Ok. Here we go.... Step 3: mbar-log-2013-10-27 (07-14-30).txtsystem-log.txt Step 4: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Microsoft Windows XP x86 Ran by Owner on Sun 10/27/2013 at 9:22:52.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3316068 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{094E8DB5-3F6D-4FD2-8EB4-D7AE8444D2DF} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\big fish games" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\defaulttab" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\strongvault" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\apn" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\big fish" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\updater19962" Successfully deleted: [Folder] "C:\Program Files\domaiq uninstaller" Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\user.js Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\addon@defaulttab.com.xpi Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\searchplugins\sweetim.xml Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{650eed71-89e2-453b-8dcf-2aa1b4ae6ef3}" Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\fctb Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd.com Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\prefs.js user_pref("CT3286042.smartbar.homepage", "true"); user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search"); user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search"); user_pref("smartbar.addressBarOwnerCTID", "CT3286042"); user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042"); user_pref("smartbar.homePageOwnerCTID", "CT3286042"); Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\minidumps [8 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 10/27/2013 at 11:13:29.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 5: # AdwCleaner v3.010 - Report created 27/10/2013 at 11:56:38 # Updated 20/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - (Owner) # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater17.0.12 ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze Folder Deleted : C:\Program Files\WinZipper Folder Deleted : C:\Program Files\Common Files\337 Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WordLayers Folder Deleted : C:\Documents and Settings\Owner\Application Data\WinZipper Folder Deleted : C:\Documents and Settings\Owner\Application Data\Alawar Stargaze Folder Deleted : C:\Documents and Settings\Owner\My Documents\PC Health Kit Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3289663 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3316068 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3294791 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3286042 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48} Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e} Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKCU\Toolbar Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Key Deleted : HKCU\Software\InstalledThirdPartyPrograms Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\InstalledThirdPartyPrograms Key Deleted : HKLM\Software\LinkSwift Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\V9 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\prefs.js ] ************************* AdwCleaner[R0].txt - [10287 octets] - [27/10/2013 11:33:02] AdwCleaner[s0].txt - [10441 octets] - [27/10/2013 11:56:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10502 octets] ########## Step 6: C:\Documents and Settings\Owner\My Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames(1).exe a variant of Win32/Adware.Gamevance.DD application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames.exe a variant of Win32/Adware.Gamevance.DD application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(1).exe Win32/OpenCandy application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(2).exe Win32/OpenCandy application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Documents and Settings\Owner\My Documents\Downloads\slot-machine.exe a variant of Win32/InstallCore.AL application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc1.exe Win32/InstallCore.EA application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc3.exe Win32/DownloadAdmin.G application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc4.exe Win32/DownloadAdmin.G application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc5.exe Win32/DownloadAdmin.G application Step 7: Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013 Ran by Owner (administrator) on Owner on 27-10-2013 16:40:54 Running from C:\Documents and Settings\Owner\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe (iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Microsoft Corporation) C:\windows\eHome\ehmsas.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [1392640 2006-11-01] (Dell Inc.) HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [intelZeroConfig] - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation) HKLM\...\Run: [intelWireless] - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [1101824 2007-10-08] (Intel Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-10-05] (RealNetworks, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [DW6] - "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" MountPoints2: {f7ddcb5e-0dc8-11e3-b0c3-0015c5bfd63b} - E:\LGAutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {7f3f960e-a836-45ca-8911-0accb522246e} - No File URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name - {7f3f960e-a836-45ca-8911-0accb522246e} - No File BHO: PETN - {9D580032-6BF3-4E7D-9A9F-C6928C6EF8DF} - C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork\petn.dll No File BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 Tcpip\..\Interfaces\{D80D2809-EEB1-4CC4-BEDF-2D45553049F0}: [NameServer]75.75.75.75,75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\inbox-search.xml FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\TelevisionFanatic.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\jzkenlkaloil@kctewplunsmgzuca.org FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Flashblock - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF Extension: firefox-hotfix - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\firefox-hotfix@mozilla.org.xpi FF Extension: restartless.restart - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\restartless.restart@erikvold.com.xpi FF Extension: aios - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\jzkenlkaloil@kctewplunsmgzuca.org FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 N360; C:\Program Files\Norton Security Suite\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation) R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.) R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-29] (iWin Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation) S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) S2 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" S2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-05-26] (Cisco Systems, Inc.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.) R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies) R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-10-18] (Symantec Corporation) R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131025.001\IDSxpx86.sys [380824 2013-10-17] (Symantec Corporation) R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVENG.SYS [93272 2013-10-18] (Symantec Corporation) R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVEX15.SYS [1612376 2013-10-18] (Symantec Corporation) R3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation) R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-04-24] (The OpenVPN Project) S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog32.sys [x] S3 catchme; \??\C:\DOCUME~1\DIANES~1\LOCALS~1\Temp\catchme.sys [x] S4 IntelIde; No ImagePath S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [x] S3 NETw3x32; system32\DRIVERS\NETw3x32.sys [x] S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 UIUSys; system32\drivers\UIUSys.sys [x] S3 w39n51; system32\DRIVERS\w39n51.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST 2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET 2013-10-27 11:32 - 2013-10-27 11:58 - 00000000 ____D C:\AdwCleaner 2013-10-27 11:31 - 2013-10-27 06:34 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe 2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT 2013-10-27 09:16 - 2013-10-27 06:30 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe 2013-10-27 07:14 - 2013-10-27 08:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-27 07:00 - 2013-10-27 07:01 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-10-27 06:59 - 2013-10-27 12:04 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar 2013-10-27 06:59 - 2013-10-27 06:27 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe 2013-10-26 04:31 - 2013-10-26 05:03 - 00000000 ___SD C:\ComboFix 2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox 2013-10-26 04:31 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe 2013-10-26 04:31 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe 2013-10-26 04:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe 2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt 2013-10-26 04:26 - 2013-10-26 04:24 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe 2013-10-26 02:42 - 2013-10-26 02:49 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log 2013-10-25 10:27 - 2013-10-27 13:58 - 00008222 _____ C:\windows\setupapi.log 2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt 2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC 2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache 2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-22 18:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-10-22 18:30 - 2013-08-08 03:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\All Users\Documents\mbam-setup-1.75.0.1300.exe 2013-10-22 05:04 - 2013-10-22 10:19 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-19 17:20 - 2013-10-19 17:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330 2013-10-19 16:52 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver 2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk 2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-19 01:05 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-10-19 01:05 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-19 01:05 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-19 01:05 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-19 01:05 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl 2013-10-19 01:03 - 2013-10-19 01:05 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log 2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap 2013-10-12 08:02 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! 2013-10-12 08:01 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo! 2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk 2013-10-10 06:48 - 2013-10-11 02:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache 2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar 2013-10-10 03:09 - 2013-10-10 03:10 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache 2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache 2013-10-09 03:31 - 2013-10-09 03:32 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$ 2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$ 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$ 2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$ 2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$ 2013-10-09 02:02 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\windows\system32\dllcache\hidparse.sys 2013-10-09 02:01 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbvideo.sys 2013-10-09 02:01 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbaudio.sys 2013-10-09 02:01 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\windows\system32\dllcache\irbus.sys 2013-10-09 02:00 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbccgp.sys 2013-10-09 02:00 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbd.sys 2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531} 2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar 2013-10-06 09:19 - 2013-10-06 09:17 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys 2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks 2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks 2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-10-05 04:29 - 2013-10-27 12:04 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-09-30 22:35 - 2013-10-22 10:17 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak ==================== One Month Modified Files and Folders ======= 2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST 2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2013-10-27 16:36 - 2012-03-31 05:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET 2013-10-27 13:58 - 2013-10-25 10:27 - 00008222 _____ C:\windows\setupapi.log 2013-10-27 12:11 - 2012-03-08 21:30 - 00007680 ___SH C:\windows\Thumbs.db 2013-10-27 12:05 - 2012-03-08 21:39 - 00000292 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-27 12:05 - 2012-03-08 11:36 - 01439697 _____ C:\windows\WindowsUpdate.log 2013-10-27 12:04 - 2013-10-27 06:59 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar 2013-10-27 12:04 - 2013-10-05 04:29 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-27 12:04 - 2012-03-08 11:33 - 00000000 ____D C:\windows\Registration 2013-10-27 12:03 - 2012-03-08 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-10-27 12:03 - 2012-03-08 06:25 - 00000159 _____ C:\windows\wiadebug.log 2013-10-27 12:03 - 2012-03-08 06:25 - 00000050 _____ C:\windows\wiaservc.log 2013-10-27 12:00 - 2012-03-08 12:13 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini 2013-10-27 12:00 - 2012-03-08 12:08 - 00032652 _____ C:\windows\SchedLgU.Txt 2013-10-27 11:58 - 2013-10-27 11:32 - 00000000 ____D C:\AdwCleaner 2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT 2013-10-27 08:51 - 2013-10-27 07:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-27 07:01 - 2013-10-27 07:00 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-10-27 06:34 - 2013-10-27 11:31 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe 2013-10-27 06:30 - 2013-10-27 09:16 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe 2013-10-27 06:27 - 2013-10-27 06:59 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe 2013-10-27 06:27 - 2004-08-10 07:00 - 00002206 _____ C:\windows\system32\wpa.dbl 2013-10-26 05:49 - 2013-07-03 14:56 - 00644806 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-261478967-839522115-1003-0.dat 2013-10-26 05:49 - 2013-07-01 12:02 - 00096322 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2013-10-26 05:24 - 2012-03-08 11:34 - 00000000 ____D C:\windows\system32\Restore 2013-10-26 05:03 - 2013-10-26 04:31 - 00000000 ___SD C:\ComboFix 2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox 2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt 2013-10-26 04:24 - 2013-10-26 04:26 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe 2013-10-26 04:21 - 2012-03-08 21:39 - 00000300 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-26 02:49 - 2013-10-26 02:42 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log 2013-10-25 12:10 - 2012-03-09 15:53 - 00015120 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-10-25 10:57 - 2012-03-08 06:21 - 00099848 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt 2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC 2013-10-24 00:03 - 2012-09-17 01:51 - 00000000 ____D C:\Program Files\Google 2013-10-24 00:02 - 2012-09-17 01:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2013-10-23 23:47 - 2012-03-08 13:10 - 00001324 _____ C:\windows\system32\d3d9caps.dat 2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache 2013-10-23 23:44 - 2012-03-08 12:13 - 00000000 ____D C:\Documents and Settings\Owner 2013-10-23 03:17 - 2013-02-18 22:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-10-22 22:21 - 2012-03-08 20:16 - 00000000 __HDC C:\windows\$NtUninstallKB979309$ 2013-10-22 20:47 - 2013-04-11 03:02 - 00000000 __HDC C:\windows\$NtUninstallKB2813345$ 2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-22 18:18 - 2013-01-19 04:39 - 00000000 ____D C:\Program Files\Pogo Games 2013-10-22 18:18 - 2012-05-28 10:48 - 00000000 ____D C:\Program Files\Slingo Supreme 2 2013-10-22 18:18 - 2012-03-08 22:40 - 00000000 ____D C:\Program Files\Xvid 2013-10-22 18:18 - 2012-03-08 12:21 - 00000000 ____D C:\Program Files\RGB 2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\GemMaster 2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\ESPNMotion 2013-10-22 18:18 - 2012-03-08 11:29 - 00000000 ____D C:\Program Files\Messenger 2013-10-22 17:26 - 2013-10-19 16:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver 2013-10-22 17:26 - 2013-10-12 08:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! 