.dll File not found
O2 - BHO: (GreyGray) - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files\GreyGray\GreyGrayBHO.dll (GreyGray)
O2 - BHO: (SaveClicker) - {B86C1ED6-6660-C7E9-0864-39A5C08BF570} - C:\Program Files\SaveClicker\mS2JqA.dll ()
O3 - HKU\S-1-5-21-1715567821-1220945662-725345543-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk = C:\Qoobox\Quarantine\C\Program Files\PricePeep\PricePeepUpdater.exe.vir ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
[2014/01/09 06:34:46 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/01/08 10:43:15 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
[2012/01/05 17:11:47 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\n9aSSiELykX6Rl
[2014/01/04 13:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1b7c4bdc24f077b6
[2014/01/04 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SaveClicker

:Files
C:\Program Files\GreyGray
C:\Program Files\Re-markit
C:\Program Files\SaveClicker
C\Program Files\PricePeep
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#21
Dolly99
Posted 09 January 2014 - 01:11 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
still won't let me run the fix. Freezes with pop up in bottom right "microsoft security" when I restarted I got an "overclocking" message I chose F2 to run default
  • 0

#22
Essexboy
Posted 09 January 2014 - 01:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will use combofix to clear the rest. On completion let me know of any apparent problems

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Program Files\GreyGray
C:\Program Files\Re-markit
C:\Program Files\SaveClicker
C\Program Files\PricePeep
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb

Driver::
Update GreyGray
Util GreyGray



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#23
Dolly99
Posted 09 January 2014 - 02:21 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OK here is the combo fix log. Price peeper tried to start up when the computer rebooted. It looks like all the pop up ads are gone. YAY. The fan on the computer is still running really hard, does this mean anything? Thanks for all your effort with this.

