Jump to content

Ukash Virus won't let me start in safe mode - need help!


Recommended Posts

Hiya,

I'm not entirely sure how I got this virus but it almost scared the life out of me. I have gone through the phase of screaming and bashing the keys on the computer to no avail with just a white screen or if connected to the internet a screen showing the a fake metropolitan police page. I have now calmed down and am trying to sensibly get rid of this virus but being a girl who tends to break most computers she touches... I haven't got a clue!

I saw another topic on this virus from the 19th January with someone who had the same problem as me and gringo_pr replied and I followed the steps of downloading Farbar Recovery onto a flashdrive and used the scan tool but now I am stuck to what to do. Can someone please help me with this, preferably as soon as possible???

Thank You,

Charly

Link to post
Share on other sites

Here's how it goes....

  1. Please download Farbar Recovery Scan Tool and save it to a flash drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Plug the flash drive into the infected PC.
  2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
    If you are using Vista or Windows 7 enter System Recovery Options.
    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

[*]On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
      Select Command Prompt
      Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Link to post
Share on other sites

This is the log I got from the Farbar Recovery Scan Tool:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02

Ran by SYSTEM at 26-01-2013 21:12:37

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [21705296 2010-10-25] ()

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-16] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-06-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1101488 2013-01-22] ()

HKU\Charlotte\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-22] (Google Inc.)

HKU\Charlotte\...\Policies\system: [DisableLockWorkstation] 0

HKU\Charlotte\...\Policies\system: [DisableChangePassword] 0

HKU\Charlotte\...\Winlogon: [shell] explorer.exe,C:\Users\Charlotte\AppData\Roaming\skype.dat [43008 2011-11-16] ()

HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

Tcpip\Parameters: [DhcpNameServer] 129.234.4.13 129.234.4.9

Startup: C:\Users\Charlotte\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

2 vToolbarUpdater14.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [945328 2013-01-22] ()

3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)

0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)

0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [37720 2013-01-22] (AVG Technologies)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-26 10:25 - 2013-01-26 12:01 - 00000004 ____A C:\Users\Charlotte\AppData\Roaming\skype.ini

2013-01-25 03:33 - 2013-01-25 10:39 - 00075776 ___AH C:\Users\Charlotte\AppData\Roaming\rbqt450.DLL

2013-01-25 03:33 - 2013-01-25 10:39 - 00064512 ___AH C:\Users\Charlotte\AppData\Roaming\rbap450.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00054272 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQTImporterPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00053760 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPicturePlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00052224 ___AH C:\Users\Charlotte\AppData\Roaming\EHZComp.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00051712 ___AH C:\Users\Charlotte\AppData\Roaming\MBSWinPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00049664 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQuickTimePlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00048128 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00041984 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMainPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00041472 ___AH C:\Users\Charlotte\AppData\Roaming\RBShell400.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00037376 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPictureMacPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistryPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSFolderitemsCreatePlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00033280 ___AH C:\Users\Charlotte\AppData\Roaming\MBSEncryptPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSProcessPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSIconPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRectPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMemoryPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00028672 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMacOSXPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00026624 ___AH C:\Users\Charlotte\AppData\Roaming\MBSUsernamePlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResStreamPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistrationPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00025088 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPluginVersionPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00019968 ___AH C:\Users\Charlotte\AppData\Roaming\EHMD5.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00018432 ___AH C:\Users\Charlotte\AppData\Roaming\EHEncrypt.dll

2013-01-23 14:51 - 2013-01-24 00:58 - 00000000 ____D C:\Program Files (x86)\VaudiX

2013-01-23 14:51 - 2013-01-23 15:18 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-01-23 14:51 - 2013-01-23 14:51 - 00000000 ____D C:\Users\All Users\CLSoft LTD

2013-01-23 14:50 - 2013-01-24 00:58 - 00000000 ____D C:\Program Files (x86)\WebSearch

2013-01-23 14:50 - 2013-01-23 14:55 - 00000000 ____D C:\Users\All Users\Vaudix

2013-01-23 14:50 - 2013-01-23 14:54 - 00000000 ____D C:\Users\All Users\Search-NewTab

2013-01-22 14:39 - 2013-01-26 11:58 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2013-01-18 15:20 - 2013-01-18 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-01-15 02:13 - 2013-01-04 10:51 - 09376256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-01-15 02:13 - 2013-01-04 10:11 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-01-14 04:35 - 2013-01-26 10:25 - 00000000 ____D C:\Users\Charlotte\Documents\Outlook Files