2013-10-22 17:26 - 2013-10-12 08:01 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo! 2013-10-22 17:02 - 2012-04-26 06:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-22 10:19 - 2013-10-22 05:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-22 10:17 - 2013-09-30 22:35 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak 2013-10-21 15:56 - 2012-12-22 05:37 - 00000300 _____ C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-21 04:08 - 2012-03-08 22:19 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc 2013-10-21 03:37 - 2012-03-08 21:29 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2013-10-21 03:37 - 2012-03-08 21:29 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2013-10-19 17:35 - 2012-03-08 11:33 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games 2013-10-19 17:21 - 2013-10-19 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330 2013-10-19 17:16 - 2012-09-05 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2013-10-19 17:15 - 2012-03-31 05:01 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-10-19 17:15 - 2012-03-08 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-19 02:40 - 2012-08-09 02:00 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Elephant Games 2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk 2013-10-19 01:47 - 2012-03-08 06:11 - 00000000 ____D C:\windows\Resources 2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-19 01:05 - 2013-10-19 01:03 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log 2013-10-19 01:05 - 2013-06-24 07:21 - 00000000 ____D C:\Program Files\Java 2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap 2013-10-13 10:09 - 2012-03-08 11:32 - 00000000 ____D C:\windows\Microsoft.NET 2013-10-13 04:08 - 2013-04-24 22:12 - 00000884 __RSH C:\Documents and Settings\Owner\ntuser.pol 2013-10-12 08:52 - 2013-04-26 20:05 - 00001657 _____ C:\windows\system32\InstallUtil.InstallLog 2013-10-11 02:51 - 2013-10-10 06:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache 2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk 2013-10-10 06:51 - 2012-04-25 13:47 - 00001584 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk 2013-10-10 06:51 - 2012-04-25 13:46 - 00000000 ____D C:\Program Files\bfgclient 2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar 2013-10-10 03:10 - 2013-10-10 03:09 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache 2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache 2013-10-09 03:54 - 2012-03-08 23:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 03:49 - 2012-03-08 06:22 - 00602538 _____ C:\windows\system32\PerfStringBackup.INI 2013-10-09 03:32 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$ 2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$ 2013-10-09 03:28 - 2013-07-15 12:12 - 00000000 ____D C:\windows\system32\MRT 2013-10-09 03:16 - 2012-03-08 20:30 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-10-09 03:15 - 2012-03-08 23:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$ 2013-10-09 03:10 - 2012-03-08 20:46 - 00000000 ____D C:\windows\ie8updates 2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$ 2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$ 2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531} 2013-10-08 07:50 - 2013-10-19 01:05 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-10-08 07:46 - 2013-10-19 01:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-08 07:46 - 2013-10-19 01:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-08 07:46 - 2013-10-19 01:05 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-08 07:29 - 2013-10-19 01:05 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl 2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar 2013-10-06 09:17 - 2013-10-06 09:19 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys 2013-10-06 04:38 - 2012-03-08 12:47 - 00048640 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks 2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks 2013-10-05 14:29 - 2012-12-22 05:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks 2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-10-05 14:27 - 2012-12-22 05:29 - 00201872 _____ (RealNetworks, Inc.) C:\windows\system32\rmoc3260.dll 2013-10-05 14:27 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real 2013-10-05 14:26 - 2012-12-22 05:28 - 00272896 _____ (Progressive Networks) C:\windows\system32\pncrt.dll 2013-10-05 14:26 - 2012-12-22 05:28 - 00006656 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5016.dll 2013-10-05 14:26 - 2012-12-22 05:28 - 00005632 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5032.dll 2013-10-05 05:01 - 2013-07-12 19:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe 2013-10-05 04:41 - 2012-03-09 00:39 - 00000000 ____D C:\GameHouse Games 2013-10-05 04:40 - 2012-03-09 00:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse 2013-10-05 04:40 - 2012-03-09 00:39 - 00000000 ____D C:\Program Files\RealArcade 2013-09-30 06:40 - 2012-04-01 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\dvdcss 2013-09-28 05:58 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Real Some content of TEMP: ==================== C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================