ComboFix 14-01-08.03 - Administrator 10/01/2014 6:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.201 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\xYoqiMY7G.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\hmwKQE9o.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\background.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\icon.png
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\manifest.json
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\GreyGray_iels
c:\program files\GreyGray
c:\program files\GreyGray\bin\plugins\GreyGray.FFUpdate.dll
c:\program files\GreyGray\bin\plugins\GreyGray.GCUpdate.dll
c:\program files\GreyGray\bin\plugins\GreyGray.IEUpdate.dll
c:\program files\GreyGray\bin\sqlite3.dll
c:\program files\GreyGray\bin\utilGreyGray.exe
c:\program files\GreyGray\bin\utilGreyGray.InstallState
c:\program files\GreyGray\GreyGray.ico
c:\program files\GreyGray\GreyGrayBHO.dll
c:\program files\GreyGray\GreyGrayUninstall.exe
c:\program files\GreyGray\nhogbcndagiknbfomjgdeghehkljalhi.crx
c:\program files\GreyGray\sqlite3.exe
c:\program files\GreyGray\updateGreyGray.exe
c:\program files\GreyGray\updateGreyGray.InstallState
c:\program files\SaveClicker
c:\program files\SaveClicker\mS2JqA.dat
c:\program files\SaveClicker\mS2JqA.dll
c:\program files\SaveClicker\mS2JqA.tlb
c:\program files\SaveClicker\mS2JqA.x64.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UPDATE_GREYGRAY
-------\Legacy_UTIL_GREYGRAY
-------\Service_Update GreyGray
-------\Service_Util GreyGray
.
.
((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))
.
.
2014-01-09 12:35 . 2014-01-09 12:35 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0B1372A-357B-4775-9164-B17CA3C23A8F}\offreg.dll
2014-01-09 12:33 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0B1372A-357B-4775-9164-B17CA3C23A8F}\mpengine.dll
2014-01-09 03:44 . 2014-01-09 03:48 -------- d-----w- C:\AdwCleaner
2014-01-08 19:42 . 2014-01-08 19:42 -------- d-----w- c:\windows\ERUNT
2014-01-08 13:30 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-07 23:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2014-01-07 23:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2014-01-06 02:58 . 2014-01-06 02:58 -------- d-----w- C:\_OTL
2014-01-04 02:11 . 2014-01-04 02:11 -------- d-----w- c:\program files\Lightspark 0.5.3-git
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\program files\AmiExt
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\.android
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\cache
2014-01-04 02:10 . 2014-01-06 22:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\newnext.me
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\genienext
2014-01-04 02:09 . 2014-01-07 23:34 -------- d-----w- C:\Support
2014-01-04 02:09 . 2014-01-07 23:34 -------- d-----w- c:\program files\PSupport
2014-01-04 02:08 . 2014-01-04 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\1b7c4bdc24f077b6
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SaveClicker
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\AppData
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Comodo
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\HelpAssistant
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Guest
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\ASPNET
2014-01-02 00:08 . 2014-01-02 00:08 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 22:47 . 2014-01-06 22:47 82688 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 76544 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 285952 ----a-w- c:\windows\system32\drivers\yk51x86.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak
2014-01-06 22:47 . 2014-01-06 22:47 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 54016 ----a-w- c:\windows\system32\drivers\wmhqbh.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 503008 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 35040 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 26240 ----a-w- c:\windows\system32\drivers\usbser.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS.bak
2014-01-06 22:47 . 2014-01-06 22:47 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 6784 ----a-w- c:\windows\system32\drivers\serscan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 62336 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 392960 ----a-w- c:\windows\system32\drivers\senfilt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-08-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-20 1953792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-20 868352]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Karen's Replicator.lnk - c:\program files\Karen's Power Tools\Replicator\PTReplicator.exe [2005-11-19 976608]
PricePeepUpdater.lnk - c:\qoobox\Quarantine\C\Program Files\PricePeep\PricePeepUpdater.exe.vir [2013-12-21 317720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-8-19 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [1782-1-19 10872]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [20/10/2013 10:16 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/10/2013 10:16 PM 701512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/07/2013 4:00 PM 266240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/10/2013 10:16 PM 22856]
S1 MpKslb7ebc604;MpKslb7ebc604;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0B1372A-357B-4775-9164-B17CA3C23A8F}\MpKslb7ebc604.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0B1372A-357B-4775-9164-B17CA3C23A8F}\MpKslb7ebc604.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/06/2011 9:52 AM 27064]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 00:31 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 15:00]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:45]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:45]
.
2014-01-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 04:01]
.
2014-01-09 c:\windows\Tasks\User_Feed_Synchronization-{BDF8CCFA-F06A-4B28-8B28-69C81205DA36}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: login.facebook.com
TCP: DhcpNameServer = 192.168.0.13
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B86C1ED6-6660-C7E9-0864-39A5C08BF570} - c:\program files\SaveClicker\mS2JqA.dll
AddRemove-83d3188e-5ecc-4bbf-bd05-ac87945e82e0 - c:\program files\Re-markit\Uninstall.exe
AddRemove-GreyGray - c:\program files\GreyGray\GreyGrayuninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-10 07:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1220945662-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,61,00,ae,7d,a5,2a,4a,ae,92,a7,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,61,00,ae,7d,a5,2a,4a,ae,92,a7,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2014-01-10 07:11:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-09 20:11
ComboFix2.txt 2014-01-07 23:48
.
Pre-Run: 21,213,261,824 bytes free
Post-Run: 21,216,829,440 bytes free
.
- - End Of File - - CBBE2BA93701B139B76993B5A37C2831
8F558EB6672622401DA993E1E865C861
  • 0

#24
Essexboy
Posted 09 January 2014 - 03:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can make this the final run

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\cache
c:\documents and settings\Administrator\Application Data\newnext.me
c:\documents and settings\Administrator\Local Settings\Application Data\genienext
C:\Support
c:\program files\PSupport
c:\documents and settings\All Users\Application Data\1b7c4bdc24f077b6
c:\documents and settings\All Users\Application Data\SaveClicker


File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
c:\qoobox\Quarantine\C\Program Files\PricePeep\PricePeepUpdater.exe.vir



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#25
Dolly99
Posted 09 January 2014 - 09:46 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Combo fix log