2013-01-12 10:57 - 2012-12-06 21:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-12 10:57 - 2012-12-06 21:35 - 02745856 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-12 10:57 - 2012-12-06 21:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-01-12 10:57 - 2012-12-06 20:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-01-12 10:57 - 2012-12-06 19:45 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-01-12 10:56 - 2012-11-29 21:50 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-01-12 10:56 - 2012-11-29 21:50 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-01-12 10:56 - 2012-11-29 21:50 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-01-12 10:56 - 2012-11-29 21:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-12 10:56 - 2012-11-29 21:46 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-01-12 10:56 - 2012-11-29 21:43 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-12 10:56 - 2012-11-29 21:43 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:06 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-01-12 10:56 - 2012-11-29 21:06 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-01-12 10:56 - 2012-11-29 21:06 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 19:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-12 10:56 - 2012-11-29 18:56 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-01-12 10:56 - 2012-11-29 18:56 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-01-12 10:56 - 2012-11-29 18:56 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-01-12 10:56 - 2012-11-29 18:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-01-12 10:56 - 2012-11-29 18:51 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 18:51 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 18:51 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 18:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 15:21 - 00420032 ____A C:\Windows\SysWOW64\locale.nls

2013-01-12 10:56 - 2012-11-29 15:19 - 00420032 ____A C:\Windows\System32\locale.nls

2013-01-12 10:56 - 2012-11-22 19:45 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-12 10:56 - 2012-11-22 02:32 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-12 10:56 - 2012-11-22 01:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-01-12 10:56 - 2012-11-19 21:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-12 10:56 - 2012-11-19 21:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-12 10:56 - 2012-11-08 21:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-12 10:56 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-12 10:56 - 2012-11-01 21:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-12 10:56 - 2012-11-01 21:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-12 10:56 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-12 10:56 - 2012-11-01 20:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-07 04:49 - 2013-01-10 08:05 - 00000000 ____D C:\Users\Charlotte\Desktop\Snow

==================== One Month Modified Files and Folders =======

2013-01-26 20:27 - 2013-01-26 20:27 - 00000000 ____D C:\FRST

2013-01-26 12:01 - 2013-01-26 10:25 - 00000004 ____A C:\Users\Charlotte\AppData\Roaming\skype.ini

2013-01-26 12:01 - 2010-09-16 00:46 - 01605984 ____A C:\Windows\WindowsUpdate.log

2013-01-26 11:58 - 2013-01-22 14:39 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2013-01-26 11:58 - 2012-01-26 04:06 - 00000000 ____D C:\Users\Charlotte\AppData\Roaming\Dropbox

2013-01-26 11:58 - 2011-01-27 08:38 - 00000300 ___AH C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

2013-01-26 11:58 - 2011-01-27 08:38 - 00000300 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

2013-01-26 11:58 - 2011-01-27 08:38 - 00000254 ___AH C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

2013-01-26 11:58 - 2011-01-22 10:56 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-26 11:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-26 11:58 - 2009-07-13 20:51 - 00130921 ____A C:\Windows\setupact.log

2013-01-26 11:36 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-26 11:36 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-26 11:29 - 2012-06-20 00:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-01-26 11:29 - 2012-01-26 04:08 - 00000000 ___RD C:\Users\Charlotte\Dropbox

2013-01-26 11:29 - 2011-03-10 07:10 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000UA.job

2013-01-26 10:33 - 2010-12-17 05:03 - 00000000 ____D C:\Users\All Users\MFAData

2013-01-26 10:28 - 2011-01-22 10:56 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-26 10:26 - 2011-10-01 02:01 - 00000332 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job

2013-01-26 10:25 - 2013-01-14 04:35 - 00000000 ____D C:\Users\Charlotte\Documents\Outlook Files

2013-01-26 08:35 - 2012-11-17 10:06 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForCharlotte.job

2013-01-26 08:10 - 2011-10-08 03:07 - 00000942 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000UA.job

2013-01-26 06:09 - 2011-03-10 07:10 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000Core.job

2013-01-25 15:09 - 2011-10-08 03:07 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000Core.job

2013-01-25 10:39 - 2013-01-25 03:33 - 00075776 ___AH C:\Users\Charlotte\AppData\Roaming\rbqt450.DLL

2013-01-25 10:39 - 2013-01-25 03:33 - 00064512 ___AH C:\Users\Charlotte\AppData\Roaming\rbap450.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00054272 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQTImporterPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00053760 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPicturePlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00052224 ___AH C:\Users\Charlotte\AppData\Roaming\EHZComp.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00051712 ___AH C:\Users\Charlotte\AppData\Roaming\MBSWinPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00049664 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQuickTimePlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00048128 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00041984 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMainPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00041472 ___AH C:\Users\Charlotte\AppData\Roaming\RBShell400.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00037376 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPictureMacPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistryPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSFolderitemsCreatePlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00033280 ___AH C:\Users\Charlotte\AppData\Roaming\MBSEncryptPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSProcessPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSIconPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRectPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMemoryPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00028672 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMacOSXPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00026624 ___AH C:\Users\Charlotte\AppData\Roaming\MBSUsernamePlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResStreamPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistrationPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00025088 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPluginVersionPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00019968 ___AH C:\Users\Charlotte\AppData\Roaming\EHMD5.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00018432 ___AH C:\Users\Charlotte\AppData\Roaming\EHEncrypt.dll

