RockunRoll

Hard luck. Again and again, problem returns. My computer has went thru numerous forced shut downs that check disks ran a a couple of times. No way that I can allow this version 1.7 to continue to cause further damage to my computer. I already lodged a complaint email to support. Lets see what they revert.

Hi daledoc1, thank you for your intervention here. I d/l and installed afresh a copy of the pro version, rebooted without doing a quick launch as recommended. After powerup, in addition I check (marked) the protection settings which I had set up before this version, updated the database, did a quick scan, then a full scan. Now all seems working fine. But still the load up (power up) of my OS in my m/c still somewhat slower than before. Let me continue monitor, and if need to, resume additional postings here. Meanwhile I believe lets pend alerting your customer support.

Yes, as a pro version user I encountered problems. Very bad, unfinished product. Why do these people ripped us off with a poorly finished product? Dented my trust in them. I was prompted by a notification in my task tray to installed a new version - off it go while it was starting installation, it also auto removed the old one. I did not launch the s/w immediately after installation, proceeded to restart my m/c. Oops, got 'hanged' on the welcome screen, my m/c took ages to load win 7. Fed up I forced shut down, boot on safe mode which was ok. Checked the malware bytes found the version 1.7 alright. Unconvinced I reboot normal mode, oops again second time, the m/c took another ages to start up, at the welcome screen on my m/c, the small centre welcome circle icon, turn and turn and turn non-stop. I forced stop by unplugging mains, reboot via start windows normally, and then decided I need to remove the program. Surprisingly it failed, dialog came out saying 'files are corrupted, please get another copy..'. Left with no choice did another force shut via unplugging the mains, goot on safe mode, uninstall the program. Now I am at a COMPLETE loss, what to do next , as my machine has no anti malware program.

Right, Everything cleaned up, logs, lock stock and all. Ok so indeed I got this Win Command Processor. How did I possibly got this and what this bastard actually do ? Did you also happen to 'see' anything nasty or unwelcomed as well? Thanks for your many days of efforts and time expended. Most certainly I ll comment on the profle feed.

Sorry for not making myself understood. I am mindful now as you guys are out there tackling 10s of queries from infected folks so I need to be short sweet and sharp. " " And in particular as I mentioned earlier, how come in the tas manager window at the top left besides the process tab, I noticed the sentence, 'windows command processor is waiting for your instructions...' Can you take a screen shot of that and post it? " " - this one was a one-off occurence that I chanced upon. If it happen again, I ll show u the screen shot. " " OK, some questions for you because I don't understand all your questions: You're saying disk check runs every time the computer boots up? " " - after all those actions you instructed me to execute through in the last some days, now it does not happen anymore, hopefully still wont going forward. Initially it did with no ryhme or reason which is why set me to seek help from you guys. " " Quote what is the last op for not this mbam scan, the OTL one I don't understand what you mean here?? " " - I mean what is the OTL operation/scanning for - which I did wrong remember when I click on scan instead of run fix? " " Quote Secondly, is there any of those s/w's which you instructed me to d/l to use, can be kept for my own routine use once in a while if I just play safe to use them to clean anything, eg the Roguekiller, this OTL, the DDS? I don't understand this also. " " - I am referring to those various cleaning tools, checking tools that I had them saved on my desktop. Can I run them to do my own checking in future if needed, without assistance from you folks, especially those like I used it on my own, the TDSS? " " Quote And over to you, anything you like to leave me? Yes we have to do some cleanup. " " - Ok what clean up? Thanks.

I would need to observe more in the coming days to see how it behaves esp on the startup disk checks as compared to before (because I normally religiously follow a proper shut down routine in order to preserve my HD life span. So I see no good reason why when boot up the computer needs a disk check recently. And in particular as I mentioned earlier, how come in the tas manager window at the top left besides the process tab, I noticed the sentence, 'windows command processor is waiting for your instructions...' I do hope there's really nothing ultra-malicious lurking inside. I really do express my gratitude of your spending time, being patience, in engaging to help me over the last few days. I do feel guilty somewhat though thru no fault of mine to need to trouble people like you. Just through this episode, may I ask, 2 things, what is the last op for not this mbam scan, the OTL one? Secondly, is there any of those s/w's which you instructed me to d/l to use, can be kept for my own routine use once in a while if I just play safe to use them to clean anything, eg the Roguekiller, this OTL, the DDS? And over to you, anything you like to leave me? If this post is locked later say after the next few days, how am I going to inform you the computer us running? Thanks a bundle.