ComboFix 14-01-08.03 - Administrator 10/01/2014 14:37:13.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1161 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk"
"c:\qoobox\Quarantine\C\Program Files\PricePeep\PricePeepUpdater.exe.vir"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\newnext.me
c:\documents and settings\Administrator\Application Data\newnext.me\cache\spark.bin
c:\documents and settings\Administrator\Application Data\newnext.me\nengine.cookie
c:\documents and settings\Administrator\Application Data\newnext.me\nengine.dll
c:\documents and settings\Administrator\Local Settings\Application Data\cache
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\0\1tzc8v9p.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\0\21v5r9v0.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\0\2ajh80d0.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\0\2kolj8xp.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\0\3pff9xd0.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\26rb70ea.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\28cxfqoq.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\28u87ov1.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\2htydrk1.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\2s8we2l1.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\2y15i5dq.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\36r8cin1.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\9c5ngmwq.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\hdlcfcy1.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\1\zz6pk5p1.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\112pdw4r.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\17ob3rb2.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\1rgc9v3r.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\20t318q2.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\2l37yter.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\32yjtcx2.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\340n331r.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\3ptrm7s2.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\3sdofzpr.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\b0o0c88r.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\2\cr7ne5yb.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\1x3hpzbs.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\27ec5qxc.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\2i1mdjqs.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\3e3oq313.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\3qa9wuw3.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\mhgoxr4c.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\3\q3x5mjuc.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\1ass2k3t.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\1ibw2ept.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\1ohtdc64.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\1tygbult.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\1u4imsyt.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\2yz97zcd.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\3fejydq4.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\4\3qdxe8u4.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\13ttpxq5.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\1djsm1v5.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\1ekn4w55.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\1etsqkee.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\1kan2dc5.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\1wglxe85.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\26jk49bu.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\2l8a7eee.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\2wibu8h5.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\31up9p35.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\352cxu0u.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\39q12ze5.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\3auxirle.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\3d5yjnwe.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\3fz0czm5.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\3knajyau.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\6npis9iu.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\5\nvc7qz1u.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\1i9gsqp6.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\2v38v456.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\309o2rgf.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\33qouog6.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\3ec1gm4v.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\3sgudmyv.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\84tqudt6.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\c5qgqqcv.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\6\nzq8i4uf.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\1l5u41jg.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\28j2eks7.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\2bs28gjg.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\2c42d2hw.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\2e9sygow.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\369vwf77.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\3l7n9tcg.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\7\jxksezww.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\13gslus8.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\1cldrvqx.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\1nrxxith.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\1u3rukb8.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\1wb64egh.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\23q6bsnh.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\2o00rkoh.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\8\3qqtzc1h.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\1026jw4y.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\1833ecqy.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\1j681wxy.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\2dc60yli.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\2twyebii.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\dd4ij08i.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\kj3na9ni.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\9\xwqu1rn9.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\15yop5pz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\18pax6tz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\28rs8cgj.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\2iduv9jz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\3js548xz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\3kdfyp8j.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\3np2q0gz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\4tzhsucz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\a\tn96d5yz.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\b\24ech7ik.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\b\2683lelk.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\b\fj1bcemk.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\2kgrv1xm.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\2rjwcz0m.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\308q3hhm.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\30s45mrm.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\36855csm.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\3hmmcnwm.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\d\gp0j6bim.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\e\3u5l3win.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\e\9bnshwin.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\f\26gk0kgo.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\f\2ce1znlo.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\f\39nrp0ao.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\f\3j18m0po.d
c:\documents and settings\Administrator\Local Settings\Application Data\cache\data7\f\fj7qiq0o.d
c:\documents and settings\Administrator\Local Settings\Application Data\genienext
c:\documents and settings\Administrator\Local Settings\Application Data\genienext\nengine.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
c:\documents and settings\All Users\Application Data\1b7c4bdc24f077b6
c:\documents and settings\All Users\Application Data\1b7c4bdc24f077b6\{E96338DC-1468-4918-8EC2-8454BFFC5025}
c:\documents and settings\All Users\Application Data\1b7c4bdc24f077b6\{E96338DC-1468-4918-8EC2-8454BFFC5025}.old
c:\documents and settings\All Users\Application Data\SaveClicker
c:\documents and settings\All Users\Application Data\SaveClicker\YkEemqW.dat
c:\documents and settings\All Users\Application Data\SaveClicker\YkEemqW.exe
c:\program files\PSupport
C:\Support
c:\support\649636217.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))
.
.
2014-01-09 20:13 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3F2E353-FD4F-48C0-A659-82D3F694881C}\mpengine.dll
2014-01-09 03:44 . 2014-01-09 03:48 -------- d-----w- C:\AdwCleaner
2014-01-08 19:42 . 2014-01-08 19:42 -------- d-----w- c:\windows\ERUNT
2014-01-08 13:30 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-07 23:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2014-01-07 23:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2014-01-06 02:58 . 2014-01-06 02:58 -------- d-----w- C:\_OTL
2014-01-04 02:11 . 2014-01-04 02:11 -------- d-----w- c:\program files\Lightspark 0.5.3-git
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\program files\AmiExt
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\.android
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\AppData
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Comodo
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\HelpAssistant
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Guest
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\ASPNET
2014-01-02 00:08 . 2014-01-02 00:08 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 22:47 . 2014-01-06 22:47 82688 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 76544 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 285952 ----a-w- c:\windows\system32\drivers\yk51x86.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak
2014-01-06 22:47 . 2014-01-06 22:47 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 54016 ----a-w- c:\windows\system32\drivers\wmhqbh.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 503008 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 35040 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 26240 ----a-w- c:\windows\system32\drivers\usbser.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS.bak
2014-01-06 22:47 . 2014-01-06 22:47 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 6784 ----a-w- c:\windows\system32\drivers\serscan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 62336 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 392960 ----a-w- c:\windows\system32\drivers\senfilt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-08-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-20 1953792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-20 868352]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Karen's Replicator.lnk - c:\program files\Karen's Power Tools\Replicator\PTReplicator.exe [2005-11-19 976608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-8-19 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [1782-1-19 10872]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [20/10/2013 10:16 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/10/2013 10:16 PM 701512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/07/2013 4:00 PM 266240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/10/2013 10:16 PM 22856]
S1 MpKslb7ebc604;MpKslb7ebc604;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0B1372A-357B-4775-9164-B17CA3C23A8F}\MpKslb7ebc604.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0B1372A-357B-4775-9164-B17CA3C23A8F}\MpKslb7ebc604.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/06/2011 9:52 AM 27064]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 00:31 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 15:00]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:45]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:45]
.
2014-01-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 04:01]
.
2014-01-10 c:\windows\Tasks\User_Feed_Synchronization-{BDF8CCFA-F06A-4B28-8B28-69C81205DA36}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: login.facebook.com
TCP: DhcpNameServer = 192.168.0.13
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E96338DC-1468-4918-8EC2-8454BFFC5025} - c:\documents and settings\All Users\Application Data\SaveClicker\YkEemqW.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-10 14:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1220945662-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,61,00,ae,7d,a5,2a,4a,ae,92,a7,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,61,00,ae,7d,a5,2a,4a,ae,92,a7,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-01-10 14:44:56
ComboFix-quarantined-files.txt 2014-01-10 03:44
ComboFix2.txt 2014-01-09 20:11
ComboFix3.txt 2014-01-07 23:48
.
Pre-Run: 21,174,824,960 bytes free
Post-Run: 21,159,784,448 bytes free
.
- - End Of File - - 3AE392F7BB2F5A7466AE43AA87905923
8F558EB6672622401DA993E1E865C861
  • 0