2013-01-25 00:59 - 2011-03-10 07:11 - 00002384 ____A C:\Users\Charlotte\Desktop\Google Chrome.lnk

2013-01-24 12:40 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-24 00:59 - 2012-01-26 04:08 - 00001033 ____A C:\Users\Charlotte\Desktop\Dropbox.lnk

2013-01-24 00:58 - 2013-01-23 14:51 - 00000000 ____D C:\Program Files (x86)\VaudiX

2013-01-24 00:58 - 2013-01-23 14:50 - 00000000 ____D C:\Program Files (x86)\WebSearch

2013-01-24 00:58 - 2010-09-16 00:49 - 00277838 ____A C:\Windows\PFRO.log

2013-01-23 15:18 - 2013-01-23 14:51 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-01-23 15:10 - 2011-01-03 05:07 - 00000000 ____D C:\Users\Charlotte\Documents\Uni Work

2013-01-23 14:55 - 2013-01-23 14:50 - 00000000 ____D C:\Users\All Users\Vaudix

2013-01-23 14:55 - 2012-07-07 08:06 - 00000000 ____D C:\Users\All Users\InstallMate

2013-01-23 14:54 - 2013-01-23 14:50 - 00000000 ____D C:\Users\All Users\Search-NewTab

2013-01-23 14:51 - 2013-01-23 14:51 - 00000000 ____D C:\Users\All Users\CLSoft LTD

2013-01-22 14:44 - 2011-01-22 10:56 - 00000000 ____D C:\Users\Charlotte\AppData\Local\Google

2013-01-22 14:39 - 2012-10-08 16:21 - 00037720 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-01-22 14:39 - 2012-10-08 16:21 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-01-22 01:10 - 2012-05-11 02:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-18 15:20 - 2013-01-18 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-01-14 05:21 - 2012-10-08 10:22 - 00000000 ____D C:\Users\Charlotte\AppData\Local\Avg2013

2013-01-14 00:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-01-13 04:37 - 2009-07-13 20:45 - 00425312 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-12 13:44 - 2010-12-29 03:48 - 00000000 ____D C:\Users\All Users\Microsoft Help

2013-01-12 12:29 - 2012-06-20 00:39 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-01-12 12:29 - 2011-07-02 14:36 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-01-12 10:51 - 2012-10-08 16:21 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-01-10 08:05 - 2013-01-07 04:49 - 00000000 ____D C:\Users\Charlotte\Desktop\Snow

2013-01-04 10:51 - 2013-01-15 02:13 - 09376256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-01-04 10:11 - 2013-01-15 02:13 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-01-04 03:41 - 2011-06-30 12:29 - 00000000 ____D C:\Users\Charlotte\AppData\Local\CutePDF Writer

2012-12-27 08:35 - 2010-12-17 04:38 - 00000000 ____D C:\users\Charlotte

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-11 23:58] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-15 19:00:44

==================== Memory info ===========================

Percentage of memory in use: 22%

Total physical RAM: 2933.86 MB

Available physical RAM: 2265.85 MB

Total Pagefile: 2932.01 MB

Available Pagefile: 2267.75 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:278.74 GB) (Free:159.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:19.05 GB) (Free:2.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

5 Drive h: (KINGSTON) (Removable) (Total:14.89 GB) (Free:8.74 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Disk ID: E5539939

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 278 GB 200 MB

Partition 3 Primary 19 GB 278 GB

Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 278 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 19 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H KINGSTON FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2013-01-14 00:42

==================== End Of Log =============================

Link to post
Share on other sites

Well I accidently downloaded something called Vaudix that I didn't mean to on the 23rd January, I have no idea why I did because I never usually download things unless I am certain they are safe. I looked it up once downloaded (which I should have done beforehand...) and realised it contained viruses so immediately tried to delete all of it off my computer and ran several virus scans, one of which found a trojan horse which was quarantined. By the looks of the copied and pasted stuff in my last post though, its not deleted from my computer. It was earlier today however when my computer locked me out and started showing the white screen or message so I am unsure whether that is from 3 days ago or something else?

Link to post
Share on other sites

I don't see any malware in that log but i do see Vaudix

We can restore the computer back to 2013-01-14 00:42 and hopefully it boot up normally.

-------------------------------------------------

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites

This is the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2013 02

Ran by SYSTEM at 2013-01-26 21:52:05 Run:1

Running from H:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

I have restarted the computer now but unfortunately it is still showing a white screen???

Link to post
Share on other sites

Yep, this is it:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02

Ran by SYSTEM at 26-01-2013 22:00:01

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [21705296 2010-10-25] ()

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-16] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-06-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1101488 2013-01-22] ()

HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-10-08] ()

HKU\Charlotte\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-22] (Google Inc.)

HKU\Charlotte\...\Policies\system: [DisableLockWorkstation] 0

HKU\Charlotte\...\Policies\system: [DisableChangePassword] 0

HKU\Charlotte\...\Winlogon: [shell] explorer.exe,C:\Users\Charlotte\AppData\Roaming\skype.dat [43008 2011-11-16] ()

HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

Tcpip\Parameters: [DhcpNameServer] 129.234.4.13 129.234.4.9

Startup: C:\Users\Charlotte\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)

0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)

0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [37720 2013-01-22] (AVG Technologies)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-26 20:27 - 2013-01-26 20:27 - 00000000 ____D C:\FRST

2013-01-26 10:25 - 2013-01-26 13:56 - 00000004 ____A C:\Users\Charlotte\AppData\Roaming\skype.ini

2013-01-25 03:33 - 2013-01-25 10:39 - 00075776 ___AH C:\Users\Charlotte\AppData\Roaming\rbqt450.DLL

2013-01-25 03:33 - 2013-01-25 10:39 - 00064512 ___AH C:\Users\Charlotte\AppData\Roaming\rbap450.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00054272 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQTImporterPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00053760 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPicturePlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00052224 ___AH C:\Users\Charlotte\AppData\Roaming\EHZComp.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00051712 ___AH C:\Users\Charlotte\AppData\Roaming\MBSWinPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00049664 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQuickTimePlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00048128 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00041984 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMainPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00041472 ___AH C:\Users\Charlotte\AppData\Roaming\RBShell400.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00037376 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPictureMacPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistryPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSFolderitemsCreatePlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00033280 ___AH C:\Users\Charlotte\AppData\Roaming\MBSEncryptPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSProcessPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSIconPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRectPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMemoryPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00028672 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMacOSXPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00026624 ___AH C:\Users\Charlotte\AppData\Roaming\MBSUsernamePlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResStreamPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistrationPlugin1636.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00025088 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPluginVersionPlugin1635.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00019968 ___AH C:\Users\Charlotte\AppData\Roaming\EHMD5.dll

2013-01-25 03:33 - 2013-01-25 10:39 - 00018432 ___AH C:\Users\Charlotte\AppData\Roaming\EHEncrypt.dll

2013-01-23 14:51 - 2013-01-24 00:58 - 00000000 ____D C:\Program Files (x86)\VaudiX

2013-01-23 14:51 - 2013-01-23 15:18 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-01-23 14:51 - 2013-01-23 14:51 - 00000000 ____D C:\Users\All Users\CLSoft LTD

2013-01-23 14:50 - 2013-01-24 00:58 - 00000000 ____D C:\Program Files (x86)\WebSearch

2013-01-23 14:50 - 2013-01-23 14:55 - 00000000 ____D C:\Users\All Users\Vaudix

2013-01-23 14:50 - 2013-01-23 14:54 - 00000000 ____D C:\Users\All Users\Search-NewTab

2013-01-22 14:39 - 2013-01-26 11:58 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2013-01-18 15:20 - 2013-01-18 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-01-15 02:13 - 2013-01-04 10:51 - 09376256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-01-15 02:13 - 2013-01-04 10:11 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-01-14 04:35 - 2013-01-26 10:25 - 00000000 ____D C:\Users\Charlotte\Documents\Outlook Files

2013-01-12 10:57 - 2012-12-06 21:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-12 10:57 - 2012-12-06 21:35 - 02745856 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-12 10:57 - 2012-12-06 21:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-01-12 10:57 - 2012-12-06 20:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-01-12 10:57 - 2012-12-06 19:45 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-12 10:57 - 2012-12-06 19:45 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-01-12 10:57 - 2012-12-06 19:21 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-01-12 10:56 - 2012-11-29 21:50 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-01-12 10:56 - 2012-11-29 21:50 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-01-12 10:56 - 2012-11-29 21:50 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-01-12 10:56 - 2012-11-29 21:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-12 10:56 - 2012-11-29 21:46 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-01-12 10:56 - 2012-11-29 21:43 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-12 10:56 - 2012-11-29 21:43 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 21:06 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-01-12 10:56 - 2012-11-29 21:06 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-01-12 10:56 - 2012-11-29 21:06 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 19:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-12 10:56 - 2012-11-29 18:56 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-01-12 10:56 - 2012-11-29 18:56 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-01-12 10:56 - 2012-11-29 18:56 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-01-12 10:56 - 2012-11-29 18:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-01-12 10:56 - 2012-11-29 18:51 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 18:51 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 18:51 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 18:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-01-12 10:56 - 2012-11-29 15:21 - 00420032 ____A C:\Windows\SysWOW64\locale.nls

2013-01-12 10:56 - 2012-11-29 15:19 - 00420032 ____A C:\Windows\System32\locale.nls

2013-01-12 10:56 - 2012-11-22 19:45 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-12 10:56 - 2012-11-22 02:32 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-12 10:56 - 2012-11-22 01:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-01-12 10:56 - 2012-11-19 21:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-12 10:56 - 2012-11-19 21:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-12 10:56 - 2012-11-08 21:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-12 10:56 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-12 10:56 - 2012-11-01 21:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-12 10:56 - 2012-11-01 21:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-12 10:56 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-12 10:56 - 2012-11-01 20:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-07 04:49 - 2013-01-10 08:05 - 00000000 ____D C:\Users\Charlotte\Desktop\Snow

==================== One Month Modified Files and Folders =======

2013-01-26 21:52 - 2013-01-26 21:52 - 00000000 ____D C:\Windows\System32\config\HiveBackup

2013-01-26 20:27 - 2013-01-26 20:27 - 00000000 ____D C:\FRST

2013-01-26 13:56 - 2013-01-26 10:25 - 00000004 ____A C:\Users\Charlotte\AppData\Roaming\skype.ini

2013-01-26 13:56 - 2010-09-16 00:46 - 01608017 ____A C:\Windows\WindowsUpdate.log

2013-01-26 13:56 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-26 13:56 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-26 13:54 - 2011-01-27 08:38 - 00000300 ___AH C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

2013-01-26 13:54 - 2011-01-27 08:38 - 00000300 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

2013-01-26 13:53 - 2011-01-27 08:38 - 00000254 ___AH C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

2013-01-26 13:53 - 2011-01-22 10:56 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-26 13:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-26 13:53 - 2009-07-13 20:51 - 00130977 ____A C:\Windows\setupact.log

2013-01-26 11:58 - 2013-01-22 14:39 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2013-01-26 11:58 - 2012-01-26 04:06 - 00000000 ____D C:\Users\Charlotte\AppData\Roaming\Dropbox

2013-01-26 11:29 - 2012-06-20 00:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-01-26 11:29 - 2012-01-26 04:08 - 00000000 ___RD C:\Users\Charlotte\Dropbox

2013-01-26 11:29 - 2011-03-10 07:10 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000UA.job

2013-01-26 10:33 - 2010-12-17 05:03 - 00000000 ____D C:\Users\All Users\MFAData

2013-01-26 10:28 - 2011-01-22 10:56 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-26 10:26 - 2011-10-01 02:01 - 00000332 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job

2013-01-26 10:25 - 2013-01-14 04:35 - 00000000 ____D C:\Users\Charlotte\Documents\Outlook Files

2013-01-26 08:35 - 2012-11-17 10:06 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForCharlotte.job

2013-01-26 08:10 - 2011-10-08 03:07 - 00000942 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000UA.job

2013-01-26 06:09 - 2011-03-10 07:10 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000Core.job

2013-01-25 15:09 - 2011-10-08 03:07 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-37709631-230621832-1740521991-1000Core.job

2013-01-25 10:39 - 2013-01-25 03:33 - 00075776 ___AH C:\Users\Charlotte\AppData\Roaming\rbqt450.DLL

2013-01-25 10:39 - 2013-01-25 03:33 - 00064512 ___AH C:\Users\Charlotte\AppData\Roaming\rbap450.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00054272 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQTImporterPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00053760 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPicturePlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00052224 ___AH C:\Users\Charlotte\AppData\Roaming\EHZComp.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00051712 ___AH C:\Users\Charlotte\AppData\Roaming\MBSWinPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00049664 ___AH C:\Users\Charlotte\AppData\Roaming\MBSQuickTimePlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00048128 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00041984 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMainPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00041472 ___AH C:\Users\Charlotte\AppData\Roaming\RBShell400.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00037376 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPictureMacPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistryPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00036352 ___AH C:\Users\Charlotte\AppData\Roaming\MBSFolderitemsCreatePlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00033280 ___AH C:\Users\Charlotte\AppData\Roaming\MBSEncryptPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSProcessPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00032256 ___AH C:\Users\Charlotte\AppData\Roaming\MBSIconPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRectPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00029184 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMemoryPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00028672 ___AH C:\Users\Charlotte\AppData\Roaming\MBSMacOSXPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00026624 ___AH C:\Users\Charlotte\AppData\Roaming\MBSUsernamePlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSResStreamPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00026112 ___AH C:\Users\Charlotte\AppData\Roaming\MBSRegistrationPlugin1636.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00025088 ___AH C:\Users\Charlotte\AppData\Roaming\MBSPluginVersionPlugin1635.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00019968 ___AH C:\Users\Charlotte\AppData\Roaming\EHMD5.dll

2013-01-25 10:39 - 2013-01-25 03:33 - 00018432 ___AH C:\Users\Charlotte\AppData\Roaming\EHEncrypt.dll

2013-01-25 00:59 - 2011-03-10 07:11 - 00002384 ____A C:\Users\Charlotte\Desktop\Google Chrome.lnk

2013-01-24 12:40 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-24 00:59 - 2012-01-26 04:08 - 00001033 ____A C:\Users\Charlotte\Desktop\Dropbox.lnk

2013-01-24 00:58 - 2013-01-23 14:51 - 00000000 ____D C:\Program Files (x86)\VaudiX

2013-01-24 00:58 - 2013-01-23 14:50 - 00000000 ____D C:\Program Files (x86)\WebSearch

2013-01-24 00:58 - 2010-09-16 00:49 - 00277838 ____A C:\Windows\PFRO.log

2013-01-23 15:18 - 2013-01-23 14:51 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-01-23 15:10 - 2011-01-03 05:07 - 00000000 ____D C:\Users\Charlotte\Documents\Uni Work

2013-01-23 14:55 - 2013-01-23 14:50 - 00000000 ____D C:\Users\All Users\Vaudix

2013-01-23 14:55 - 2012-07-07 08:06 - 00000000 ____D C:\Users\All Users\InstallMate

2013-01-23 14:54 - 2013-01-23 14:50 - 00000000 ____D C:\Users\All Users\Search-NewTab

2013-01-23 14:51 - 2013-01-23 14:51 - 00000000 ____D C:\Users\All Users\CLSoft LTD

2013-01-22 14:44 - 2011-01-22 10:56 - 00000000 ____D C:\Users\Charlotte\AppData\Local\Google

2013-01-22 14:39 - 2012-10-08 16:21 - 00037720 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-01-22 14:39 - 2012-10-08 16:21 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-01-22 01:10 - 2012-05-11 02:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-18 15:20 - 2013-01-18 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-01-14 05:21 - 2012-10-08 10:22 - 00000000 ____D C:\Users\Charlotte\AppData\Local\Avg2013

2013-01-14 00:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-01-13 04:37 - 2009-07-13 20:45 - 00425312 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-12 13:44 - 2010-12-29 03:48 - 00000000 ____D C:\Users\All Users\Microsoft Help

2013-01-12 12:29 - 2012-06-20 00:39 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-01-12 12:29 - 2011-07-02 14:36 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-01-12 10:51 - 2012-10-08 16:21 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-01-10 08:05 - 2013-01-07 04:49 - 00000000 ____D C:\Users\Charlotte\Desktop\Snow

2013-01-04 10:51 - 2013-01-15 02:13 - 09376256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-01-04 10:11 - 2013-01-15 02:13 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-01-04 03:41 - 2011-06-30 12:29 - 00000000 ____D C:\Users\Charlotte\AppData\Local\CutePDF Writer

2012-12-27 08:35 - 2010-12-17 04:38 - 00000000 ____D C:\users\Charlotte

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-11 23:58] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-15 19:00:44

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 2933.86 MB

Available physical RAM: 2254.25 MB

Total Pagefile: 2932.01 MB

Available Pagefile: 2243.17 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:278.74 GB) (Free:159.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:19.05 GB) (Free:2.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

5 Drive h: (KINGSTON) (Removable) (Total:14.89 GB) (Free:8.74 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Disk ID: E5539939

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 278 GB 200 MB

Partition 3 Primary 19 GB 278 GB

Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 278 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 19 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H KINGSTON FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2013-01-14 00:42

==================== End Of Log =============================

Link to post
Share on other sites

Same as before.............

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites

This is the new Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2013 02

Ran by SYSTEM at 2013-01-26 22:23:13 Run:2

Running from H:\

==============================================

HKEY_USERS\Charlotte\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation Value deleted successfully.

HKEY_USERS\Charlotte\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword Value deleted successfully.

HKEY_USERS\Charlotte\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.

C:\Users\Charlotte\AppData\Roaming\skype.ini moved successfully.

C:\Users\Charlotte\AppData\Roaming\skype.dat moved successfully.

==== End of Fixlog ====

And on restart my computer has booted normally! Does this mean I have my laptop back to normal and no longer infected????

Link to post
Share on other sites

OK, when you get back, please update Malwarebytes and run a FULL scan.

Post back the log,

Then............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Okay, these are the results for the Malwarebytes full scan:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.26.11

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Charlotte :: CHARLOTTE-HP [administrator]

Protection: Enabled

26/01/2013 23:10:33

MBAM-log-2013-01-27 (00-34-39).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 455805

Time elapsed: 1 hour(s), 23 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\ProgramData\wxDfast (PUP.wxDfast) -> No action taken.

Files Detected: 14

C:\$Recycle.Bin\S-1-5-21-37709631-230621832-1740521991-1000\$RDBHNMK.exe (PUP.Bundleware) -> No action taken.

C:\ProgramData\OptimizerPro\ix_updater.exe (Trojan.Dropper.H) -> No action taken.

C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> No action taken.

C:\ProgramData\WxDFastUpdater\ix_updater.exe (Trojan.Dropper.H) -> No action taken.

C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JIE2ZI4\51006eaa61085[1].exe (Adware.Dropper) -> No action taken.

C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDWEFS5Z\51006ed380f46[1].exe (Adware.Dropper) -> No action taken.

C:\Users\Charlotte\AppData\Local\Temp\{6C406023-C1AA-1BD6-2D2F-C597686C915E}\Addons\wxdownload_extension.exe (Adware.Dropper) -> No action taken.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.

C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.

C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> No action taken.

C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\elgbnihflfpebohmpjnlpiaekkndndmg.crx (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> No action taken.

(end)

Should I delete the threats this scan found?

Link to post
Share on other sites

It seemed to make sense to delete the ones it had selected so this is the final log of the full scan:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.26.11

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Charlotte :: CHARLOTTE-HP [administrator]

Protection: Enabled

26/01/2013 23:10:33

mbam-log-2013-01-26 (23-10-33).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 455805

Time elapsed: 1 hour(s), 23 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\ProgramData\wxDfast (PUP.wxDfast) -> No action taken.

Files Detected: 14

C:\$Recycle.Bin\S-1-5-21-37709631-230621832-1740521991-1000\$RDBHNMK.exe (PUP.Bundleware) -> No action taken.

C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> No action taken.

C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\elgbnihflfpebohmpjnlpiaekkndndmg.crx (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> No action taken.

C:\ProgramData\OptimizerPro\ix_updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.

C:\ProgramData\WxDFastUpdater\ix_updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.

C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JIE2ZI4\51006eaa61085[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDWEFS5Z\51006ed380f46[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

C:\Users\Charlotte\AppData\Local\Temp\{6C406023-C1AA-1BD6-2D2F-C597686C915E}\Addons\wxdownload_extension.exe (Adware.Dropper) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

And this is the report from RogueKiller:

RogueKiller V8.4.3 [Jan 26 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Charlotte [Admin rights]

Mode : Scan -- Date : 01/27/2013 00:55:03

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\tiger adoption.SCR) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320HJ +++++

--- User ---

[MBR] 74d95565d2d8302221d7d4203051e433

[bSP] 72c867ad11c717b7c17de69ba07ea0cb : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 285433 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 584976384 | Size: 19508 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01272013_02d0055.txt >>

RKreport[1]_S_01272013_02d0055.txt

Link to post
Share on other sites

These were missed:

C:\$Recycle.Bin\S-1-5-21-37709631-230621832-1740521991-1000\$RDBHNMK.exe (PUP.Bundleware) -> No action taken.

C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> No action taken.

C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\elgbnihflfpebohmpjnlpiaekkndndmg.crx (PUP.wxDfast) -> No action taken.

C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> No action taken.

Open up Malwarebytes > Settings > Scanner Settings > Action for Potentially Unwanted Programs > set it to > Show Results and Check for Removal.

Then rescan th e system so those are removed.

---------------------------

Then..........

Lets check the system for any adware:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Okay, this is the re-run of malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.26.11

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Charlotte :: CHARLOTTE-HP [administrator]

Protection: Enabled

27/01/2013 01:24:13

mbam-log-2013-01-27 (01-24-13).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 445440

Time elapsed: 1 hour(s), 7 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\ProgramData\wxDfast (PUP.wxDfast) -> Quarantined and deleted successfully.

Files Detected: 6

C:\$Recycle.Bin\S-1-5-21-37709631-230621832-1740521991-1000\$RDBHNMK.exe (PUP.Bundleware) -> Quarantined and deleted successfully.

C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.

C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Quarantined and deleted successfully.

C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.

C:\ProgramData\wxDfast\elgbnihflfpebohmpjnlpiaekkndndmg.crx (PUP.wxDfast) -> Quarantined and deleted successfully.

C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Quarantined and deleted successfully.

(end)

And I shall do the adware in a minute.

Link to post
Share on other sites

This is the log file for AdwCleaner:

# AdwCleaner v2.108 - Logfile created 01/27/2013 at 02:40:21

# Updated 24/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Charlotte - CHARLOTTE-HP

# Boot Mode : Normal

# Running from : C:\Users\Charlotte\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

File Found : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\afe1g3gx.default\searchplugins\WebSearch.xml

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\AVG Security Toolbar

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\Users\CHARLO~1\AppData\Local\Temp\avg@toolbar

Folder Found : C:\Users\CHARLO~1\AppData\Local\Temp\BabylonToolbar

Folder Found : C:\Users\Charlotte\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Charlotte\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Charlotte\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Charlotte\AppData\LocalLow\AVG Security Toolbar

Folder Found : C:\Users\Charlotte\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Charlotte\AppData\Roaming\Babylon

Folder Found : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\afe1g3gx.default\extensions\toolbar@ask.com

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Found : HKCU\Software\AppDataLow\SProtector

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\AVG Security Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKU\S-1-5-21-37709631-230621832-1740521991-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-37709631-230621832-1740521991-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-37709631-230621832-1740521991-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17153

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=112477&tt=010712_1&babsrc=nt_ss&mntrid=4a472803000000000000e02a821110b5

-\\ Mozilla Firefox v18.0 (en-GB)

File : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\afe1g3gx.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);

Found : user_pref("aol_toolbar.default.search.check", false);

Found : user_pref("browser.babylon.HPOnNewTab", "hxxp://www.google.com/search?q=");

Found : user_pref("extensions.51006eaa497a4.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=112477&tt=010712_1");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 8);

Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Found : user_pref("extensions.BabylonToolbar.hmpg", false);

Found : user_pref("extensions.BabylonToolbar.id", "4a472803000000000000e02a821110b5");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15528");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.lastDP", 8);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:10:21");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");

Found : user_pref("extensions.BabylonToolbar.newTab", true);

Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 80295395);

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:10:21");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477&tt=010712_1");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "4a472803000000000000e02a821110b5");

Found : user_pref("extensions.BabylonToolbar_i.id", "4a472803000000000000e02a821110b5");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15528");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:10:21");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");

Found : user_pref("extensions.asktb.abar-war-timeout", "4000");

Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

Found : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

Found : user_pref("extensions.asktb.cbid", "AB");

Found : user_pref("extensions.asktb.config-updated", true);

Found : user_pref("extensions.asktb.crumb", "2011.06.30+13.25.17-toolbar010iad-GB-QmlybWluZ2hhbSxVbml0ZWQgS2[...]

Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]

Found : user_pref("extensions.asktb.dtid", "YYYYYYSJGB");

Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0085");

Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

Found : user_pref("extensions.asktb.fresh-install", false);

Found : user_pref("extensions.asktb.guid", "5a21fe9e-96e6-4880-b5f9-5c42b21a9615");

Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Found : user_pref("extensions.asktb.if", "first");

Found : user_pref("extensions.asktb.l", "dis");

Found : user_pref("extensions.asktb.last-config-req", "1359246934997");

Found : user_pref("extensions.asktb.last-search-timestamp", "1358896540316");

Found : user_pref("extensions.asktb.last-v", "3.12.2.100006");

Found : user_pref("extensions.asktb.locale", "en_UK");

Found : user_pref("extensions.asktb.location", "Birmingham,United Kingdom");

Found : user_pref("extensions.asktb.new-tab-enabled", true);

Found : user_pref("extensions.asktb.o", "15080");

Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Found : user_pref("extensions.asktb.qsrc", "2871");

Found : user_pref("extensions.asktb.r", "10");

Found : user_pref("extensions.asktb.sa", "NO");

Found : user_pref("extensions.asktb.search-history-queries", "national 12||chocolate cornflake cakes||l'orto[...]

Found : user_pref("extensions.asktb.search-suggestions-enabled", true);

Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Found : user_pref("extensions.asktb.socialmini-first", true);

Found : user_pref("extensions.asktb.socialmini-interval", "1200000");

Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Found : user_pref("extensions.asktb.socialmini-max-items", "30");

Found : user_pref("extensions.asktb.socialmini-native-on", true);

Found : user_pref("extensions.asktb.socialmini-speed", "5000");

Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);

Found : user_pref("extensions.asktb.themeid", "");

Found : user_pref("extensions.asktb.to", "");

Found : user_pref("extensions.asktb.v", "3.12.2.100010");

Found : user_pref("extensions.asktb.version", "5.12.2.16749");

Found : user_pref("extensions.enabledAddons", "en-GB%40dictionaries.addons.mozilla.org:1.19.1,personas%40chr[...]

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.4047] : homepage = "hxxp://websearch.good-results.info/",

*************************

AdwCleaner[R1].txt - [17937 octets] - [27/01/2013 02:40:21]

########## EOF - C:\AdwCleaner[R1].txt - [17998 octets] ##########

I'm not that bothered about keeping any of these, in fact there are things in this list I have been wanting to get rid of for sometime but haven't known how. The only things I am wondering about are those associated with AVG though which is my antivirus software?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.