I did the quick scan fyi also disabling the eset.

Here's the quick scan done after updating the MBAM. Nothing on or related to the 'remove selected' friend. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.20.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Terence :: TERENCEHPENVY14 [administrator] Protection: Enabled 21-Jul-12 00:05:23 mbam-log-2012-07-21 (00-05-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202190 Time elapsed: 2 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ok, just to be sure again, when you said perform quick scan, is it the top one? Because below is the full scan, followed by flash scan. Please confirm. Then please elaborate 'remove selected', kindly explain more, thanks.

Ok here I am, and I believe this time I did it right - I disable my Eset Sec s/w both AV and F/w, I stopped the Win Defender and Win Firewall, all these. Another thing different I did was I click on the top link instead of the other one below, cut and paste the same thing I did earlier, clcik run fix, very sure. Next what happened the below progress bar ran left to right 2 cycles. Then reboot. After reboot, screen show 'publisher not verified, are you sure you want to run'? sure I clicked yes. This time again almost immediately the log came out, definitely contains much more info the earlier. Hope this time you can see what you need to see. Here it is: All processes killed ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Terence ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Terence ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 5651 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3960 bytes Session Manager Temp folder emptied: 6157159 bytes Session Manager Tmp folder emptied: 578760 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 39201 bytes Total Files Cleaned = 7.00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07202012_232001 Files\Folders moved on Reboot... G:\TEMP\{743D08FD-DA2B-484A-9364-BD354C5D3955}\fpb.tmp moved successfully. G:\TEMP\FXSAPIDebugLogFile.txt moved successfully. File\Folder G:\TEMP\~DFACACDE17901D64C1.TMP not found! File\Folder G:\TEMP\~DF8050FA2B02509AB1.TMP not found! File\Folder G:\TEMP\~DFEABDC1435C709FF0.TMP not found! File\Folder G:\TEMP\~DF1A4D63B05CA5A104.TMP not found! PendingFileRenameOperations files... File G:\TEMP\{743D08FD-DA2B-484A-9364-BD354C5D3955}\fpb.tmp not found! File G:\TEMP\FXSAPIDebugLogFile.txt not found! File G:\TEMP\~DFACACDE17901D64C1.TMP not found! File G:\TEMP\~DF8050FA2B02509AB1.TMP not found! File G:\TEMP\~DFEABDC1435C709FF0.TMP not found! File G:\TEMP\~DF1A4D63B05CA5A104.TMP not found! Registry entries deleted on Reboot... Cheers....

Re post due to something left out, sorry : Hello hello. I am back so soon as I thought it will take longer time as earlier because I wanted to run out for my dinner. Anyway., yeah I hit run fix after copy/paste what u told me. It did its job almost in an instant, yes in an instant, no scanning. I clicked yes to reboot and immediately after reboot even when the other start up programs yet to load, ..." screen appeared asking me to allow this program to run or not".... Upon clicking yes, it opened this where I cant save the texts because all the menu were greyed out. Here I copied and paste below: All processes killed Error: Unable to interpret <:Commands[EMPTYJAVA][emptytemp]> in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07202012_200922 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... You instructed this - ".... after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post." I followed exactly, but when *.log and press enter, nothing change, nothing happened..:-(

Hello hello. I am back so soon as I thought it will take longer time as earlier because I wanted to run out for my dinner. Anyway., yeah I hit run fix after copy/paste what u told me. It did its job almost in an instant, yes in an instant, no scanning. I clicked yes to reboot and immediately after reboot even when the other start up programs yet to load, it opened this where I cant save the texts because all the menu were greyed out. Here I copied and paste below: All processes killed Error: Unable to interpret <:Commands[EMPTYJAVA][emptytemp]> in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07202012_200922 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... You instructed this - ".... after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post." I followed exactly, but when *.log and press enter, nothing change, nothing happened..:-(

Oops did I (click scan instead of run fix)? Alright I do it again. Be back to repost in about 2-3 hours later.

Extras.Txt Hello. here's the second log, the Extras.

AS I mentioned I read sme postings on bleeping computer about this similar problem. I found what the helper was asking people to d/l the RKill. I managed to d/l one out of the 3 which was listed. It it useful? I am just wondering if I can click on it to do something I dont know what actually it will do to my computer, honestly. I wouldn't try and dare not to try. But just asking you for comments.

Hello. I d/l the renamed version, clicked began scan. It did not asked for reboot neither did it indicate "fix complete press ok to open the log". Instead upon scan finished straightway a note pad log opened and I cut and paste it here below, but there are 2 more items on the desktop created, one is a 'OTL' and the other is 'Extras'. Anything you want me to do with them? What are they? One more thing I wish to bring it up - yesterday I mentioned I did 3 cycles of shutdown/reboot one after another, there was no check disk run after booting up. BUT this morning there it came back, which I allowed the check disk run, and the process ran normally to bootup. The prompt came, WINDOWS COMMAND PROCESSOR was asking for permission, click YES or NO, which of course was a NO. I happened to read some fixing forums on the bleeping website, I read somewhere some chap was asking a 'infected' reader to do some check on his task manager. Well I did that out of curiousity AND found that at the application left top corner besides the process when I opened up the task manager, I noticed that the description, WINDOWS COMMAND PROCESSOR was waiting for my action yes or no, and I killed it by ending it. --------------------------------------------------------------- OTL logfile created on: 20-Jul-12 17:34:15 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Terence\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy 3.27 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.55% Memory free 6.54 Gb Paging File | 4.45 Gb Available in Paging File | 68.09% Paging File free Paging file location(s): c:\pagefile.sys 0 0g:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107.62 Gb Total Space | 33.40 Gb Free Space | 31.03% Space Free | Partition Type: NTFS Drive D: | 92.77 Gb Total Space | 78.78 Gb Free Space | 84.92% Space Free | Partition Type: NTFS Drive E: | 97.60 Gb Total Space | 87.05 Gb Free Space | 89.19% Space Free | Partition Type: NTFS Drive G: | 511.50 Mb Total Space | 495.23 Mb Free Space | 96.82% Space Free | Partition Type: FAT32 Drive I: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive J: | 465.04 Gb Total Space | 82.37 Gb Free Space | 17.71% Space Free | Partition Type: FAT32 Computer Name: TERENCEHPENVY14 | User Name: Terence | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-20 17:32:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Terence\Desktop\OTL.com PRC - [2012-07-20 14:03:01 | 000,238,544 | ---- | M] (Microsoft Corporation) -- C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-04-03 13:48:55 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012-03-30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2012-03-26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2011-11-07 16:10:27 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2011-09-01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-07-11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011-07-11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011-05-16 03:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2010-04-28 12:16:38 | 001,824,120 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe PRC - [2010-04-28 12:16:16 | 000,320,888 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe PRC - [2010-04-07 08:22:06 | 000,161,144 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe PRC - [2010-03-26 03:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2010-03-24 14:17:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010-03-24 14:17:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010-03-12 12:02:10 | 000,090,112 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe PRC - [2010-03-05 08:08:22 | 000,169,336 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe PRC - [2009-09-23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2006-11-23 17:12:30 | 000,851,968 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe PRC - [2006-01-18 09:59:20 | 000,200,704 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CPdeSrvU.exe ========== Modules (No Company Name) ========== MOD - [2012-06-13 13:14:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012-06-13 13:14:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012-05-10 11:15:30 | 000,452,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0830801d16df3b7dbcc67cd706639276\IAStorUtil.ni.dll MOD - [2012-05-09 21:12:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012-05-09 21:11:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012-05-09 21:11:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012-05-09 21:11:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012-05-09 21:11:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012-05-09 21:10:51 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011-04-15 09:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010-10-20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010-09-15 11:08:18 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll MOD - [2009-07-14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009-02-27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009-02-27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2006-11-23 17:12:30 | 000,851,968 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe MOD - [2006-10-19 09:27:06 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl MOD - [2006-01-18 09:59:22 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\PdeSrvps.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2011-08-12 07:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2011-05-13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010-09-09 18:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010-07-29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009-07-14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 09:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC) SRV:64bit: - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters) SRV - [2012-07-12 12:57:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-06-24 02:04:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service) SRV - [2012-03-30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2011-11-07 16:10:27 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-09-09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011-09-01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-07-11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010-04-28 12:17:02 | 000,359,288 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -- (BFBackupUtilityVSSService) SRV - [2010-04-28 12:16:16 | 000,320,888 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -- (BFBackupUtilityService) SRV - [2010-03-26 03:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010-03-24 14:17:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-12 12:02:10 | 000,090,112 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe -- (bufssvr) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-06-11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-09 09:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds) SRV - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters) SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012-06-30 18:10:03 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012-03-01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-08-09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2011-08-04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2011-08-04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2011-08-04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2011-08-04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:64bit: - [2011-07-23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011-07-13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011-05-13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011-05-13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011-03-11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-01-16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010-11-20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-17 20:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010-10-28 17:15:50 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010-09-09 18:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010-09-09 17:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010-08-24 21:19:40 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-07-28 18:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010-07-28 18:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010-07-20 13:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010-07-20 13:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010-07-20 13:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010-07-14 06:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010-06-25 20:01:04 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2010-05-06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010-03-24 13:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-03-10 10:30:28 | 000,047,232 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BFRD4G.sys -- (BFRD4G) DRV:64bit: - [2010-03-02 14:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010-02-27 07:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010-01-20 09:08:22 | 000,016,000 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bautpw64.sys -- (bautpw64) DRV:64bit: - [2010-01-18 10:14:06 | 000,020,608 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bftpusbx64.sys -- (bftpusbx64) DRV:64bit: - [2010-01-13 23:38:52 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010-01-12 09:14:44 | 000,067,712 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bftpdskc64.sys -- (bftpdskc64) DRV:64bit: - [2009-09-18 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009-07-14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 08:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009-06-11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006-01-19 02:01:00 | 000,027,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctpdusbx.sys -- (Jukebox3_x64) DRV - [2009-07-14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002-07-17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\..\SearchScopes,DefaultScope = {93EFB7EA-B500-4222-BB62-0BC8BE4D83FB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{93EFB7EA-B500-4222-BB62-0BC8BE4D83FB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{E6F645E7-25D3-43D0-A597-4D344D35FA5D}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.google.com/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terence\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terence\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011-11-08 13:14:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-08 23:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-11-08 13:14:37 | 000,000,000 | ---D | M] [2012-04-19 14:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terence\AppData\Roaming\Mozilla\Extensions [2012-04-19 15:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\mvldx5nf.default\extensions [2012-04-19 15:38:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\mvldx5nf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-04-19 15:40:49 | 000,060,970 | ---- | M] () (No name found) -- C:\USERS\TERENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVLDX5NF.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Terence\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Terence\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Terence\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Beautiful landscape = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\ CHR - Extension: WOT = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.3_0\ CHR - Extension: WOT = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\ CHR - Extension: YouTube = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Dictionary (by Google) = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\ CHR - Extension: Gmail = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-07-13 14:34:35 | 000,442,725 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15234 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [backup Utility TaskTray Tool] C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe (BUFFALO INC.) O4 - HKLM..\Run: [buffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe (BUFFALO INC.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [skyDrive] C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 165.21.100.88 165.21.83.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}: DhcpNameServer = 165.21.100.88 165.21.83.88 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-08 17:21:56 | 000,000,091 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011-06-25 13:44:22 | 000,000,016 | -H-- | M] () - J:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-20 17:32:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Terence\Desktop\OTL.com [2012-07-18 13:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-18 13:00:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-18 13:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-07-18 11:34:57 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Terence\Desktop\mbam-setup-1.62.0.1300.exe [2012-07-18 10:35:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012-07-18 10:27:42 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\41255614.sys [2012-07-18 10:22:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-07-18 00:26:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-07-18 00:26:26 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Local\temp [2012-07-17 23:52:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-07-17 23:52:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-07-17 23:52:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-07-17 23:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-17 23:40:23 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Terence\Desktop\ComboFix.exe [2012-07-16 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\Terence\Desktop\RK_Quarantine [2012-07-16 23:10:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Terence\Desktop\dds.scr [2012-07-16 14:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2012-07-15 23:14:06 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Roaming\SUPERAntiSpyware.com [2012-07-15 23:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012-07-15 23:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012-07-13 17:10:48 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Terence\Desktop\tdsskiller.exe [2012-07-13 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012-07-11 15:15:37 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-07-11 15:15:37 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-07-11 15:15:37 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-07-11 15:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012-07-11 13:40:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-07-11 13:40:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-07-11 13:40:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-07-11 13:40:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-07-11 13:40:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-07-11 13:40:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-07-11 13:40:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-07-11 13:40:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-07-11 13:40:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-07-11 13:40:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-07-11 13:40:40 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-07-11 13:40:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-07-11 13:40:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-07-11 12:31:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-11 12:31:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-11 12:31:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-11 12:31:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-11 12:31:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012-07-09 00:48:15 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Roaming\vlc [2012-07-09 00:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012-07-02 13:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012-07-02 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012-06-30 18:23:51 | 000,000,000 | R--D | C] -- C:\Users\Terence\SkyDrive [2012-06-30 18:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012-06-30 18:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2012-06-30 18:10:03 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012-06-30 18:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012-06-24 12:01:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012-06-24 12:01:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012-06-24 12:01:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012-06-24 12:01:07 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012-06-24 12:01:07 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012-06-24 12:01:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012-06-24 12:00:55 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012-06-24 12:00:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2011-11-09 14:05:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe [2011-11-08 23:34:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis204.exe ========== Files - Modified Within 30 Days ========== [2012-07-20 17:34:03 | 536,870,912 | -H-- | M] () -- C:\BFRD_000.dat [2012-07-20 17:32:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Terence\Desktop\OTL.com [2012-07-20 17:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-20 16:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-07-20 16:48:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563281658-2379863367-1239264620-1000UA.job [2012-07-20 16:26:08 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-20 16:26:08 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-20 16:18:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-20 16:18:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-20 16:18:18 | 2634,240,000 | -HS- | M] () -- C:\hiberfil.sys [2012-07-20 15:14:00 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5d51103b-71bd-4c11-8b8a-667ce1a600ec.job [2012-07-19 10:48:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563281658-2379863367-1239264620-1000Core.job [2012-07-18 13:00:06 | 000,001,137 | ---- | M] () -- C:\Users\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012-07-18 13:00:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-18 12:51:34 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTerence.job [2012-07-18 11:35:10 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Terence\Desktop\mbam-setup-1.62.0.1300.exe [2012-07-18 10:48:41 | 000,430,480 | ---- | M] () -- C:\Users\Terence\Desktop\TDSSpic2.jpg [2012-07-18 10:47:47 | 000,441,428 | ---- | M] () -- C:\Users\Terence\Desktop\TDSSpic1.jpg [2012-07-18 10:27:42 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\41255614.sys [2012-07-17 23:40:50 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Terence\Desktop\ComboFix.exe [2012-07-16 23:34:57 | 001,558,528 | ---- | M] () -- C:\Users\Terence\Desktop\RogueKiller.exe [2012-07-16 23:10:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Terence\Desktop\dds.scr [2012-07-16 14:05:04 | 000,002,097 | ---- | M] () -- C:\Users\Terence\Desktop\HiJackThis.lnk [2012-07-15 23:14:01 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012-07-13 17:11:20 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Terence\Desktop\tdsskiller.exe [2012-07-13 15:46:11 | 000,001,268 | ---- | M] () -- C:\Users\Terence\Desktop\Revo Uninstaller.lnk [2012-07-13 14:34:35 | 000,442,725 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-07-12 12:57:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-07-12 12:57:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-07-12 10:49:21 | 000,002,418 | ---- | M] () -- C:\Users\Terence\Desktop\Google Chrome.lnk [2012-07-11 13:53:21 | 005,072,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-07-11 11:39:47 | 000,843,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-07-11 11:39:47 | 000,709,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-07-11 11:39:47 | 000,144,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-10 00:01:30 | 014,069,983 | ---- | M] () -- C:\Users\Terence\Documents\I will always love you live 1994 - Whitney Houston (subtítulos en español)_12.mp4 [2012-07-09 00:40:44 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012-07-09 00:01:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTERENCEHPENVY14$.job [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-02 13:51:10 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk [2012-07-02 12:18:38 | 000,001,978 | ---- | M] () -- C:\Users\Terence\Documents\cc_20120702_121753.reg [2012-06-30 18:10:05 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2012-06-30 18:10:03 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012-06-22 16:31:28 | 000,442,125 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120713-143435.backup ========== Files Created - No Company Name ========== [2012-07-18 13:00:06 | 000,001,137 | ---- | C] () -- C:\Users\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012-07-18 13:00:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-18 11:58:00 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTerence.job [2012-07-18 10:48:40 | 000,430,480 | ---- | C] () -- C:\Users\Terence\Desktop\TDSSpic2.jpg [2012-07-18 10:47:47 | 000,441,428 | ---- | C] () -- C:\Users\Terence\Desktop\TDSSpic1.jpg [2012-07-18 00:44:35 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5d51103b-71bd-4c11-8b8a-667ce1a600ec.job [2012-07-17 23:52:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-07-17 23:52:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-07-17 23:52:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-07-17 23:52:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-07-17 23:52:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-07-16 23:34:57 | 001,558,528 | ---- | C] () -- C:\Users\Terence\Desktop\RogueKiller.exe [2012-07-15 23:14:01 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012-07-10 00:01:28 | 014,069,983 | ---- | C] () -- C:\Users\Terence\Documents\I will always love you live 1994 - Whitney Houston (subtítulos en español)_12.mp4 [2012-07-09 00:40:44 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012-07-02 13:51:10 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk [2012-07-02 12:17:56 | 000,001,978 | ---- | C] () -- C:\Users\Terence\Documents\cc_20120702_121753.reg [2012-06-30 18:23:50 | 000,002,173 | ---- | C] () -- C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2012-06-30 18:10:05 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2012-05-13 12:59:11 | 000,009,849 | R--- | C] () -- C:\Windows\UN090430.INI [2012-04-18 00:06:09 | 000,001,406 | ---- | C] () -- C:\Users\Terence\gsview32.ini [2012-03-31 16:59:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\PdeSrvps.dll [2012-03-31 16:44:22 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE [2012-02-20 14:47:26 | 000,006,144 | ---- | C] () -- C:\Users\Terence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-02-08 11:36:30 | 000,035,000 | ---- | C] () -- C:\Users\Terence\AppData\Roaming\Comma Separated Values (Windows).ADR [2012-01-23 11:37:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012-01-23 11:37:13 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012-01-23 11:37:13 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012-01-23 11:37:13 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012-01-23 11:37:13 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012-01-23 11:37:13 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012-01-23 11:37:13 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012-01-23 11:37:13 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012-01-23 11:37:13 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012-01-23 11:37:13 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012-01-23 11:37:13 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012-01-23 11:37:13 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012-01-23 11:37:13 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012-01-23 11:37:13 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012-01-23 11:37:13 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012-01-23 11:37:13 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012-01-23 11:37:13 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012-01-23 11:37:13 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012-01-23 11:37:13 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011-12-11 21:02:37 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-12-11 21:02:36 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-12-11 21:02:36 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe [2011-12-04 23:24:15 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011-11-13 20:45:01 | 000,011,544 | ---- | C] () -- C:\Users\Terence\gsview64.ini [2011-11-07 20:47:01 | 000,000,017 | ---- | C] () -- C:\Users\Terence\AppData\Local\resmon.resmoncfg [2011-11-07 19:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-11-07 14:20:42 | 000,830,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-11-07 13:20:07 | 000,012,542 | R--- | C] () -- C:\Windows\UN080616.INI [2011-11-07 13:12:54 | 000,016,109 | R--- | C] () -- C:\Windows\UN091222.INI [2011-11-07 13:12:51 | 000,012,448 | R--- | C] () -- C:\Windows\UN091114.INI [2011-11-07 13:12:48 | 000,030,592 | R--- | C] () -- C:\Windows\UN091111.INI [2011-11-07 13:12:45 | 000,012,170 | R--- | C] () -- C:\Windows\UN091201.INI [2011-11-07 00:14:30 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010-09-15 11:08:18 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll [2010-07-28 18:08:44 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010-07-28 18:08:42 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010-07-28 18:08:40 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010-07-28 17:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010-07-28 17:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll ========== Custom Scans ========== < :Commands[EMPTYJAVA][emptytemp > ========== Files - Unicode (All) ========== [2012-03-27 12:09:46 | 000,015,760 | ---- | M] ()(C:\Users\Terence\Documents\Ah Sun learn from ??.docx) -- C:\Users\Terence\Documents\Ah Sun learn from 孟子.docx [2012-03-27 12:07:46 | 000,015,760 | ---- | C] ()(C:\Users\Terence\Documents\Ah Sun learn from ??.docx) -- C:\Users\Terence\Documents\Ah Sun learn from 孟子.docx [2012-03-25 00:56:23 | 000,013,476 | ---- | M] ()(C:\Users\Terence\Documents\????????????.docx) -- C:\Users\Terence\Documents\为你的难过而快乐的是敌人.docx [2012-03-25 00:56:22 | 000,013,476 | ---- | C] ()(C:\Users\Terence\Documents\????????????.docx) -- C:\Users\Terence\Documents\为你的难过而快乐的是敌人.docx < End of report >

Ok. Tomorrow I ll do it and post accordingly. Thanks.

I ran 3 cycles of shut down/restart, and apparently now all is normal and well. I just like to emphasise a little, please bear with me what I mean which aroused my suspicions. Attached 2 print scrn shots for you understanding. But I still take issue with the TFC cleaner because after cleaning it still does not auto reboot when I X off which means according to indication on the screen, the temp files still remain, am I right? Please comment om this, thanks.

Hello there again. I thought I posted out a reply half a day ago - and is not reflected in our forum here. I mentioned that my computer is still behaving the same way before I seek help here, which are 2 things that worried me, the check disk running and instead of seeing lines of fast moving scripts texts which are still clearly readable tho fast, the check disks is running in an unusual way, the alphabets of each line of script texts are overlapping one another. In addition, these lines of script texts do not run across the left to right of the screen, they onlyc occupied half of the screen length and about 2 thirds top to bottom. This behaviour I interpret as possible malware doing their work. 2nd it is the TFC, after clearing all temp files, it did not reboot auto when supposed to. And unusually next happen is the open up of the library folder each time after so called clearing of all temp files. So why do all these happen basing on what you have looked so far?

Got cha before I saw your reply instructions.

Hope I am succeesful in attaching the first TDSS log here: TDSSKiller.2.7.45.0_16.07.2012_10.19.09_log.txt This is the 2nd one: TDSSKiller.2.7.46.0_18.07.2012_10.27.41_log.txt

The web page said the post is too long for the first TDSS log, so I am breaking into 2 , hope I can do it right.

Please let me know if u wanted me to do a cut and paste job to post the 2 TDSS logs? or attach the 2 log files as attachment, but how? Sorry for a bit of amateur questions.

Oops sorry again - feel i ought to inform you when I select all as you said when starting to do the MBAM scan, this click remove selected did not happen. I didnt see anything that asked me to click anything sir.