Advertisements

#26
Dolly99
Posted 09 January 2014 - 10:12 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
MBAM log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MASTER [administrator]

10/01/2014 2:48:42 PM
mbam-log-2014-01-10 (14-48-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238283
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCU\Software\GreyGray (PUP.Optional.GreyGray.A) -> Quarantined and deleted successfully.
HKCU\Software\Re_markit (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\AmiExt\flash-Enhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\Software\GreyGray (PUP.Optional.GreyGray.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flash-Enhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{66B51873-B53D-42EC-BC1A-862EB4DB041D} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\Interface\{D01C1E11-ED7A-4791-8408-E63EECDA48FF} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\Program Files\AmiExt\flashEnhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ch (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\core (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\icons (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\icons\default (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\locale (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\defaults (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\defaults\preferences (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\core (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

Files Detected: 30
C:\Documents and Settings\Administrator\My Documents\Downloads\FlashPlayersetup__5047_i232159667_il3.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\uninstall.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\bootstrap.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome.manifest (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\install.rdf (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\preferencesWindow.xul (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\myext.xul (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\core\core.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\icons\default\star1_32.png (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\chback.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\chrome\content\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ff\defaults\preferences\myext.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\AmiStorage.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\core\core.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\chback.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files\AmiExt\flashEnhancer\ie\js\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

(end)
  • 0

#27
Essexboy
Posted 10 January 2014 - 06:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#28
Dolly99
Posted 10 January 2014 - 02:17 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Everything seems to be running smoothly. Thank you so much for all your help with this. Is there something more we need to do?
  • 0

#29
Essexboy
Posted 10 January 2014 - 02:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

:Commands
[CLEARALLRESTOREPOINTS] 
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image


Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#30
Dolly99
Posted 10 January 2014 - 03:13 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
YAY. Thank you for all your help and patience. You are a hero.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP